17 research outputs found
LogGD:Detecting Anomalies from System Logs by Graph Neural Networks
Log analysis is one of the main techniques engineers use to troubleshoot
faults of large-scale software systems. During the past decades, many log
analysis approaches have been proposed to detect system anomalies reflected by
logs. They usually take log event counts or sequential log events as inputs and
utilize machine learning algorithms including deep learning models to detect
system anomalies. These anomalies are often identified as violations of
quantitative relational patterns or sequential patterns of log events in log
sequences. However, existing methods fail to leverage the spatial structural
relationships among log events, resulting in potential false alarms and
unstable performance. In this study, we propose a novel graph-based log anomaly
detection method, LogGD, to effectively address the issue by transforming log
sequences into graphs. We exploit the powerful capability of Graph Transformer
Neural Network, which combines graph structure and node semantics for log-based
anomaly detection. We evaluate the proposed method on four widely-used public
log datasets. Experimental results show that LogGD can outperform
state-of-the-art quantitative-based and sequence-based methods and achieve
stable performance under different window size settings. The results confirm
that LogGD is effective in log-based anomaly detection.Comment: 12 pages, 12 figure
A method based on hierarchical spatiotemporal features for trojan traffic detection
Trojans are one of the most threatening network attacks currently. HTTP-based
Trojan, in particular, accounts for a considerable proportion of them.
Moreover, as the network environment becomes more complex, HTTP-based Trojan is
more concealed than others. At present, many intrusion detection systems (IDSs)
are increasingly difficult to effectively detect such Trojan traffic due to the
inherent shortcomings of the methods used and the backwardness of training
data. Classical anomaly detection and traditional machine learning-based
(TML-based) anomaly detection are highly dependent on expert knowledge to
extract features artificially, which is difficult to implement in HTTP-based
Trojan traffic detection. Deep learning-based (DL-based) anomaly detection has
been locally applied to IDSs, but it cannot be transplanted to HTTP-based
Trojan traffic detection directly. To solve this problem, in this paper, we
propose a neural network detection model (HSTF-Model) based on hierarchical
spatiotemporal features of traffic. Meanwhile, we combine deep learning
algorithms with expert knowledge through feature encoders and statistical
characteristics to improve the self-learning ability of the model. Experiments
indicate that F1 of HSTF-Model can reach 99.4% in real traffic. In addition, we
present a dataset BTHT consisting of HTTP-based benign and Trojan traffic to
facilitate related research in the field.Comment: 8 pages, 7 figure
Listen to Minority: Encrypted Traffic Classification for Class Imbalance with Contrastive Pre-Training
Mobile Internet has profoundly reshaped modern lifestyles in various aspects.
Encrypted Traffic Classification (ETC) naturally plays a crucial role in
managing mobile Internet, especially with the explosive growth of mobile apps
using encrypted communication. Despite some existing learning-based ETC methods
showing promising results, three-fold limitations still remain in real-world
network environments, 1) label bias caused by traffic class imbalance, 2)
traffic homogeneity caused by component sharing, and 3) training with reliance
on sufficient labeled traffic. None of the existing ETC methods can address all
these limitations. In this paper, we propose a novel Pre-trAining
Semi-Supervised ETC framework, dubbed PASS. Our key insight is to resample the
original train dataset and perform contrastive pre-training without using
individual app labels directly to avoid label bias issues caused by class
imbalance, while obtaining a robust feature representation to differentiate
overlapping homogeneous traffic by pulling positive traffic pairs closer and
pushing negative pairs away. Meanwhile, PASS designs a semi-supervised
optimization strategy based on pseudo-label iteration and dynamic loss
weighting algorithms in order to effectively utilize massive unlabeled traffic
data and alleviate manual train dataset annotation workload. PASS outperforms
state-of-the-art ETC methods and generic sampling approaches on four public
datasets with significant class imbalance and traffic homogeneity, remarkably
pushing the F1 of Cross-Platform215 with 1.31%, ISCX-17 with 9.12%.
