Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of att...Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of attack-generation tools developed using these technologies to evade detection skillfully.Anomaly detection and misuse detection are the most commonly used techniques for detecting intrusion by unknown attacks.Although anomaly detection is adequate for detecting unknown attacks,its disadvantage is the possibility of high false alarms.Misuse detection has low false alarms;its limitation is that it can detect only known attacks.To overcome such limitations,many researchers have proposed a hybrid intrusion detection that integrates these two detection techniques.This method can overcome the limitations of conventional methods and works better in detecting unknown attacks.However,this method does not accurately classify attacks like similar to normal or known attacks.Therefore,we proposed a hybrid intrusion detection to detect unknown attacks similar to normal and known attacks.In anomaly detection,the model was designed to perform normal detection using Fuzzy c-means(FCM)and identify attacks hidden in normal predicted data using relabeling.In misuse detection,the model was designed to detect previously known attacks using Classification and Regression Trees(CART)and apply Isolation Forest(iForest)to classify unknown attacks hidden in known attacks.As an experiment result,the application of relabeling improved attack detection accuracy in anomaly detection by approximately 11%and enhanced the performance of unknown attack detection in misuse detection by approximately 10%.展开更多
The customer population of entities potentially requesting to join a queue for service often have identical structure, i.e., the same state set and isomorphic transitions. The state size of the automaton modeling a qu...The customer population of entities potentially requesting to join a queue for service often have identical structure, i.e., the same state set and isomorphic transitions. The state size of the automaton modeling a queue will grow rapidly with increase of the size of this population. However, by relabeling the queue arrival events and service events to the same symbols respectively, the automaton model of a queue will be converted to the structure of a buffer, which is proved to be independent of the total size of the customer population, as long as the queue size is held fixed. We propose the model of a dynamic buffer to embody order and shift of a queue. The result is applied to a manufacturing facility with a dynamic buffer to manage the repair of broken down machines.展开更多
Disk failures,the most common and major failures in storage systems,increase the risk of service interruption and data loss,and bring additional maintenance costs,which reduces system reliability.Disk failure predicti...Disk failures,the most common and major failures in storage systems,increase the risk of service interruption and data loss,and bring additional maintenance costs,which reduces system reliability.Disk failure prediction methods aim to forecast failures,initiating prompt data migration and disk replacement.Existing methods continuously optimize the models with different sampling methods and modeling algorithms.However,due to issues such as inaccurate sample labeling,insufficient data sampling,and improper sample segmentation,the predictive capabilities of existing models within the lookahead-window time are unstable and decline as the lookahead-window time increases.To address this,we propose LWCM(Lookahead-Window Constrained Model)to improve the predictability and stability of failure prediction models within the lookahead-window time.LWCM leverages dynamic sample relabeling methods based on lookahead-window time constraints and failure symptom durations to modify inaccurate sample labels.LWCM utilizes effective sample data by using the two-phase data sampling method including initial expectation sampling and subsequent segmented resampling.LWCM employs dynamic weighted optimization in backpropagation to enhance the predictability and stability of the disk failure prediction model.Experimental results show that LWCM has better failure prediction performance.The true positive and false positive rates surpass those of the offline-RF model by 38.7%and 92.4%,respectively.Furthermore,LWCM demonstrates its applicability across disk models while maintaining stability within the lookahead constraint window.展开更多
基金This work was supported by the Research Program through the National Research Foundation of Korea,NRF-2018R1D1A1B07050864,and was supported by another the Agency for Defense Development,UD200020ED.
文摘Detection of unknown attacks like a zero-day attack is a research field that has long been studied.Recently,advances in Machine Learning(ML)and Artificial Intelligence(AI)have led to the emergence of many kinds of attack-generation tools developed using these technologies to evade detection skillfully.Anomaly detection and misuse detection are the most commonly used techniques for detecting intrusion by unknown attacks.Although anomaly detection is adequate for detecting unknown attacks,its disadvantage is the possibility of high false alarms.Misuse detection has low false alarms;its limitation is that it can detect only known attacks.To overcome such limitations,many researchers have proposed a hybrid intrusion detection that integrates these two detection techniques.This method can overcome the limitations of conventional methods and works better in detecting unknown attacks.However,this method does not accurately classify attacks like similar to normal or known attacks.Therefore,we proposed a hybrid intrusion detection to detect unknown attacks similar to normal and known attacks.In anomaly detection,the model was designed to perform normal detection using Fuzzy c-means(FCM)and identify attacks hidden in normal predicted data using relabeling.In misuse detection,the model was designed to detect previously known attacks using Classification and Regression Trees(CART)and apply Isolation Forest(iForest)to classify unknown attacks hidden in known attacks.As an experiment result,the application of relabeling improved attack detection accuracy in anomaly detection by approximately 11%and enhanced the performance of unknown attack detection in misuse detection by approximately 10%.
文摘The customer population of entities potentially requesting to join a queue for service often have identical structure, i.e., the same state set and isomorphic transitions. The state size of the automaton modeling a queue will grow rapidly with increase of the size of this population. However, by relabeling the queue arrival events and service events to the same symbols respectively, the automaton model of a queue will be converted to the structure of a buffer, which is proved to be independent of the total size of the customer population, as long as the queue size is held fixed. We propose the model of a dynamic buffer to embody order and shift of a queue. The result is applied to a manufacturing facility with a dynamic buffer to manage the repair of broken down machines.
基金supported in part by the National Key Research and Development Program of China under Grant No.2023YFB4502801.
文摘Disk failures,the most common and major failures in storage systems,increase the risk of service interruption and data loss,and bring additional maintenance costs,which reduces system reliability.Disk failure prediction methods aim to forecast failures,initiating prompt data migration and disk replacement.Existing methods continuously optimize the models with different sampling methods and modeling algorithms.However,due to issues such as inaccurate sample labeling,insufficient data sampling,and improper sample segmentation,the predictive capabilities of existing models within the lookahead-window time are unstable and decline as the lookahead-window time increases.To address this,we propose LWCM(Lookahead-Window Constrained Model)to improve the predictability and stability of failure prediction models within the lookahead-window time.LWCM leverages dynamic sample relabeling methods based on lookahead-window time constraints and failure symptom durations to modify inaccurate sample labels.LWCM utilizes effective sample data by using the two-phase data sampling method including initial expectation sampling and subsequent segmented resampling.LWCM employs dynamic weighted optimization in backpropagation to enhance the predictability and stability of the disk failure prediction model.Experimental results show that LWCM has better failure prediction performance.The true positive and false positive rates surpass those of the offline-RF model by 38.7%and 92.4%,respectively.Furthermore,LWCM demonstrates its applicability across disk models while maintaining stability within the lookahead constraint window.
