Xi Hongsheng

A Novel Approach to Network Security Situation Awareness Based on Multi-Perspective Analysis

Structural analysis plays an important role in printed mathematical expression recognition. In this paper, a reliable and efficient structural analysis method of printed mathematical expressions is proposed. Based on the baseline algorithm, this method employs heuristic rules to analysis special symbols and makes use of a mechanism of error detection to correct the recognition errors. Experimental results show that this method gains favorable correctness and adaptability in analyzing formula expressions.Describing the security situation and its trend is the research hotspot of network security. As a new research field, Network security situation awareness (NSSA) includes three phases: situation perception, situation evaluation and situation prediction. This paper proposes a novel approach to NSSA model. The situation evaluation model adopts a multi-perspective analysis. It uses the description of security attacks, vulnerabilities and security services to evaluate current network security situation. The situation prediction model adopts time series analysis. It uses past and current situation map to forecast future network security situation. Simulation results show that the model is suitable and efficient.

A Markov Game Theory-Based Risk Assessment Model for Network Information System

Risk assessment is a very important tool to acquire a present and future security status of the network information system. Many risk assessment approaches consider the present system security status, while the future security status, which also has an impact on assessing the system risk, is not taken into consideration. In this paper we propose a novel risk assessment model based on Markov game theory. In this model, all of the possible risk in the future will impact on the present risk assessment. The farther away from now, the smaller impact on the risk assessment it has. After acquiring the system security status, we proposed an automatic generated reinforcement scheme which will provide a great convenience to the system administrator. A software tool is developed to demonstrate the performance of the risk assessment of a network information system and a simulation example shows the effectiveness of the proposed model.

Performance optimization of continuous-time Markov control processes based on performance potentials

Average-cost optimization problems for a class of continuous-time Markov control processes with a compact action set have been studied. The definition of a generalized average-cost Poisson equation, which can be viewed as an extension to the standard one is first given. Markov performance potentials are defined as its unique solution. Based on the formula of performance potentials, an average-cost optimality equation is derived and the existence of its solution is established. Then, policy iteration and value iteration algorithms are proposed and their convergence discussed. A numerical example for controlled closed queuing networks illustrates the application of the proposed value iteration algorithm.

Application of CLIPS Expert System to Malware Detection System

Malware detection is a crucial aspect of software security. Traditional signature-based detection method cannot detect zero-day attacks and some malware adopting some circumvention techniques such as polymorphic, metamorphic, obfuscation and packer. So some anomaly-based detection techniques are introduced to overcome this drawback, but these techniques have high false alarm rate and the complexity involved in determining what features should be learned in the training phase. In order to overcome these shortcomings, we propose a malware detection system based on expert systems in this paper. This system integrates signature-based analysis and anomaly-detection technique together. The signature is anomaly behavioral signatures. Accord to expertise about malware¿s major suspicious behaviors, we build the knowledge base of the expert system. And we design a behavior gathering component to intercept anomaly behaviors happened in the operating system and get significant traces leaved by malware, then present these behaviors and traces as facts. The expert system uses the knowledge base and behaviors facts to infer and give the results. This system can detect not only known malware, but some zero-day attacks using known techniques and also malware adopting low-level techniques, such as polymorphic and packer.

Error bounds of optimization algorithms for semi-Markov decision processes

Caos work shows that, by defining an α-dependent equivalent infinitesimal generator A α, a semi-Markov decision process (SMDP) with both average- and discounted-cost criteria can be treated as an α-equivalent Markov decision process (MDP), and the performance potential theory can also be developed for SMDPs. In this work, we focus on establishing error bounds for potential and A α-based iterative optimization methods. First, we introduce an α-uniformized Markov chain (UMC) for a SMDP via A α and a uniformized parameter, and show their relations. Especially, we obtain that their performance potentials, as solutions of corresponding Poisson equations, are proportional, so that the studies of a SMDP and the α-UMC based on potentials are unified. Using these relations, we derive the error bounds for a potential-based policy-iteration algorithm and a value-iteration algorithm, respectively, when there exist various calculation errors. The obtained results can be applied directly to the special models, i.e., continuous-time MDPs and Markov chains, and can be extended to some simulation-based optimization methods such as reinforcement learning and neuro-dynamic programming, where estimation errors or approximation errors are common cases. Finally, we give an application example on the look-ahead control of a conveyor-serviced production station (CSPS), and show the corresponding error bounds.

