17 research outputs found

    LogGD:Detecting Anomalies from System Logs by Graph Neural Networks

    Full text link
    Log analysis is one of the main techniques engineers use to troubleshoot faults of large-scale software systems. During the past decades, many log analysis approaches have been proposed to detect system anomalies reflected by logs. They usually take log event counts or sequential log events as inputs and utilize machine learning algorithms including deep learning models to detect system anomalies. These anomalies are often identified as violations of quantitative relational patterns or sequential patterns of log events in log sequences. However, existing methods fail to leverage the spatial structural relationships among log events, resulting in potential false alarms and unstable performance. In this study, we propose a novel graph-based log anomaly detection method, LogGD, to effectively address the issue by transforming log sequences into graphs. We exploit the powerful capability of Graph Transformer Neural Network, which combines graph structure and node semantics for log-based anomaly detection. We evaluate the proposed method on four widely-used public log datasets. Experimental results show that LogGD can outperform state-of-the-art quantitative-based and sequence-based methods and achieve stable performance under different window size settings. The results confirm that LogGD is effective in log-based anomaly detection.Comment: 12 pages, 12 figure

    A method based on hierarchical spatiotemporal features for trojan traffic detection

    Full text link
    Trojans are one of the most threatening network attacks currently. HTTP-based Trojan, in particular, accounts for a considerable proportion of them. Moreover, as the network environment becomes more complex, HTTP-based Trojan is more concealed than others. At present, many intrusion detection systems (IDSs) are increasingly difficult to effectively detect such Trojan traffic due to the inherent shortcomings of the methods used and the backwardness of training data. Classical anomaly detection and traditional machine learning-based (TML-based) anomaly detection are highly dependent on expert knowledge to extract features artificially, which is difficult to implement in HTTP-based Trojan traffic detection. Deep learning-based (DL-based) anomaly detection has been locally applied to IDSs, but it cannot be transplanted to HTTP-based Trojan traffic detection directly. To solve this problem, in this paper, we propose a neural network detection model (HSTF-Model) based on hierarchical spatiotemporal features of traffic. Meanwhile, we combine deep learning algorithms with expert knowledge through feature encoders and statistical characteristics to improve the self-learning ability of the model. Experiments indicate that F1 of HSTF-Model can reach 99.4% in real traffic. In addition, we present a dataset BTHT consisting of HTTP-based benign and Trojan traffic to facilitate related research in the field.Comment: 8 pages, 7 figure

    Listen to Minority: Encrypted Traffic Classification for Class Imbalance with Contrastive Pre-Training

    Full text link
    Mobile Internet has profoundly reshaped modern lifestyles in various aspects. Encrypted Traffic Classification (ETC) naturally plays a crucial role in managing mobile Internet, especially with the explosive growth of mobile apps using encrypted communication. Despite some existing learning-based ETC methods showing promising results, three-fold limitations still remain in real-world network environments, 1) label bias caused by traffic class imbalance, 2) traffic homogeneity caused by component sharing, and 3) training with reliance on sufficient labeled traffic. None of the existing ETC methods can address all these limitations. In this paper, we propose a novel Pre-trAining Semi-Supervised ETC framework, dubbed PASS. Our key insight is to resample the original train dataset and perform contrastive pre-training without using individual app labels directly to avoid label bias issues caused by class imbalance, while obtaining a robust feature representation to differentiate overlapping homogeneous traffic by pulling positive traffic pairs closer and pushing negative pairs away. Meanwhile, PASS designs a semi-supervised optimization strategy based on pseudo-label iteration and dynamic loss weighting algorithms in order to effectively utilize massive unlabeled traffic data and alleviate manual train dataset annotation workload. PASS outperforms state-of-the-art ETC methods and generic sampling approaches on four public datasets with significant class imbalance and traffic homogeneity, remarkably pushing the F1 of Cross-Platform215 with 1.31%, ISCX-17 with 9.12%. Furthermore, we validate the generality of the contrastive pre-training and pseudo-label iteration components of PASS, which can adaptively benefit ETC methods with diverse feature extractors.Comment: Accepted by 2023 20th Annual IEEE International Conference on Sensing, Communication, and Networking, 9 pages, 6 figure

