In recent years,anomaly detection has attracted much attention in industrial production.As traditional anomaly detection methods usually rely on direct comparison of samples,they often ignore the intrinsic relationshi...In recent years,anomaly detection has attracted much attention in industrial production.As traditional anomaly detection methods usually rely on direct comparison of samples,they often ignore the intrinsic relationship between samples,resulting in poor accuracy in recognizing anomalous samples.To address this problem,a knowledge distillation anomaly detection method based on feature reconstruction was proposed in this study.Knowledge distillation was performed after inverting the structure of the teacher-student network to avoid the teacher-student network sharing the same inputs and similar structure.Representability was improved by using feature splicing to unify features at different levels,and the merged features were processed and reconstructed using an improved Transformer.The experimental results show that the proposed method achieves better performance on the MVTec dataset,verifying its effectiveness and feasibility in anomaly detection tasks.This study provides a new idea to improve the accuracy and efficiency of anomaly detection.展开更多
For anomaly detection,anomalies existing in the background will affect the detection performance.Accordingly,a background refinement method based on the local density is proposed to remove the anomalies from thebackgr...For anomaly detection,anomalies existing in the background will affect the detection performance.Accordingly,a background refinement method based on the local density is proposed to remove the anomalies from thebackground.In this work,the local density is measured by its spectral neighbors through a certain radius which is obtained by calculating the mean median of the distance matrix.Further,a two-step segmentation strategy is designed.The first segmentation step divides the original background into two subsets,a large subset composed by background pixels and a small subset containing both background pixels and anomalies.The second segmentation step employing Otsu method with an aim to obtain a discrimination threshold is conducted on the small subset.Then the pixels whose local densities are lower than the threshold are removed.Finally,to validate the effectiveness of the proposed method,it combines Reed-Xiaoli detector and collaborative-representation-based detector to detect anomalies.Experiments are conducted on two real hyperspectral datasets.Results show that the proposed method achieves better detection performance.展开更多
Solar arrays are important and indispensable parts of spacecraft and provide energy support for spacecraft to operate in orbit and complete on-orbit missions.When a spacecraft is in orbit,because the solar array is ex...Solar arrays are important and indispensable parts of spacecraft and provide energy support for spacecraft to operate in orbit and complete on-orbit missions.When a spacecraft is in orbit,because the solar array is exposed to the harsh space environment,with increasing working time,the performance of its internal electronic components gradually degrade until abnormal damage occurs.This damage makes solar array power generation unable to fully meet the energy demand of a spacecraft.Therefore,timely and accurate detection of solar array anomalies is of great significance for the on-orbit operation and maintenance management of spacecraft.In this paper,we propose an anomaly detection method for spacecraft solar arrays based on the integrated least squares support vector machine(ILS-SVM)model:it selects correlated telemetry data from spacecraft solar arrays to form a training set and extracts n groups of training subsets from this set,then gets n corresponding least squares support vector machine(LS-SVM)submodels by training on these training subsets,respectively;after that,the ILS-SVM model is obtained by integrating these submodels through a weighting operation to increase the prediction accuracy and so on;finally,based on the obtained ILS-SVM model,a parameterfree and unsupervised anomaly determination method is proposed to detect the health status of solar arrays.We use the telemetry data set from a satellite in orbit to carry out experimental verification and find that the proposed method can diagnose solar array anomalies in time and can capture the signs before a solar array anomaly occurs,which reflects the applicability of the method.展开更多
A novel method for detecting anomalous program behavior is presented, which is applicable to hostbased intrusion detection systems that monitor system call activities. The method constructs a homogeneous Markov chain ...A novel method for detecting anomalous program behavior is presented, which is applicable to hostbased intrusion detection systems that monitor system call activities. The method constructs a homogeneous Markov chain model to characterize the normal behavior of a privileged program, and associates the states of the Markov chain with the unique system calls in the training data. At the detection stage, the probabilities that the Markov chain model supports the system call sequences generated by the program are computed. A low probability indicates an anomalous sequence that may result from intrusive activities. Then a decision rule based on the number of anomalous sequences in a locality frame is adopted to classify the program's behavior. The method gives attention to both computational efficiency and detection accuracy, and is especially suitable for on-line detection. It has been applied to practical host-based intrusion detection systems.展开更多