The optimal robust control policy for uncertain semi-Markov control processes

The optimization problems of Markov control processes (MCPs) with exact knowledge of system parameters, in the form of transition probabilities or infinitesimal transition rates, can be solved by using the concept of Markov performance potential which plays an important role in the sensitivity analysis of MCPs. In this paper, by using an equivalent infinitesimal generator, we first introduce a definition of discounted Poisson equations for semi-Markov control processes (SMCPs), which is similar to that for MCPs, and the performance potentials of SMCPs are defined as solution of the equation. Some related optimization techniques based on performance potentials for MCPs may be extended to the optimization of SMCPs if the system parameters are known with certainty. Unfortunately, exact values of the distributions of the sojourn times at some states or the transition probabilities of the embedded Markov chain for a large-scale SMCP are generally difficult or impossible to obtain, which leads to the uncertainty of the semi-Markov kernel, and thereby to the uncertainty of equivalent infinitesimal transition rates. Similar to the optimization of uncertain MCPs, a potential-based policy iteration method is proposed in this work to search for the optimal robust control policy for SMCPs with uncertain infinitesimal transition rates that are represented as compact sets. In addition, convergence of the algorithm is discussed.The optimization problems of Markov control processes (MCPs) with exact knowledge of system parameters, in the form of transition probabilities or infinitesimal transition rates, can be solved by using the concept of Markov performance potential which plays an important role in the sensitivity analysis of MCPs. In this paper, by using an equivalent infinitesimal generator, we first introduce a definition of discounted Poisson equations for semi-Markov control processes (SMCPs), which is similar to that for MCPs, and the performance potentials of SMCPs are defined as solution of the equation. Some related optimization techniques based on performance potentials for MCPs may be extended to the optimization of SMCPs if the system parameters are known with certainty. Unfortunately, exact values of the distributions of the sojourn times at some states or the transition probabilities of the embedded Markov chain for a large-scale SMCP are generally difficult or impossible to obtain, which leads to the uncertainty of the semi-Markov kernel, and thereby to the uncertainty of equivalent infinitesimal transition rates. Similar to the optimization of uncertain MCPs, a potential-based policy iteration method is proposed in this work to search for the optimal robust control policy for SMCPs with uncertain infinitesimal transition rates that are represented as compact sets. In addition, convergence of the algorithm is discussed.

Multi-Perspective Quantization Model for Cyberspace Security Situation Awareness

Cyberspace security situation is the status and its trends of whole networks security, which is influenced by hardware, software and users behaviors of whole network, so the cyberspace security situation awareness is the perception, comprehension, and forecast of cyberspace security situation. However, according to the different view points and purpose, it is very difficult to give a wildly accepted result. Multi- perspective quantization model for cyberspace security situation awareness employ three perspectives, namely, threat oriented, essential oriented, and holistic, for evaluating and forecasting the security of network system. The aim is to try to ensure objectivity, and because it adopts multi-perspective parameters, the results can be used in various purposes of cyberspace security situation awareness. This model is suitable for all kinds of users, and it can help users get objective results.

Guaranteed control performance robust LQG regulator for discrete-time Markovian jump systems with uncertain noise

Abstract Robust LQG problems of discrete-time Markovian jump systems with uncertain noises are investigated. The problem addressed is the construction of perturbation upper bounds on the uncertain noise covariances so as to guarantee that the deviation of the control performance remains within the precision prescribed in actual problems. Furthermore, this regulator is capable of minimizing the worst performance in an uncertain case. A numerical example is exploited to show the validity of the method.

Modular design of adaptive robust controller for strict-feedback stochastic nonlinear systems

A modular approach of the estimation-based design in adaptive linear control systems has been extended to the adaptive robust control of strict-feedback stochastic nonlinear systems with additive standard Wiener noises and constant unknown parameters. By using Itô’s differentiation rule, nonlinear damping and adaptive Backstepping procedure, the input-to-state stable controller of global stabilization in probability is developed, which guarantees that system states are bounded and the system has a robust stabilization. According to Swapping technique, we develop two filters and convert dynamic parametric models into static ones to which the gradient update law is designed. Transient performance of the system is estimated by the norm of error. Results of simulation show the effectiveness of the control algorithms. The modular design, which has a concise hierarchy, is more flexible and versatile than a Lyapunov-based algorithm.

Robust and non-fragile H/sub /spl infin// control for a class of uncertain hybrid linear systems with Markovian jumping parameters

This paper describes the synthesis of robust and non-fragile H/sub /spl infin// state feedback controllers for a class of uncertain hybrid linear systems with time delay, Markovian jumping parameters and state multiplicative noise. Under the assumptions of complete access to the norm-bounds of the system uncertainties and controller gain variations, sufficient conditions on the existence of a robust stochastic stability and r-disturbance attenuation H/sub /spl infin// property are presented. Also, using some change of variables and Schur complements, the obtained sufficient conditions can be rewritten as a set of coupled linear matrix inequalities form, through which a robust and non-fragile controller can be constructed easily.