Yue Shen,Fei Yu,Ling-Fen Zhang,Ji-Yao An,Miao-Liang Zhu

DOI: https://doi.org/10.1109/CANET.2005.1598184

2005-01-01

Abstract:Intrusion detection is an efficient way to protect information system. This paper puts forward a new method of anomalous intrusion detection based on system call. It uses system calls regarded as input, and creates a FSA for the functions in the program. Then the FSA is used to detect the attack. Moreover, It can find the place of the vulnerability which exists in the program. This can help to alter the source program. Results are shown that this method is effective for some intrusion events.

Rongyao Cai,Xiao Xv,Zhengming Lu,Kexin Zhang,Yong Liu

DOI: https://doi.org/10.1109/isas61044.2024.10552597

2024-01-01

Abstract:Fault tree analysis is the most commonly used methodology in industrial safety analysis to predict the probability or frequency of system failure. Although fault tree analysis has been proposed for more than six decades, the assumptions used in most commercial fault tree analysis codes have not changed significantly, which limits the ability of the method to represent design, operation, and maintenance characteristics in the context of the increasing complexity and specialization of modern industrial systems. The basic setup of traditional fault trees is unable to include dependencies between events, time-varying failures, and repair rate realities to explain complex maintenance strategies. To address the above shortcomings, we propose a fusion tree model combining fault tree and attack tree, and simplify the causal structure of the fusion tree by modularization, and utilize the dynamic Markov model to represent the complex coupling relationship between components or nodes. Finally, we demonstrate the calculation process of fusion tree in pressure vessel systems with temporal control.

Ming ZHENG,Xiao-Chun YUN,Tao ZHANG,Guo-fu ZHAI

DOI: https://doi.org/10.3969/j.issn.1001-5531.2005.07.004

2005-01-01

Abstract:Based on the principle and method of fault tree analysis, using ActiveX mode, the embedded fault tree analysis software was designed. firstly, analysis solution algorithm in the software was given, some data structures and main I/O functions were developed. finally, the application in computer security evaluation system was presented.

Liangxian Gu

2008-01-01

Abstract:Missile weapon system(MWS) is a high reliability system,so the reliability is an important performance index of MWS and also the base of effectiveness analysis for MWS. Because of the limit of the physical simulation,the computer simulation becomes an efficient approach for reliability research of MWS. First the paper introduces a simulation method in common use――fault tree analysis (FTA)method in brief , establishes a fault tree analysis (FTA) model of MWS based on FTA method and makes the Monte Carlo simulation, and gets the unit concernment degree and mode concernment degree of the system components. Through analysis of the simulation results a conclusion is got: for the MWS, rectifying the reliability of the system elements with non-configuration would not improve the whole system reliability in use.

ZHU Xiao-dong,ZHENG Cheng,ZHANG Da-qiang,CHEN Zhen

DOI: https://doi.org/10.3969/j.issn.1673-629x.2005.10.007

2005-01-01

Abstract:Intrusion detection system(IDS)is a hot application field.In order to solve the problem of lacking of validity on building IDS currently,first introduces the background of appearance of IDS and the character of IDS,analyses the process of decision tree learning.From the angle of data mining,reduces attributes of intrusion detection data with the method of rough set,and then learns the data with the method of decision tree.The result indicates the validity and practicability of rough set and decision tree on building IDS.

Yan Luo,Qinghua Liu,Yuelei Xie

DOI: https://doi.org/10.3969/j.issn.1673-808X.2014.02.011

2014-01-01

Abstract:In order to ensure the safety of the running train,fault tree analysis is applied into the early warning (EW)module of the train data showing center.A fault tree of equipment system is established,then the quantitative and qualitative analy-sis of the fault tree model is carried out,and the equivalent model of the system and fault probability is obtained.The DS system will make the corresponding alert by comparing the failure probability with the prior warning threshold.The applica-tion result shows that FTA is an effective way to diagnose system fault for the security of the running train.

Zhaohui Liu,Longtao Liao,Zhiqiang Wu,Xiaohua Yang

DOI: https://doi.org/10.1299/jsmeicone.2015.23._icone23-1_76

2015-01-01

The Proceedings of the International Conference on Nuclear Engineering (ICONE)

Abstract:The digitalized Instrumentation and Control (I&C) system of Nuclear power plants can provide many advantages. However, digital control systems induce new failure modes that differ from those of analog control systems. While the cost effectiveness and flexibility of software is widely recognized, it is very difficult to achieve and prove high levels of dependability and safety assurance for the functions performed by process control software, due to the very flexibility and potential complexity of the software itself. Software safety analysis (SSA) was one way to improve the software safety by identify the system hazards caused by software failure. This paper describes the application of a software fault tree analysis (SFTA) at the software design phase. At first, we evaluate all the software modules of the reactor power regulating system in nuclear power plant and identify various hazards. The SFTA was applied to some critical modules selected from the previous step. At last, we get some new hazards that had not been identified in the prior processes of the document evaluation which were helpful for our design.