Airborne electromagnetic transient method enjoys the advantages of high-efficiency and the high resolution of electromagnetic anomalies,especially suitable for mining detection around goaf areas and deep exploration o...Airborne electromagnetic transient method enjoys the advantages of high-efficiency and the high resolution of electromagnetic anomalies,especially suitable for mining detection around goaf areas and deep exploration of minerals.In this paper,we calculated the full-wave airborne transient electromagnetic data,according to the result of numerical research,the advantage of switch-off time response in electromagnetic detection was proofed via experiments.Firstly,based on the full-wave airborne transient electromagnetic system developed by Jilin University(JLU-ATEMI),we proposed a method to compute the full-waveform electromagnetic(EM)data of 3D model using the FDTD approach and convolution algorithm,and verify the calculation by the response of homogenous half-space.Then,through comparison of switch-off-time response and off-time response,we studied the effect of ramp time on anomaly detection.Finally,we arranged two experimental electromagnetic detection,the results indicated that the switch-off-time response can reveal the shallow target more effectively,and the full-waveform airborne electromagnetic system is an effective technique for shallow target detection.展开更多
Anomaly detection has been an active research topic in the field of network intrusion detection for many years. A novel method is presented for anomaly detection based on system calls into the kernels of Unix or Linux...Anomaly detection has been an active research topic in the field of network intrusion detection for many years. A novel method is presented for anomaly detection based on system calls into the kernels of Unix or Linux systems. The method uses the data mining technique to model the normal behavior of a privileged program and uses a variable-length pattern matching algorithm to perform the comparison of the current behavior and historic normal behavior, which is more suitable for this problem than the fixed-length pattern matching algorithm proposed by Forrest et al. At the detection stage, the particularity of the audit data is taken into account, and two alternative schemes could be used to distinguish between normalities and intrusions. The method gives attention to both computational efficiency and detection accuracy and is especially applicable for on-line detection. The performance of the method is evaluated using the typical testing data set, and the results show that it is significantly better than the anomaly detection method based on hidden Markov models proposed by Yan et al. and the method based on fixed-length patterns proposed by Forrest and Hofmeyr. The novel method has been applied to practical hosted-based intrusion detection systems and achieved high detection performance.展开更多
It is difficult to detect the anomalies whose matching relationship among some data attributes is very different from others’ in a dataset. Aiming at this problem, an approach based on wavelet analysis for detecting ...It is difficult to detect the anomalies whose matching relationship among some data attributes is very different from others’ in a dataset. Aiming at this problem, an approach based on wavelet analysis for detecting and amending anomalous samples was proposed. Taking full advantage of wavelet analysis’ properties of multi-resolution and local analysis, this approach is able to detect and amend anomalous samples effectively. To realize the rapid numeric computation of wavelet translation for a discrete sequence, a modified algorithm based on Newton-Cores formula was also proposed. The experimental result shows that the approach is feasible with good result and good practicality.展开更多
The anomaly detection of electromagnetic environment situation(EMES) has essential reference value for electromagnetic equipment behavior cognition and battlefield threat assessment.In this paper,we proposed a deep le...The anomaly detection of electromagnetic environment situation(EMES) has essential reference value for electromagnetic equipment behavior cognition and battlefield threat assessment.In this paper,we proposed a deep learning-based method for detecting anomalies in EMES to address the problem of relatively low efficiency of electromagnetic environment situation anomaly detection(EMES-AD).Firstly,the convolutional kernel extracts the static features of different regions of the EMES.Secondly,the dynamic features of the region are obtained by using a recurrent neural network(LSTM).Thirdly,the Spatio-temporal features of the region are recovered by using a de-convolutional network and then fused to predict the EMES.The structural similarity algorithm(SSIM) is used to determine whether it is anomalous.We developed the detection framework,de-signed the network parameters,simulated the data sets containing different anomalous types of EMES,and carried out the detection experiments.The experimental results show that the proposed method is effective.展开更多
An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism...An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.展开更多
文摘In recent years,anomaly detection has attracted much attention in industrial production.As traditional anomaly detection methods usually rely on direct comparison of samples,they often ignore the intrinsic relationship between samples,resulting in poor accuracy in recognizing anomalous samples.To address this problem,a knowledge distillation anomaly detection method based on feature reconstruction was proposed in this study.Knowledge distillation was performed after inverting the structure of the teacher-student network to avoid the teacher-student network sharing the same inputs and similar structure.Representability was improved by using feature splicing to unify features at different levels,and the merged features were processed and reconstructed using an improved Transformer.The experimental results show that the proposed method achieves better performance on the MVTec dataset,verifying its effectiveness and feasibility in anomaly detection tasks.This study provides a new idea to improve the accuracy and efficiency of anomaly detection.
