Chen Guojin,LIANG Jun,QIAN Jixin

DOI: https://doi.org/10.3321/j.issn:0438-1157.2005.06.016

2005-01-01

Abstract:Process monitoring based on multivariate statistical projection analysis (MSPA) has successfully been applied to chemical processes. However, measured data are often dealt with as stationary information in industrial processes, which is not a case in fact. In this study, a new process monitoring method based on blind signal extraction and k-nearest classifier is presented, which dose not demand stationary measured data.In order to verify the effectiveness and feasibility of this method, the new process monitoring method was applied to a simple AR(1) process and a double-effect evaporator. The simulation results showed that the process monitoring method presented in this paper had fewer false alarms and missing alarms than that based on independent component analysis (ICA) and fewer false alarms than that based on multivariate statistical process control (MSPC).Therefore, the process monitoring method presented in this paper is more effective and better than conventional process monitoring methods.

Sha‐Yuan Zhou,Shu‐Qing Wang

DOI: https://doi.org/10.1002/apj.5500130322

2005-01-01

Developments in Chemical Engineering and Mineral Processing

Abstract:AbstractFor many on‐line fault diagnosis schemes based on process data, a moving time window is an indispensable technique to track dynamic data. In this paper, a novel approach combining variable moving window and hidden Markov model (HMM) for on‐line identification of abnormal operating conditions is proposed. The main feature of this method is that the window length can be changed with time. Before fault diagnosis, some process measurements are used for fault alarm. As a tool for feature extraction, principal component analysis (PCA) is employed in order to reduce the large number of correlated variables. The effectiveness of the approach is illustrated by case studies from the Tennessee Eastman process.

Bin Cao,Jianwin Yin,Ying Li,ShuiGuang Deng

DOI: https://doi.org/10.1109/icws.2013.50

2013-01-01

Abstract:Process retrieval is critical for workflow repository management. Structural similarity metric based on graph matching could achieve highest retrieval quality. Nowadays, researchers mainly adopt graph edit distance (GED) as the approach for comparing process models. However, the computation complexity of GED based methods are high and their cost functions depend heavily on the application domain. To overcome these shortcomings, we use the maximal common subgraph (MCS) approach instead and propose a depth-first search (DFS) code based method to implement the MCS. The minimum DFS codes are used to canonically label the process models and their fragments. By comparing the minimum DFS codes of the fragments, the maximal common subgraphs between the search model (i.e., a given process model or fragment) and the processes in the repository could be found. The experimental evaluations show that our method is feasible for real applications.

陈国金,梁军,钱积新

DOI: https://doi.org/10.3321/j.issn:0438-1157.2004.11.019

2004-01-01

Abstract:A chemical process has usually a larger number of measured variables which are often driven by fewer unmeasurable latent variables (or sources).Extracting such latent variables and monitoring them will improve the process-monitoring performance.However, lots of existing process monitoring methods are based on the assumption that measured variables are subjected to independent and identical distribution (iid), which is not always valid in a chemical process.In this paper, an extended multivariate statistical control method based on independent component analysis with temporal structure is proposed to overcome the limitation of the assumption of iid.For investigating the application of this method to a continuous-stirred-tank-reactor process (CSTR),fault-detection performance was evaluated and compared with that of the conventional independent component analysis (CICA).The simulated results demonstrated the advantages (e.g. decreasing the number of false alarm and missed alarm) of ICA with temporal structure over the CICA approach under the assumption of iid, which is still widely used.

Xiao-can ZHAO,Ju REN,Yang XU,Guo-jun WANG

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2017.12.023

2017-01-01

Abstract:In recent years ,the stealth of malware is getting stronger and stronger .In this paper ,a SMM-based Hidden process Detection model (SHPD) is proposed .SHPD can effectively detect the stealthy process in system while ensuring its own transparency .SHPD consists of two parts :the client and the monitor .The client ,which implemented in BIOS ,uses both internal and external semantic information to establish multiple views of processes in OS and sends those process views to the monitor .The monitor identifies the stealthy process by comparing the differences between the views .In the paper ,we build a prototype system under the support of the SHPD theory , and conduct functional testing and analysis .The experimental results verify the feasibility of SHPD .

Chaoyuan Cui,Yun Wu,Ping Li,Rujing Wang

DOI: https://doi.org/10.2991/ccis-13.2013.59

2013-01-01

Abstract:With the development of the Cloud computing, more and more people are accustomed to resource sharing or online shopping. And malware has become a major threat to the Cloud safety. Process hiding is a powerful technique commonly used by stealthy malware to evade detection by anti-malware. In this paper, we present a novel approach called VMPmonitor-an efficient modularity approach for hidden process detection. With the help of the guest OS register information (mainly the ESP) collected by virtual machine monitor, VMPmonitor can implicitly capture the hidden process information of target guest OS. Compared to other approaches, VMPmonitor obtains guest process information implicitly. Using implicit information reduces its susceptibility to guest evasion attack. Experimental result shows that VMPmonitor has better reliability and accuracy.