Song Huang,ZhanWei Hui,Liang Wang,XiaoMing Liu

DOI: https://doi.org/10.1109/mines.2010.202

2010-01-01

Abstract:Due to the increasing complexity of software applications, traditional function security testing ways, which only test and validate software security mechanisms, are becoming ineffective to detect latent software security defects (SSD). However, the most of vulnerabilities result from some typical SSD. According to CERT/CC, ten defects known are responsible for 75% of security breaches in today software applications. On the base of threat tree modeling, we use it in the integrated software security test model. For introducing the usefulness of the method, we use the test model in M3TR software security test.

Mingjun Wei,Yufang Liu,Xuebin Chen,Jianmin Li

DOI: https://doi.org/10.1109/ICFN.2010.68

2010-01-01

Abstract:This paper presented that intrusion detection is an effective technique to protect Web server. Misused-based intrusion detection is used to detect Web-based attacks. It went deeply into Decision Tree technique; the traditional misused-based matching method was improved by using decision tree technique and the speed of detection process has been significantly improved. Its efficiency was verified by example.

Yongjin Liu,Na Li,Leina Shi,FangPing Li

DOI: https://doi.org/10.1109/EDT.2010.5496597

2010-01-01

Abstract:How to find the intrusion behaviors is a problem that troubled the intrusion detection field for years. Until now, there is not a good method to solve it, epically in a realistic context. Most methods are effective on small data sets, but when used to the massive data of IDS, the effectiveness seems to be unsatisfactory. In this paper, a new method based on decision tree is discussed to solve the problem of low detection rate of massive data. ©2010 IEEE.

徐漫江,曹元大

DOI: https://doi.org/10.3969/j.issn.1001-0645.2004.09.012

2004-01-01

Abstract:The structural design, cooperation and data fusion in a distributed intrusion detection system are investigated. A tree-structured distributed intrusion detection system and its components are illustrated detailed. The cooperation method in this system using blackboard, is explained. A CFAR (constant false alarm rate) method is used to fusion the distributed analysis result. A group of examples are used to show the validity of such a system.

Yuening Kang,Xingjun Zhang,Nan Wu,Weiguo Wu,Xiaoshe Dong

DOI: https://doi.org/10.1109/imis.2012.187

2012-01-01

Abstract:In this article, for the Linux operating system environment, with the characteristics of ambiguity and uncertainty for the occurrence probability of system failures, fuzzy theory is introduced into the fault tree analysis. The occurrence probability of basic events in the conventional fault tree is made fuzzy by introducing the concept of fuzzy sets. Using the upstream method for solving the minimum cut sets and transferring the different fuzzy numbers into triangular fuzzy numbers, the method is validated with the CPU error detection. This way provides a theoretical basis and implementation for system reliability evaluation, fault diagnosis and maintenance decisions.

Bowen Wang,Yuance Zhang,Zhaojing Zhang,Hongxing Hu,Geguang Pu

DOI: https://doi.org/10.4271/2023-01-0044

2023-01-01

Abstract:Intrusion Detection Systems (IDS), technically speaking, is to monitor the network, system, and operation status according to certain security policies, and try to find various attack attempts, attacks or attack results to ensure the confidentiality, integrity and availability of network system resources. Automotive intrusion detection systems can identify and alert by analyzing in-vehicle traffic and log when software applications or devices with malicious activity exist, or the in-vehicle network is tampered and injected. But unfortunately, automotive cybersecurity researchers hardly produce a comprehensive detection method due to the confidential nature of Controller Area Network (CAN) DBC format files, which is a standard long maintained by car manufacturers.In this paper, an enhanced intrusion detection method is proposed based on the double-decision-tree to classify different attack models for in-vehicle CAN network without the need to obtain complete DBC files. Unlike the existing method that is using data from the simulated CAN traffic traces, we construct three attack models based on real CAN bus traffic collected from Pentium T99. A totally new data split method is provided to divide training set, validation set and test dataset. Three experiments are set to verify this new data split method and the results show that we have achieved high accuracy in the recognition of the three types of attacks, and the model has high operating efficiency.

Xueqin Gao,Tao Shang,Da Li,Jianwei Liu

DOI: https://doi.org/10.1109/pst55820.2022.9851965

2022-01-01

Abstract:SCADA systems are one of the critical infrastructures and face many security threats. Attackers can control SCADA systems through network attacks, destroying the normal operation of the power system. It is important to conduct a risk assessment of security threats on SCADA systems. However, existing models for risk assessment using attack trees mainly focus on describing possible intrusions rather than the interaction between threats and defenses. In this paper, we comprehensively consider intrusion likelihood and defense capability and propose a quantitative risk assessment model of security threats based on attack countermeasure tree (ACT). Each leaf node in ACT contains two attributes: exploitable vulnerabilities and defense countermeasures. An attack scenario can be constructed by means of traversing the leaf nodes. We set up six indicators to evaluate the impact of security threats in attack scenarios according to NISTIR 7628 standard. Experimental results show the attack probability of security threats and high-risk attack scenarios in SCADA systems. We can improve defense countermeasures to protect against security threats corresponding to high-risk scenarios. In addition, the model can continually update risk assessments based on the implementation of the system’s defensive countermeasures.