基金Projects(61405041,61571145)supported by the National Natural Science Foundation of ChinaProject(ZD201216)supported by the Key Program of Heilongjiang Natural Science Foundation,China+1 种基金Project(RC2013XK009003)supported by Program Excellent Academic Leaders of Harbin,ChinaProject(HEUCF1508)supported by the Fundamental Research Funds for the Central Universities,China
文摘For anomaly detection,anomalies existing in the background will affect the detection performance.Accordingly,a background refinement method based on the local density is proposed to remove the anomalies from thebackground.In this work,the local density is measured by its spectral neighbors through a certain radius which is obtained by calculating the mean median of the distance matrix.Further,a two-step segmentation strategy is designed.The first segmentation step divides the original background into two subsets,a large subset composed by background pixels and a small subset containing both background pixels and anomalies.The second segmentation step employing Otsu method with an aim to obtain a discrimination threshold is conducted on the small subset.Then the pixels whose local densities are lower than the threshold are removed.Finally,to validate the effectiveness of the proposed method,it combines Reed-Xiaoli detector and collaborative-representation-based detector to detect anomalies.Experiments are conducted on two real hyperspectral datasets.Results show that the proposed method achieves better detection performance.
基金supported by the National Natural Science Foundation of China(7190121061973310).
文摘Solar arrays are important and indispensable parts of spacecraft and provide energy support for spacecraft to operate in orbit and complete on-orbit missions.When a spacecraft is in orbit,because the solar array is exposed to the harsh space environment,with increasing working time,the performance of its internal electronic components gradually degrade until abnormal damage occurs.This damage makes solar array power generation unable to fully meet the energy demand of a spacecraft.Therefore,timely and accurate detection of solar array anomalies is of great significance for the on-orbit operation and maintenance management of spacecraft.In this paper,we propose an anomaly detection method for spacecraft solar arrays based on the integrated least squares support vector machine(ILS-SVM)model:it selects correlated telemetry data from spacecraft solar arrays to form a training set and extracts n groups of training subsets from this set,then gets n corresponding least squares support vector machine(LS-SVM)submodels by training on these training subsets,respectively;after that,the ILS-SVM model is obtained by integrating these submodels through a weighting operation to increase the prediction accuracy and so on;finally,based on the obtained ILS-SVM model,a parameterfree and unsupervised anomaly determination method is proposed to detect the health status of solar arrays.We use the telemetry data set from a satellite in orbit to carry out experimental verification and find that the proposed method can diagnose solar array anomalies in time and can capture the signs before a solar array anomaly occurs,which reflects the applicability of the method.
基金the National Grand Fundamental Research "973" Program of China (2004CB318109)the High-Technology Research and Development Plan of China (863-307-7-5)the National Information Security 242 Program ofChina (2005C39).
文摘A novel method for detecting anomalous program behavior is presented, which is applicable to hostbased intrusion detection systems that monitor system call activities. The method constructs a homogeneous Markov chain model to characterize the normal behavior of a privileged program, and associates the states of the Markov chain with the unique system calls in the training data. At the detection stage, the probabilities that the Markov chain model supports the system call sequences generated by the program are computed. A low probability indicates an anomalous sequence that may result from intrusive activities. Then a decision rule based on the number of anomalous sequences in a locality frame is adopted to classify the program's behavior. The method gives attention to both computational efficiency and detection accuracy, and is especially suitable for on-line detection. It has been applied to practical host-based intrusion detection systems.
基金Project(41674109) supported by the National Natural Science Foundation of China
文摘Airborne electromagnetic transient method enjoys the advantages of high-efficiency and the high resolution of electromagnetic anomalies,especially suitable for mining detection around goaf areas and deep exploration of minerals.In this paper,we calculated the full-wave airborne transient electromagnetic data,according to the result of numerical research,the advantage of switch-off time response in electromagnetic detection was proofed via experiments.Firstly,based on the full-wave airborne transient electromagnetic system developed by Jilin University(JLU-ATEMI),we proposed a method to compute the full-waveform electromagnetic(EM)data of 3D model using the FDTD approach and convolution algorithm,and verify the calculation by the response of homogenous half-space.Then,through comparison of switch-off-time response and off-time response,we studied the effect of ramp time on anomaly detection.Finally,we arranged two experimental electromagnetic detection,the results indicated that the switch-off-time response can reveal the shallow target more effectively,and the full-waveform airborne electromagnetic system is an effective technique for shallow target detection.