Xiao Fu,Xiaojiang Du,Bin Luo,Jin Shi,Zhitao Guan,Yuhua Wang

DOI: https://doi.org/10.1109/infcomw.2015.7179370

2015-01-01

Abstract:Nowadays in order to process and store many kinds of multimedia data, the storage capability of memory has grown greatly. Moreover the widespread use of mobile devices and cloud computing has made criminal investigators often face a lot of memory dumps. They have to deal with a large quantity of memory data and complex OS data structures which they have little knowledge of. How to analyze memory evidence automatically in order to find hidden criminal behavior and reconstruct the criminal scenario in an understandable way has become an important problem. Current memory analysis methods usually aim at recovering certain data structures. The illegal behavior identification and the event reconstruction are still completed manually by investigators. This paper presents a novel method to correlate processes for automatic memory evidence analysis. Through analyzing key OS data structures and utilizing a clustering algorithm, it can discover the relationships among processes. And by describing these relationships as correlation graphs, our method can display evidence in a high semantic level. Some experiments have proved that these correlation graphs can help investigators find hidden criminal behavior and reconstruct the criminal scenarios.

Zhiqiang Yan,Bo Sun,Yu Chen,Lijie Wen,Lei Hu,Jianmin Wang,Mingji Yang,Lu Wang

DOI: https://doi.org/10.1016/j.future.2019.03.048

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:The rapid growth of event data motivates the developing of decomposed and parallel process discovery, which solves process discovery from a large event log by decomposing the log into multiple small event logs, discovering process models from these small logs in parallel, and merging discovered process models. As such, process discovery from a large event log can be solved in less time. Currently, the passage and maximal decomposition based techniques are successful in the activity partition by decomposing causal graph structure derived from a large event log. In this paper, we propose a five-step framework, based on which we can build various decomposed and parallel process discovery techniques by simply combining and adapting existing techniques. Then, we propose a technique, RPSTHD, based on the framework using the refined process structure tree (RPST), heuristic miner, process mining using integer linear programming (ILP), etc. An experimental evaluation shows that our technique significantly outperforms the state-of-the-art decomposed discovery techniques in both efficiency and effectiveness.

Yuchen He,Le Zhou,Zhiqiang Ge,Zhihuan Song

DOI: https://doi.org/10.1002/cjce.23102

2018-01-01

Abstract:Industrial process status can be modified according to continuous operations, which are required by different production specifications. Commonly, in a multimode process, attention was always paid to stable modes, while transitions were neglected. In a transition process, the process may be externally time varying or nonstationary so that the identification and the modelling are intractable to implement using traditional statistical methods. In this article, a transition identification and process monitoring method is proposed to handle the above problems based on a novel dynamic mutual information similarity (DMIS) analysis. Firstly, a multimode process is represented by a series of overlapping moving windows to consider the local information. In order to extract the corresponding dynamic information, each of these windows is modelled using the dynamic partial least squares (DPLS) method. Then, the mutual information algorithm is introduced to calculate the similarity between different latent variables. The hierarchical clustering method is employed to transfer the similarity information into a visualized dendrogram where the whole process, including a transition, is divided into several segments. The statistical characteristics in each segment are relatively stable and can be characterized by conventional multivariate statistical process control methods. Online identification and fault detection are then carried out for the multimode process through a series of DPLS models, established in the offline steps. The feasibility and effectiveness of the proposed method are validated by the Tennessee Eastman (TE) benchmark and a real process. The results of the proposed methods have shown superior performance compared to previous works.

zhiqiang ge,zhihuan song

DOI: https://doi.org/10.3182/20080706-5-kr-1001.00434

2008-01-01

IFAC Proceedings Volumes

Abstract:Compared to large process faults, the latent and small ones are difficult to be detected. However, the accumulation of these faults may even more harmful to the process. A novel fault detection and diagnosis method is proposed which is based on similarity factor and a variable moving window. The new method is based on the idea that a change of process can be reflected in the distribution of the data, which can be detected more easily by the proposed similarity factor. Meanwhile, it has no Gaussian distribution limitation of the process data, since the mixed similarity factor is introduced. The independent component analysis (ICA) factor and the principal component analysis (PCA) factor are used for similarity comparison for Gaussian and non-Gaussian information, respectively. Besides, in order to determine the dynamic step accurately and cut the computation cost, the conventional dynamic method is modified by using autocorrelation analysis. A case study of Tennessee Eastman (TE) benchmark process shows the efficiency of the new proposed method.