Hongxiao Fei,Hsi-Che Lin

2012-01-01

Computer Engineering and Applications Journal

Abstract:Aiming at the problems of high-dimensional massive data collected in the intrusion detection system,complexity and low accuracy by the model constructed by decision tree,the attributes of the network connections related with intrusion are selected because of the advantage about rough set,and then the model built by decision tree is used to classify the network connections in prediction,so a method for network intrusion detection has been developed,which is based on the attributes'reduction of rough set and the predictive classification of decision tree hybrid in this paper.Experimental results show that the predominance has been proved,the accuracy has been improved in detecting DoS attacks largely and in detecting Probe and R2L attacks,at the same time,the rate of false alarm has been decreased notably.

Tao Zhang,Mingzeng Hu,Xiaochun YUN,Yongzheng Zhang,ming Zheng

DOI: https://doi.org/10.3321/j.issn:1002-0470.2005.07.004

2005-01-01

Abstract:System visitors were classified into five kinds by their privilege to access system resource by analysing computer resource, visitor privilege, security requirement, vulnerability, etc. The attacker can enhance his privilege using vulnerability. According to distribution of vulnerabilities privilege set, fault tree should be constructed to analyze the system security states under different security requirement condition, and this method could express qualitative security states using attack path and quantificational security states using attack success probability via analyzing fault tree.

叶俊民,张涛,董威,齐治昌

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.16.025

2008-01-01

Abstract:To improve the safety and reliability of software,a method to detect and analyze software faults is introduced.This method uses the static analysis of programs to locate faults,and uses fault tree to find the source of those faults.Invalid arithmetic operation is a common kind of error in programs,which often causes the system collapse.An invalid arithmetic fault analyzing process is discussed as an example to illustrate the analyzing process.This method is proved in experiment to be effective in locating and analyzing faults.

Heba Ezzat Ibrahim,Sherif M. Badr,Mohamed A. Shaheen

DOI: https://doi.org/10.48550/arXiv.1208.5997

2012-08-29

Cryptography and Security

Abstract:Security of computers and the networks that connect them is increasingly becoming of great significance. Intrusion detection system is one of the security defense tools for computer networks. This paper compares two different model Approaches for representing intrusion detection system by using decision tree techniques. These approaches are Phase-model approach and Level-model approach. Each model is implemented by using two techniques, New Attacks and Data partitioning techniques. The experimental results showed that Phase approach has higher classification rate in both New Attacks and Data Partitioning techniques than Level approach.

Jiashuo Zhang,Derong Chen,Peng Gao,Zepeng Wang,Jingang Zhang

DOI: https://doi.org/10.3390/pr12122826

IF: 3.5

2024-12-10

Processes

Abstract:Ensuring user safety has become increasingly essential, especially for safety-critical systems (SCSs) that are vital to human life or significant property. However, the prevailing design-for-testability (DFT) model, which relies on dependencies, overlooks safety-related faults and lacks adequate metrics for evaluating system safety. Consequently, the current dependency model is insufficient in effectively assessing system safety. To address this issue, this study has developed a comprehensive DFT model that integrates system safety considerations, known as the safety-related fault model (SRFM). SRFM uses internal block diagrams (IBDs) as a means, employs a nine-tuple model to create a static automatic fault tree, and establishes mapping relationships. Sensitivity analysis is utilized to quantify system safety factors, resulting in a safety-related dependency matrix. Two crucial concepts, design safety sensitivity (DSS) and theoretical safety sensitivity (TSS), are introduced to quantify system safety loss after a fault occurs. Additionally, two new safety-related testability metrics—test advantage of safety assessment on probability (TASAP) and test advantage of safety assessment on number (TASAN)—are developed for a robust evaluation of system safety. To validate the effectiveness of SRFM, it is applied to an electronic safety and arming device (ESA), demonstrating superior performance in TASAP and TASAN compared to existing models, with a negligible impact on expected test cost (ETC).

engineering, chemical

Ramin Mojdehbakhsh,Satish Subramanian,Ramakrishna V. Vishnuvajjala,Wei-Tek Tsai,Lynn Elliott

DOI: https://doi.org/10.1109/ISSRE.1994.341347

1994-01-01

Abstract:We introduce a detailed process for software requirements safety analysis. The approach for identification of safety faults in this process is based on fault tree analysis. This process consists of four main steps: software requirements fault tree generation; software requirements fault tree verification and validation; software safety requirements generation and safety fault mitigation; and software requirements safety verification and validation. We have defined a set of rules that can automatically generate the software requirements fault tree given the software requirements specified in Statemate, and the software fault tree top events identified in the system safety analysis. Statemate CASE tool is used in this process for specification of software requirements, and execution and analysis of the software requirements to verify and validate safety. Essential tree analysis is introduced as a method for dependency analysis of the software fault tree top event. The outcome of essential tree analysis is captured in an essential tree which we introduce as a graphical representation of the dependencies and their interrelations