Objective Present a new features selection algorithm. Methods based on rule induction and field knowledge. Results This algorithm can be applied in catching dataflow when detecting network intrusions, only the sub ...Objective Present a new features selection algorithm. Methods based on rule induction and field knowledge. Results This algorithm can be applied in catching dataflow when detecting network intrusions, only the sub dataset including discriminating features is catched. Then the time spend in following behavior patterns mining is reduced and the patterns mined are more precise. Conclusion The experiment results show that the feature subset catched by this algorithm is more informative and the dataset’s quantity is reduced significantly.展开更多
Researchers usually detect insider threats by analyzing user behavior.The time information of user behavior is an important concern in internal threat detection.Existing works on insider threat detection fail to make ...Researchers usually detect insider threats by analyzing user behavior.The time information of user behavior is an important concern in internal threat detection.Existing works on insider threat detection fail to make full use of the time information,which leads to their poor detection performance.In this paper,we propose a novel behavioral feature extraction scheme:we implicitly encode absolute time information in the behavioral feature sequences and use a feature sequence construction method taking covariance into account to make our scheme adaptive to users.We select Stacked Bidirectional LSTM and Feedforward Neural Network to build a deep learning-based insider threat detection model:Behavior Rhythm Insider Threat Detection(BRITD).BRITD is universally applicable to various insider threat scenarios,and it has good insider threat detection performance:it achieves an AUC of 0.9730 and a precision of 0.8072 with the CMU CERT dataset,which exceeds all baselines.展开更多
Rampant cloned vehicle offenses have caused great damage to transportation management as well as public safety and even the world economy.It necessitates an efficient detection mechanism to identify the vehicles with ...Rampant cloned vehicle offenses have caused great damage to transportation management as well as public safety and even the world economy.It necessitates an efficient detection mechanism to identify the vehicles with fake license plates accurately,and further explore the motives through discerning the behaviors of cloned vehicles.The ubiquitous inspection spots that deployed in the city have been collecting moving information of passing vehicles,which opens up a new opportunity for cloned vehicle detection.Existing detection methods cannot detect the cloned vehicle effectively due to that they use the fixed speed threshold.In this paper,we propose a two-phase framework,called CVDF,to detect cloned vehicles and discriminate behavior patterns of vehicles that use the same plate number.In the detection phase,cloned vehicles are identified based on speed thresholds extracted from historical trajectory and behavior abnormality analysis within the local neighborhood.In the behavior analysis phase,consider the traces of vehicles that uses the same license plate will be mixed together,we aim to differentiate the trajectories through matching degree-based clustering and then extract frequent temporal behavior patterns.The experimental results on the real-world data show that CVDF framework has high detection precision and could reveal cloned vehicles’behavior effectively.Our proposal provides a scientific basis for traffic management authority to solve the crime of cloned vehicle.展开更多
文摘Objective Present a new features selection algorithm. Methods based on rule induction and field knowledge. Results This algorithm can be applied in catching dataflow when detecting network intrusions, only the sub dataset including discriminating features is catched. Then the time spend in following behavior patterns mining is reduced and the patterns mined are more precise. Conclusion The experiment results show that the feature subset catched by this algorithm is more informative and the dataset’s quantity is reduced significantly.
基金supported by the National Key Research and Development Program of China.
文摘Researchers usually detect insider threats by analyzing user behavior.The time information of user behavior is an important concern in internal threat detection.Existing works on insider threat detection fail to make full use of the time information,which leads to their poor detection performance.In this paper,we propose a novel behavioral feature extraction scheme:we implicitly encode absolute time information in the behavioral feature sequences and use a feature sequence construction method taking covariance into account to make our scheme adaptive to users.We select Stacked Bidirectional LSTM and Feedforward Neural Network to build a deep learning-based insider threat detection model:Behavior Rhythm Insider Threat Detection(BRITD).BRITD is universally applicable to various insider threat scenarios,and it has good insider threat detection performance:it achieves an AUC of 0.9730 and a precision of 0.8072 with the CMU CERT dataset,which exceeds all baselines.
基金Our research was supported by NSFC(Grant Nos.U1501252,U1711262,61702423 and U1811264).
文摘Rampant cloned vehicle offenses have caused great damage to transportation management as well as public safety and even the world economy.It necessitates an efficient detection mechanism to identify the vehicles with fake license plates accurately,and further explore the motives through discerning the behaviors of cloned vehicles.The ubiquitous inspection spots that deployed in the city have been collecting moving information of passing vehicles,which opens up a new opportunity for cloned vehicle detection.Existing detection methods cannot detect the cloned vehicle effectively due to that they use the fixed speed threshold.In this paper,we propose a two-phase framework,called CVDF,to detect cloned vehicles and discriminate behavior patterns of vehicles that use the same plate number.In the detection phase,cloned vehicles are identified based on speed thresholds extracted from historical trajectory and behavior abnormality analysis within the local neighborhood.In the behavior analysis phase,consider the traces of vehicles that uses the same license plate will be mixed together,we aim to differentiate the trajectories through matching degree-based clustering and then extract frequent temporal behavior patterns.The experimental results on the real-world data show that CVDF framework has high detection precision and could reveal cloned vehicles’behavior effectively.Our proposal provides a scientific basis for traffic management authority to solve the crime of cloned vehicle.
