Tan Xiaobin

A Novel Approach to Network Security Situation Awareness Based on Multi-Perspective Analysis

Structural analysis plays an important role in printed mathematical expression recognition. In this paper, a reliable and efficient structural analysis method of printed mathematical expressions is proposed. Based on the baseline algorithm, this method employs heuristic rules to analysis special symbols and makes use of a mechanism of error detection to correct the recognition errors. Experimental results show that this method gains favorable correctness and adaptability in analyzing formula expressions.Describing the security situation and its trend is the research hotspot of network security. As a new research field, Network security situation awareness (NSSA) includes three phases: situation perception, situation evaluation and situation prediction. This paper proposes a novel approach to NSSA model. The situation evaluation model adopts a multi-perspective analysis. It uses the description of security attacks, vulnerabilities and security services to evaluate current network security situation. The situation prediction model adopts time series analysis. It uses past and current situation map to forecast future network security situation. Simulation results show that the model is suitable and efficient.

A Markov Game Theory-Based Risk Assessment Model for Network Information System

Risk assessment is a very important tool to acquire a present and future security status of the network information system. Many risk assessment approaches consider the present system security status, while the future security status, which also has an impact on assessing the system risk, is not taken into consideration. In this paper we propose a novel risk assessment model based on Markov game theory. In this model, all of the possible risk in the future will impact on the present risk assessment. The farther away from now, the smaller impact on the risk assessment it has. After acquiring the system security status, we proposed an automatic generated reinforcement scheme which will provide a great convenience to the system administrator. A software tool is developed to demonstrate the performance of the risk assessment of a network information system and a simulation example shows the effectiveness of the proposed model.

Application of CLIPS Expert System to Malware Detection System

Malware detection is a crucial aspect of software security. Traditional signature-based detection method cannot detect zero-day attacks and some malware adopting some circumvention techniques such as polymorphic, metamorphic, obfuscation and packer. So some anomaly-based detection techniques are introduced to overcome this drawback, but these techniques have high false alarm rate and the complexity involved in determining what features should be learned in the training phase. In order to overcome these shortcomings, we propose a malware detection system based on expert systems in this paper. This system integrates signature-based analysis and anomaly-detection technique together. The signature is anomaly behavioral signatures. Accord to expertise about malware¿s major suspicious behaviors, we build the knowledge base of the expert system. And we design a behavior gathering component to intercept anomaly behaviors happened in the operating system and get significant traces leaved by malware, then present these behaviors and traces as facts. The expert system uses the knowledge base and behaviors facts to infer and give the results. This system can detect not only known malware, but some zero-day attacks using known techniques and also malware adopting low-level techniques, such as polymorphic and packer.

Estimation of System Power Consumption on Mobile Computing Devices

The relationship between power consumption and parameters of system state on mobile computing devices is studied in this paper, using genetic algorithm and artificial neural network. Then based on this relationship, a run-time power consumption model is proposed to estimate the energy used on a per process basis. This result can help us to design an intrusion detection system for battery exhaustion attacks or give some advice on how to design a less power consumption program on mobile computing devices.

Multi-Perspective Quantization Model for Cyberspace Security Situation Awareness

Cyberspace security situation is the status and its trends of whole networks security, which is influenced by hardware, software and users behaviors of whole network, so the cyberspace security situation awareness is the perception, comprehension, and forecast of cyberspace security situation. However, according to the different view points and purpose, it is very difficult to give a wildly accepted result. Multi- perspective quantization model for cyberspace security situation awareness employ three perspectives, namely, threat oriented, essential oriented, and holistic, for evaluating and forecasting the security of network system. The aim is to try to ensure objectivity, and because it adopts multi-perspective parameters, the results can be used in various purposes of cyberspace security situation awareness. This model is suitable for all kinds of users, and it can help users get objective results.

Network Security Situation Awareness Using Exponential and Logarithmic Analysis

Network security situation awareness (NSSA) is a hotspot in the network security research field, based on the security situation values, decision makers can be aware of the actual security situation of their networks and then make rational decision to make their networks safer. In this paper, we build a multi-level quantization model for NSSA firstly; this model is comprised of three levels, namely, special oriented level, essential oriented level and holistic level. We can not only perform a certain kind of situation awareness, but also an overall one using this model. Different from the previous methods which compute network security situation of whole network just by summing up the values of each asset’s network security situation, we propose a novel algorithm based on exponential and logarithmic analysis, this novel method is more appropriate to obtain rational results. Our model and algorithm are proved to be feasible and effective through a series of experiments.

Decentralized robust adaptive controller of modular stochastic control systems

We study the decentralized robust adaptive tracking problem of control systems consisting of n modular subsystems with stochastic input terms. A nonlinear control scheme for stochastic linear control systems is proposed to design the direct adaptive controller for each modular stochastic subsystem. When the stochastic input terms satisfy some assumptions, we prove that the output tracking error of the closed-loop control systems is globally and asymptotically bounded and can be guaranteed to converge to within the precision prescribed in the actual problems. Finally, an efficient decentralized control algorithm is employed to solve a simulation example.

An adaptive massive access management for M2M communications in smart grid

Smart grid is an emerging technology which is designed to integrate advanced communication technologies into electrical power grids. In smart grid, automatic communications between machine devices is necessary. The number of Machine-Type Communication (MTC) devices will increase exponentially as smart grid technologies are further developed and deployed. It is a critical issue to deal with the massive accesses from an enormous number of MTC devices while guarantee the desired quality of service (QoS). In this paper, we formulate this problem as a queuing problem. Then we propose an adaptive massive access management by applying a probability estimation measurement, which is based on large deviation theory. The results demonstrate that our algorithm can adaptively adjust allocation rate and provide a better QoS. The results also show that our algorithm can improve the spectral efficiency.

Continuous-time Hidden Markov models in Network Simulation

The use of continuous-time hidden Markov models for network protocol and application performance evaluation has been validated to simulate network environments. In this paper, we develop a better algorithm to infer the continuous-time hidden Markov model from a series of end-to-end delay and loss observation of probing packets. We prove the algorithms feasibility by theory deduction and realize numerable validation by comparing the probability of the observed sequence produced by the model inferred by different methods. The algorithm complexity is lower.

Statistic analysis for time sequence analysis of multi-thread programs

To cope with the problem of the difficulty of analyzing and detecting the data race problems in multithread programs, a method based on statistic model is presented for the analysis of time sequences in multithread programs. The random variable uncertainty is used to depict the mutual influence in different multithread in time sequences, and the probability distribution for random variable uncertainty is analyzed as the outcome of multithread programs on the condition of data race. It is proved by experiment that the model can reflect the time sequence of the multithread programs, which can be used to instruct the detecting process of multithread programs should and must provide normalized electronic documents in order for readers to search and read papers conveniently.