Furthermore, we validate the generality of the contrastive pre-training and
pseudo-label iteration components of PASS, which can adaptively benefit ETC
methods with diverse feature extractors.Comment: Accepted by 2023 20th Annual IEEE International Conference on
Sensing, Communication, and Networking, 9 pages, 6 figure
Fast identification of tomatoes in natural environments by improved YOLOv5s
Real time recognition and detection of tomato fruit maturity is a key function of tomato picking robots. Existing recognition and detection algorithms have slow speed and low recognition accuracy for small tomatoes. Here, a tomato fruit maturity detection model YOLOv5s3 based on improved YOLOv5s was proposed and its accuracy was verified through comparative experiments. On the basis of YOLOv5s, an SC module was proposed based on channel shuffle packet convolution. Then, A C3S module is constructed, which replaced the original C3 module with this C3S module to reduce the number of parameters while maintaining the feature expression ability of the original network. And a 3-feature fusion FF module was put forward, which accepted inputs from three feature layers. The FF module fused two feature maps from the backbone network. The C2 layer of the backbone was integrated, and the large target detection head was removed to use dual head detection to enhance the detection ability of small targets. The experimental results showed that the improved model has a detection accuracy of 94.8%, a recall rate of 96%, a parameter quantity of 3.02M, and an average accuracy (mAP0.5) of 93.3% for an intersection over union (IoU) of 0.5. The detection speed reaches 9.4ms. It can quickly and accurately identify the maturity of tomato fruits, and the detection speed is 22.95%, 33.33%, 48.91%, 68.35%, 15%, and 25.98% higher than the original YOLOv5s, YOLOv5m, YOLOv5l, YOLOv5x, YOLOv5n, and YOLOv4, respectively. The real-time testing visualization results of different models indicated that the improved model can effectively improve detection speed and solve the problem of low recognition rate for small tomatoes, which can provide reference for the development of picking robots
Fixed-Time Stability of the Hydraulic Turbine Governing System
This paper studies the problem of fixed-time stability of hydraulic turbine governing system with the elastic water hammer nonlinear model. To control and improve the quality of hydraulic turbine governing system, a new fixed-time control strategy is proposed, which can stabilize the water turbine governing system within a fixed time. Compared with the finite-time control strategy where the convergence rate depends on the initial state, the settling time of the fixed-time control scheme can be adjusted to the required value regardless of the initial conditions. Finally, we numerically show that the fixed-time control is more effective than and superior to the finite-time control
Deficiency of S100 calcium binding protein A9 attenuates vascular dysfunction in aged mice
Background: S100 calcium-binding protein A9 (S100A9) is a danger-associated molecular pattern molecule that mediates the inflammatory response. Inflammation is essential in aging-related cardiovascular diseases. However, less is known regarding the role of S100A9 in vascular aging. Methods: S100A9 null mice were used to investigate the role of S100A9 in aging-related pathologies. Artery rings were used to measure the functional characteristics of vascular with a pressurized myograph. Telomere length, Sirtuin activity, oxidative stress, and endothelial nitric oxide synthetase (eNOS) activity were used to elevate vascular senescence. Intraperitoneal glucose tolerance (IPGTT) and insulin sensitivity test (IST) were employed to investigate the effects of S100A9 on insulin resistance. Inflammation response was reflected by the concentration of inflammatory cytokines. The Toll-like receptor 4 (TLR4) and receptor for advanced glycation end products (RAGE) inhibitors were used to identify the downstream molecular mechanisms of S100A9 in aging-induced senescence in endothelial cells. Results: S100A9 expression in vascular increased with aging in mice and humans. Deficiency of S100A9 alleviated vascular senescence in aged mice, as evidenced by increased telomere length, Sirtuin activity, and eNOS activity. Meanwhile, S100A9 knockout improved endothelium-dependent vasodilatation and endothelial continuity in aged mice. Moreover, the increased insulin resistance, oxidative stress, and inflammation were mitigated by S100A9 deletion in aged mice. In vitro, S100A9 induced senescence in endothelial cells, and that effect was blunted by TLR4 but not RAGE inhibitors. Conclusion: The present study suggested that S100A9 may contribute to aging-related pathologies and endothelial dysfunction via the TLR4 pathway. Therefore, targeting S100A9/TLR4 signaling pathway may represent a crucial therapeutic strategy to prevent age-related cardiovascular diseases