Zhenyu Shan,Hao Yang,Xueqi Yang,Xiong Chen

DOI: https://doi.org/10.1109/icnsc55942.2022.10004179

2022-01-01

Abstract:Object detection technology has been widely used. Traditionally, it usually uses a single process. However, a single process model can no longer meet the needs. With the complexity of object detection application scenarios, the entire system is divided into sub-modules, and data transmission between sub-modules is efficient. The multi-process architecture is adopted, which increases the cohesion of software modules and reduces coupling. Moreover, we need to adopt an efficient process communication and synchronization method, process communication to solve data transmission, and process synchronization to solve the problem of read and write conflicts. This article has made an innovation that introduces the concept of the shared memory frame buffer that uses multiple processes for object detection. It uses shared memory technology and process synchronization technology to complete inter-process communication and synchronization. Different processes use shared memory for efficient data transmission and use mutual exclusion locks to complete inter-process synchronization and control message communication. The server process is responsible for loading images and some general image processing algorithms. The client process only needs to implement a specific object detection algorithm, mount the shared memory and perform object detection on the image, and then send the detection results to the server. On the one hand, this solution reduces the time complexity. It only needs the main process to load the image into the shared memory, and other processes jointly use it to improve execution efficiency. If it is a very large image such as a GB level, the effect is more significant. On the other hand, sub-modules perform different functions respectively, which reduces code coupling and improves cohesion.

Qilong Zhang,Yun Wu,Chaoyuan Cui

DOI: https://doi.org/10.1145/3199478.3199497

2018-01-01

Abstract:In most profiles, while memory forensics analysis has been used to detect and defend attacks successfully, there are still many attacks that we can't discover in time. Therefore, the live tracking of process memory has been an important research subject for a long time. For this reason, we propose a new method of tracking process memory called MRB-PTE (Marking Reserved Bit of Page Table Entry). It sets one of reserved bits of target process memory page table PTE to capture memory behavior of the target process, which enables us to track target process memory, and it's featured with real time, lightweight overhead and flexibility. The experiment shows that, the MRB-PTE can not only dynamically reflect the memory behavior of the target process, but also the performance overhead to target process is very small. When the amount of process memory page is 10, the performance overhead is the smallest, only 7.9% with consuming less system resources. Traditional memory forensics tools with MRB-PTE could improve the sensitivity of detecting attacks.

Kunpeng Yu,Chenxu Wang,Yan Cai,Xiapu Luo,Zijiang Yang

DOI: https://doi.org/10.1145/3468264.3468572

2021-01-01

Abstract:Memory vulnerabilities are the main causes of software security problems. However, detecting vulnerabilities in multi-threaded programs is challenging because many vulnerabilities occur under specific executions, and it is hard to explore all possible executions of a multi-threaded program. Existing approaches are either computationally intensive or likely to miss some vulnerabilities due to the complex thread interleaving. This paper introduces a novel approach to detect concurrency memory vulnerabilities based on partial orders of events. A partial order on a set of events represents the definite execution orders of events. It allows constructing feasible traces exposing specific vulnerabilities by exchanging the execution orders of vulnerability-potential events. It also reduces the search space of possible executions and thus improves computational efficiency. We propose new algorithms to extract vulnerability-potential event pairs for three kinds of memory vulnerabilities. We also design a novel algorithm to compute a potential event pair's feasible set, which contains the relevant events required by a feasible trace. Our method extends existing approaches for data race detection by considering that two events are protected by the same lock. We implement a prototype of our approach and conduct experiments to evaluate its performance. Experimental results show that our tool exhibits superiority over state-of-the-art algorithms in both effectiveness and efficiency.

Lijie Wen,Jianmin Wang,Jiaguang Sun

DOI: https://doi.org/10.1007/978-3-540-72524-4_38

2007-01-01

Abstract:Most existing process mining algorithms have problems in dealing with invisible tasks. In this paper, a new process mining algorithm named α # is proposed, which extends the mining capacity of the classical α algorithm by supporting the detection of invisible tasks from event logs. Invisible tasks are first divided into four types according to their functional features, i.e., SIDE, SKIP, REDO and SWITCH. After that, the new ordering relation for detecting mendacious dependencies between tasks that reflects invisible tasks is introduced. Then the construction algorithms for invisible tasks of SIDE and SKIP/REDO/ SWITCH types are proposed respectively. Finally, the α # algorithm constructs the mined process models incorporating invisible tasks in WF-net. A lot of experiments are done to evaluate the mining quality of the proposed α # algorithm and the results are promising.

