Forming the Research Component of the U.S. Defense Budget Policy by A. V. Balyshev, V. I. Konnov

Subjects: Get full text

Advancement Perforator Cheek Flap for Aesthetic One-Stage Reconstruction of Postoncological Extended Split-Thickness Defects of the Nasal Sidewall by Matteo Rossi, Arianna Milia, Marco Carmisciano, Salvatore D’Arpa, Adriana Cordova, Francesco Moschella

Get full text

Attack scenarios reasoning,hypothesizing and predicting based on capability transition model by TIAN Zhi-hong1, ZHANG Wei-zhe1, ZHANG Yong-zheng2, ZHANG Hong-li 1, LI Yang2, JIANG Wei1

“…To construct attack scenarios and predict intrusion intents automatically,a real-time alert correlation approach based on capability transition model was proposed.By highly abstracting the reasoning evidences,the process complexity is effectively reduced.Experiment results on the DARPA2000 IDS test dataset indicate that the method is effective and efficient.…”
Get full text

Research on alert correlation method based on alert confidence in multi-IDS environment by MEI Hai-bin, GONG Jian

“…To overcome the shortcoming of current alert correlation methods which didn’t consider the confidence of IDS,an alert correlation method based on alerts confidence using the evidence theory was presented.Each alert was regarded as a piece of evidence of a network attack.Then multiple pieces of evidence were combined by the Dempster’s combina-tion rule,and used to infer whether the attack corresponding to the alerts took place.As a result,the ambiguity and con-fliction in alerts were eliminated,achieving the goal of improving alerts quality.Experimental results on the DARPA 2000 IDS test dataset show that the proposed method can efficiently decrease the false alert rate and reduce more than 60% of the alerts.…”
Get full text

Anomaly detection algorithm based on fractal characteristics of large-scale network traffic by XU Xiao-dong1, ZHU Shi-rui2, SUN Ya-min1

“…Based on the fractal structure of the large-scale network traffic aggregation, anomalies were analyzed qualitatively and quantitatively from perspective of the global and local scaling exponents.Multi-fractal singular spectrum and Lipschitz regularity distribution were used to analyze the fractal parameters of abnormal flow, trying to identify the relationship between the changes of these parameters and the emergence of anomalies.Experimental results show that the emergence of anomalies has obvious signs on the singular spectrum and Lipschitz regularity distribution.Using this feature, a new multi-fractal-based anomaly detection algorithm and a new detection framework were constructed.On the DARPA/Lincoln laboratory intrusion detection evaluation data set 1999, this algorithm’s detection rate is high at low false alarm rate, which is better than EMERALD.…”
Get full text

Research on attack scenario reconstruction method based on causal knowledge discovery by Di FAN, Jing LIU, Jun-xi ZHUANG, Ying-xu LAI

“…In order to discover the attack pattern from the distributed alert data and construct the attack scene,a method of finding the attack scene from the alert data generated by intrusion detection system was studied.Current research suffer from the problem that causal knowledge is complex and difficult to understand and it is difficult to automatically acquire the problem.An attack scenario reconstruction method based on causal knowledge discovery was proposed.According to the process of KDD,the sequence set of attack scenes was constructed by the correlation degree of IP attributes among alert data.Time series modeling was adopted to eliminate the false positives to reduce the attack scene sequence.Finally,causal relationship between the alert data was found by using probability statistics.Experiments on the DARPA2000 intrusion scenario specific data sets show that the method can effectively identify the multi-step attack mode.…”
Get full text

Multi-step attack detection method based on network communication anomaly recognition by Ankang JU, Yuanbo GUO, Tao LI, Ziwei YE

“…In view of the characteristics of internal fixed business logic,inbound and outbound network access behavior,two classes and four kinds of abnormal behaviors were defined firstly,and then a multi-step attack detection method was proposed based on network communication anomaly recognition.For abnormal sub-graphs and abnormal communication edges detection,graph-based anomaly analysis and wavelet analysis method were respectively proposed to identify abnormal behaviors in network communication,and detect multi-step attacks through anomaly correlation analysis.Experiments are carried out on the DARPA 2000 data set and LANL data set to verify the results.The experimental results show that the proposed method can effectively detect and reconstruct multi-step attack scenarios.The proposed method can effectively monitor multi-step attacks including unknown feature types.It provides a feasible idea for detecting complex multi-step attack patterns such as APT.And the network communication graph greatly reduces the data size,it is suitable for large-scale enterprise network environments.…”
Get full text

Edge detection of aerial images using artificial bee colony algorithm by Nurdan Akhan Baykan, Elif Deniz Yelmenoglu

“…Procedures were performed on gray scale aerial images which are taken from RADIUS/DARPA-IU Fort Hood database. Initially bee colony size was specified according to sizes of images. …”
Get full text