基金supported by the National Grand Fundamental Research "973" Program of China (2004CB318109)the National High-Technology Research and Development Plan of China (2006AA01Z452)the National Information Security "242"Program of China (2005C39).
文摘Anomaly detection has been an active research topic in the field of network intrusion detection for many years. A novel method is presented for anomaly detection based on system calls into the kernels of Unix or Linux systems. The method uses the data mining technique to model the normal behavior of a privileged program and uses a variable-length pattern matching algorithm to perform the comparison of the current behavior and historic normal behavior, which is more suitable for this problem than the fixed-length pattern matching algorithm proposed by Forrest et al. At the detection stage, the particularity of the audit data is taken into account, and two alternative schemes could be used to distinguish between normalities and intrusions. The method gives attention to both computational efficiency and detection accuracy and is especially applicable for on-line detection. The performance of the method is evaluated using the typical testing data set, and the results show that it is significantly better than the anomaly detection method based on hidden Markov models proposed by Yan et al. and the method based on fixed-length patterns proposed by Forrest and Hofmeyr. The novel method has been applied to practical hosted-based intrusion detection systems and achieved high detection performance.
基金Project(50374079) supported by the National Natural Science Foundation of China
文摘It is difficult to detect the anomalies whose matching relationship among some data attributes is very different from others’ in a dataset. Aiming at this problem, an approach based on wavelet analysis for detecting and amending anomalous samples was proposed. Taking full advantage of wavelet analysis’ properties of multi-resolution and local analysis, this approach is able to detect and amend anomalous samples effectively. To realize the rapid numeric computation of wavelet translation for a discrete sequence, a modified algorithm based on Newton-Cores formula was also proposed. The experimental result shows that the approach is feasible with good result and good practicality.
基金funded by the National Natural Science Foundation of China, grant number 11975307the National Defense Science and Technology Innovation Special Zone Project, grant number 19-H863-01-ZT-003-003-12。
文摘The anomaly detection of electromagnetic environment situation(EMES) has essential reference value for electromagnetic equipment behavior cognition and battlefield threat assessment.In this paper,we proposed a deep learning-based method for detecting anomalies in EMES to address the problem of relatively low efficiency of electromagnetic environment situation anomaly detection(EMES-AD).Firstly,the convolutional kernel extracts the static features of different regions of the EMES.Secondly,the dynamic features of the region are obtained by using a recurrent neural network(LSTM).Thirdly,the Spatio-temporal features of the region are recovered by using a de-convolutional network and then fused to predict the EMES.The structural similarity algorithm(SSIM) is used to determine whether it is anomalous.We developed the detection framework,de-signed the network parameters,simulated the data sets containing different anomalous types of EMES,and carried out the detection experiments.The experimental results show that the proposed method is effective.
基金Project(50275150) supported by the National Natural Science Foundation of ChinaProjects(20040533035, 20070533131) supported by the National Research Foundation for the Doctoral Program of Higher Education of China
文摘An abstraction and an investigation to the worth of dendritic cells (DCs) ability to collect, process and present antigens are presented. Computationally, this ability is shown to provide a feature reduction mechanism that could be used to reduce the complexity of a search space, a mechanism for development of highly specialized detector sets as well as a selective mechanism used in directing subsets of detectors to be activated when certain danger signals are present. It is shown that DCs, primed by different danger signals, provide a basis for different anomaly detection pathways. Different antigen-peptides are developed based on different danger signals present, and these peptides are presented to different adaptive layer detectors that correspond to the given danger signal. Experiments are then undertaken that compare current approaches, where a full antigen structure and the whole repertoire of detectors are used, with the proposed approach. Experiment results indicate that such an approach is feasible and can help reduce the complexity of the problem by significant levels. It also improves the efficiency of the system, given that only a subset of detectors are involved during the detection process. Having several different sets of detectors increases the robustness of the resulting system. Detectors developed based on peptides are also highly discriminative, which reduces the false positives rates, making the approach feasible for a real time environment.