Huan Zhou,Chuang Lin,Yi Ping Deng

DOI: https://doi.org/10.4028/www.scientific.net/amr.760-762.1959

2013-01-01

Advanced Materials Research

Abstract:An explicit process model is vital in business processes. However, it is complicated and time consuming to create a workflow design. Also discords usually occur between the perceived management processes and the actual workflow processes. Under this condition, the process discovery techniques emerge. The aim is to rebuild a workflow model (e.g. a Petri net) of a business process based on the execution log. The model should give an abstract representation of the system and reproduce the log. This model can be further applied for process redesign/improvement and performance/reliability evaluation. In this paper, we present a new algorithm derived from α-algorithm for process discovery in term of Petri nets, where statistic long distance causal relationship is taken into consideration. Also this algorithm covers some shortages in α-algorithm.

Zhaoyang Zhang,Xinyu Wang,Haihong Li,Yang Chen,Zhilin Qu,Yuanyuan Mi,Gang Hu

DOI: https://doi.org/10.1007/s11433-023-2303-7

2024-03-07

Science China Physics Mechanics and Astronomy

Abstract:Inferring network structures from available data has attracted much interest in network science; however, in many realistic networks, only some of the nodes are perceptible while others are hidden, making it a challenging task. In this work, we develop a method for reconstructing the network with hidden nodes and links, taking account of fast-varying noise and time-delay interactions. By calculating the correlations of available data with different derivative orders for multiple pairs of accessible nodes, analyzing and integrating the relationships between different correlations, and defining diverse hidden-node-related reconstruction motifs, we can effectively identify the hidden nodes and hidden links in the network.

physics, multidisciplinary

Bin Cao,YIN Jian-wei,CHEN Hui-rui

2012-01-01

Abstract:To improve the retrieval efficiency of large scale process database, a new process retrieval method was proposed. This method adopted Depth-First Search(DFS) code to label the process model, and the similarity value was obtained by calculating DFS codes based on Levenshtein distance, which improved the similarity computing efficiency when matching occurred. The prototype system was evaluated by experiment, and the result showed that the method was more efficient than Graph Edit Distance(GED) and top 5 retrieval results were almost same with that of GED which guaranteed the accuracy of proposed method.

Zhuo Zhou,Wenxuan Liu,Danni Xu,Zheng Wang,Jian Zhao

DOI: https://doi.org/10.48550/arXiv.2308.15169

2023-08-29

Computer Vision and Pattern Recognition

Abstract:This paper introduces a new and challenging Hidden Intention Discovery (HID) task. Unlike existing intention recognition tasks, which are based on obvious visual representations to identify common intentions for normal behavior, HID focuses on discovering hidden intentions when humans try to hide their intentions for abnormal behavior. HID presents a unique challenge in that hidden intentions lack the obvious visual representations to distinguish them from normal intentions. Fortunately, from a sociological and psychological perspective, we find that the difference between hidden and normal intentions can be reasoned from multiple micro-behaviors, such as gaze, attention, and facial expressions. Therefore, we first discover the relationship between micro-behavior and hidden intentions and use graph structure to reason about hidden intentions. To facilitate research in the field of HID, we also constructed a seminal dataset containing a hidden intention annotation of a typical theft scenario for HID. Extensive experiments show that the proposed network improves performance on the HID task by 9.9\% over the state-of-the-art method SBP.

ZHANG Cheng,PENG Qinke

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.07.050

2007-01-01

Abstract:A novel method is proposed to construct variable-length patterns by using dynamically extracting information from call stack of the process.This method uses the chains of function return addresses to derive a table of variable-length patterns,and reduces the pattern set based on the structure of functions of the process.Then a Markov chain model is constructed based on variable-length patterns to detect abnormal behaviors.The experimental results indicate that compared with the traditional variable-length pattern based method and the first-order Markov chain model method,the proposed method can achieve higher hit rates and lower false alarm rates.

Cong Liu,Ying Wang,Lijie Wen,Jiujun Cheng,Long Cheng,Qingtian Zeng

DOI: https://doi.org/10.1109/tsc.2023.3335360

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Process discovery aims to extract descriptive process models from event logs. To date, various process discovery algorithms have been proposed for different application settings. However, most of them meet challenges in handling event logs produced from hierarchical multi-instance business processes, in which multiple sub-process instances are invoked by the execution of a parent process. To address the problem, a novel approach is presented to support the discovery of hierarchical multi-instance process models. Specifically, taking event logs with multi-instance information as input, the detailed implementation of our method can be generally divided into four steps: nesting relation detection, hierarchical event log construction, sub-process case identification, and hierarchical multi-instance model discovery. We have implemented our approach properly as plugins in the openly accessible ProM toolkit, and compared its performance against the state-of-the-art process discovery approaches over six publicly available event logs. Based on the experimental result, it is demonstrated that the proposed approach can effectively discover hierarchical multi-instance process models with better quality.