Remaining time prediction of business processes plays an important role in resource scheduling and plan making.The structural features of single process instance and the concurrent running of multiple process instance...Remaining time prediction of business processes plays an important role in resource scheduling and plan making.The structural features of single process instance and the concurrent running of multiple process instances are the main factors that affect the accuracy of the remaining time prediction.Existing prediction methods does not take full advantage of these two aspects into consideration.To address this issue,a new prediction method based on trace representation is proposed.More specifically,we first associate the prefix set generated by the event log to different states of the transition system,and encode the structural features of the prefixes in the state.Then,an annotation containing the feature representation for the prefix and the corresponding remaining time are added to each state to obtain an extended transition system.Next,states in the extended transition system are partitioned by the different lengths of the states,which considers concurrency among multiple process instances.Finally,the long short-term memory(LSTM)deep recurrent neural networks are applied to each partition for predicting the remaining time of new running instances.By extensive experimental evaluation using synthetic event logs and reallife event logs,we show that the proposed method outperforms existing baseline methods.展开更多
Time series analysis is widely used in the fields of finance, medical, and climate monitoring. However, the high dimension characteristic of time series brings a lot of inconvenience to its application. In order to so...Time series analysis is widely used in the fields of finance, medical, and climate monitoring. However, the high dimension characteristic of time series brings a lot of inconvenience to its application. In order to solve the high dimensionality problem of time series, symbolic representation, a method of time series feature representation is proposed, which plays an important role in time series classification and clustering, pattern matching, anomaly detection and others. In this paper, existing symbolization representation methods of time series were reviewed and compared. Firstly, the classical symbolic aggregate approximation (SAX) principle and its deficiencies were analyzed. Then, several SAX improvement methods, including aSAX, SMSAX, ESAX and some others, were introduced and classified;Meanwhile, an experiment evaluation of the existing SAX methods was given. Finally, some unresolved issues of existing SAX methods were summed up for future work.展开更多
Malware is emerging day by day.To evade detection,many malware obfuscation techniques have emerged.Dynamicmalware detectionmethods based on data flow graphs have attracted much attention since they can deal with the o...Malware is emerging day by day.To evade detection,many malware obfuscation techniques have emerged.Dynamicmalware detectionmethods based on data flow graphs have attracted much attention since they can deal with the obfuscation problem to a certain extent.Many malware classification methods based on data flow graphs have been proposed.Some of them are based on userdefined features or graph similarity of data flow graphs.Graph neural networks have also recently been used to implement malware classification recently.This paper provides an overview of current data flow graph-based malware classification methods.Their respective advantages and disadvantages are summarized as well.In addition,the future trend of the data flow graph-based malware classification method is analyzed,which is of great significance for promoting the development of malware detection technology.展开更多
Due to the absence of validity detection on pointers and automatic memory rubbish reclaim mechanisms in programming languages such as the C/C++language,software developed in these languages may have many memory safety...Due to the absence of validity detection on pointers and automatic memory rubbish reclaim mechanisms in programming languages such as the C/C++language,software developed in these languages may have many memory safety vulnerabilities,such as Use-After-Free(UAF)vulnerability.An UAF vulnerability occurs when a memory object has been freed,but it can still be accessed through a dangling pointer that points to the object before it is reclaimed.Since UAF vulnerabilities are frequently exploited by malware which may lead to memory data leakage or corruption,much research work has been carried out to detect UAF vulnerabilities.This paper investigates existing UAF detection methods.After comparing and categorizing these methods,an outlook on the future development of UAF detection methods is provided.This has an important reference value for subsequent research on UAF detection.展开更多
基金supported by National Natural Science Foundation of China(No.U1931207 and No.61702306)Sci.&Tech.Development Fund of Shandong Province of China(No.ZR2019LZH001,No.ZR2017BF015 and No.ZR2017MF027)+4 种基金the Humanities and Social Science Research Project of the Ministry of Education(No.18YJAZH017)Shandong Chongqing Science and technology cooperation project(No.cstc2020jscx-lyjsAX0008)Sci.&Tech.Development Fund of Qingdao(No.21-1-5-zlyj-1-zc)the Taishan Scholar Program of Shandong ProvinceSDUST Research Fund(No.2015TDJH102 and No.2019KJN024).
文摘Remaining time prediction of business processes plays an important role in resource scheduling and plan making.The structural features of single process instance and the concurrent running of multiple process instances are the main factors that affect the accuracy of the remaining time prediction.Existing prediction methods does not take full advantage of these two aspects into consideration.To address this issue,a new prediction method based on trace representation is proposed.More specifically,we first associate the prefix set generated by the event log to different states of the transition system,and encode the structural features of the prefixes in the state.Then,an annotation containing the feature representation for the prefix and the corresponding remaining time are added to each state to obtain an extended transition system.Next,states in the extended transition system are partitioned by the different lengths of the states,which considers concurrency among multiple process instances.Finally,the long short-term memory(LSTM)deep recurrent neural networks are applied to each partition for predicting the remaining time of new running instances.By extensive experimental evaluation using synthetic event logs and reallife event logs,we show that the proposed method outperforms existing baseline methods.
基金the National Natural Science Foundation of China [grant numbers 61602279, 61472229]Shandong Province Postdoctoral Innovation Project [grant number 201603056]+2 种基金the Sci.& Tech. Development Fund of Shandong Province of China [grant number 2016ZDJS02A11 and Grant ZR2017MF027]the SDUST Research Fund [grant number 2015TDJH102]and the Fund of Oceanic telemetry Engineering and Technology Research Center, State Oceanic Administration (grant number 2018002).
文摘Time series analysis is widely used in the fields of finance, medical, and climate monitoring. However, the high dimension characteristic of time series brings a lot of inconvenience to its application. In order to solve the high dimensionality problem of time series, symbolic representation, a method of time series feature representation is proposed, which plays an important role in time series classification and clustering, pattern matching, anomaly detection and others. In this paper, existing symbolization representation methods of time series were reviewed and compared. Firstly, the classical symbolic aggregate approximation (SAX) principle and its deficiencies were analyzed. Then, several SAX improvement methods, including aSAX, SMSAX, ESAX and some others, were introduced and classified;Meanwhile, an experiment evaluation of the existing SAX methods was given. Finally, some unresolved issues of existing SAX methods were summed up for future work.
文摘Malware is emerging day by day.To evade detection,many malware obfuscation techniques have emerged.Dynamicmalware detectionmethods based on data flow graphs have attracted much attention since they can deal with the obfuscation problem to a certain extent.Many malware classification methods based on data flow graphs have been proposed.Some of them are based on userdefined features or graph similarity of data flow graphs.Graph neural networks have also recently been used to implement malware classification recently.This paper provides an overview of current data flow graph-based malware classification methods.Their respective advantages and disadvantages are summarized as well.In addition,the future trend of the data flow graph-based malware classification method is analyzed,which is of great significance for promoting the development of malware detection technology.
文摘Due to the absence of validity detection on pointers and automatic memory rubbish reclaim mechanisms in programming languages such as the C/C++language,software developed in these languages may have many memory safety vulnerabilities,such as Use-After-Free(UAF)vulnerability.An UAF vulnerability occurs when a memory object has been freed,but it can still be accessed through a dangling pointer that points to the object before it is reclaimed.Since UAF vulnerabilities are frequently exploited by malware which may lead to memory data leakage or corruption,much research work has been carried out to detect UAF vulnerabilities.This paper investigates existing UAF detection methods.After comparing and categorizing these methods,an outlook on the future development of UAF detection methods is provided.This has an important reference value for subsequent research on UAF detection.