    Fast identification of tomatoes in natural environments by improved YOLOv5s

    Get PDF
    Real time recognition and detection of tomato fruit maturity is a key function of tomato picking robots. Existing recognition and detection algorithms have slow speed and low recognition accuracy for small tomatoes. Here, a tomato fruit maturity detection model YOLOv5s3 based on improved YOLOv5s was proposed and its accuracy was verified through comparative experiments. On the basis of YOLOv5s, an SC module was proposed based on channel shuffle packet convolution. Then, A C3S module is constructed, which replaced the original C3 module with this C3S module to reduce the number of parameters while maintaining the feature expression ability of the original network. And a 3-feature fusion FF module was put forward, which accepted inputs from three feature layers. The FF module fused two feature maps from the backbone network. The C2 layer of the backbone was integrated, and the large target detection head was removed to use dual head detection to enhance the detection ability of small targets. The experimental results showed that the improved model has a detection accuracy of 94.8%, a recall rate of 96%, a parameter quantity of 3.02M, and an average accuracy (mAP0.5) of 93.3% for an intersection over union (IoU) of 0.5. The detection speed reaches 9.4ms. It can quickly and accurately identify the maturity of tomato fruits, and the detection speed is 22.95%, 33.33%, 48.91%, 68.35%, 15%, and 25.98% higher than the original YOLOv5s, YOLOv5m, YOLOv5l, YOLOv5x, YOLOv5n, and YOLOv4, respectively. The real-time testing visualization results of different models indicated that the improved model can effectively improve detection speed and solve the problem of low recognition rate for small tomatoes, which can provide reference for the development of picking robots

    Fixed-Time Stability of the Hydraulic Turbine Governing System

    No full text
    This paper studies the problem of fixed-time stability of hydraulic turbine governing system with the elastic water hammer nonlinear model. To control and improve the quality of hydraulic turbine governing system, a new fixed-time control strategy is proposed, which can stabilize the water turbine governing system within a fixed time. Compared with the finite-time control strategy where the convergence rate depends on the initial state, the settling time of the fixed-time control scheme can be adjusted to the required value regardless of the initial conditions. Finally, we numerically show that the fixed-time control is more effective than and superior to the finite-time control

    Deficiency of S100 calcium binding protein A9 attenuates vascular dysfunction in aged mice

    No full text
    Background: S100 calcium-binding protein A9 (S100A9) is a danger-associated molecular pattern molecule that mediates the inflammatory response. Inflammation is essential in aging-related cardiovascular diseases. However, less is known regarding the role of S100A9 in vascular aging. Methods: S100A9 null mice were used to investigate the role of S100A9 in aging-related pathologies. Artery rings were used to measure the functional characteristics of vascular with a pressurized myograph. Telomere length, Sirtuin activity, oxidative stress, and endothelial nitric oxide synthetase (eNOS) activity were used to elevate vascular senescence. Intraperitoneal glucose tolerance (IPGTT) and insulin sensitivity test (IST) were employed to investigate the effects of S100A9 on insulin resistance. Inflammation response was reflected by the concentration of inflammatory cytokines. The Toll-like receptor 4 (TLR4) and receptor for advanced glycation end products (RAGE) inhibitors were used to identify the downstream molecular mechanisms of S100A9 in aging-induced senescence in endothelial cells. Results: S100A9 expression in vascular increased with aging in mice and humans. Deficiency of S100A9 alleviated vascular senescence in aged mice, as evidenced by increased telomere length, Sirtuin activity, and eNOS activity. Meanwhile, S100A9 knockout improved endothelium-dependent vasodilatation and endothelial continuity in aged mice. Moreover, the increased insulin resistance, oxidative stress, and inflammation were mitigated by S100A9 deletion in aged mice. In vitro, S100A9 induced senescence in endothelial cells, and that effect was blunted by TLR4 but not RAGE inhibitors. Conclusion: The present study suggested that S100A9 may contribute to aging-related pathologies and endothelial dysfunction via the TLR4 pathway. Therefore, targeting S100A9/TLR4 signaling pathway may represent a crucial therapeutic strategy to prevent age-related cardiovascular diseases
    corecore