Jibao Lai

Bio: Jibao Lai is an academic researcher from Harbin Engineering University. The author has contributed to research in topics: Network security & Sensor fusion. The author has an hindex of 6, co-authored 8 publications receiving 76 citations.

Network security situation awareness based on heterogeneous multi-sensor data fusion and neural network

Abstract: Network Security Situation Awareness (NSSA) is a hot research realm in the area of network security, which helps security analysts to solve the challenges they encounter. This paper mainly focuses on a NSSA which is based on heterogeneous multi-sensor data fusion using neural network. We designed a NSSA model and discussed it in detail. We adopted Snort and NetFlow as sensors to gather real network traffic and fused them using a multi-layer feed-forward neural network that can solve a multi-class problem. We presented an effective and simple feature reduction approach to decrease the input vector and improve the real-time characteristic of fusion engine. In addition, we described a situation generation mechanism in order to provide the real security situation of the monitored networks. Our model is proved to be feasible and effective through a series of experiments, using real network traffic.

WNN-based network security situation quantitative prediction method and its optimization

Abstract: The accurate and real-time prediction of network security situation is the premise and basis of preventing intrusions and attacks in a large-scale network. In order to predict the security situation more accurately, a quantitative prediction method of network security situation based on Wavelet Neural Network with Genetic Algorithm (GAWNN) is proposed. After analyzing the past and the current network security situation in detail, we build a network security situation prediction model based on wavelet neural network that is optimized by the improved genetic algorithm and then adopt GAWNN to predict the non-linear time series of network security situation. Simulation experiments prove that the proposed method has advantages over Wavelet Neural Network (WNN) method and Back Propagation Neural Network (BPNN) method with the same architecture in convergence speed, functional approximation and prediction accuracy. What is more, system security tendency and laws by which security analyzers and administrators can adjust security policies in near real-time are revealed from the prediction results as early as possible.

Quantification of Network Security Situational Awareness Based on Evolutionary Neural Network

Abstract: The proposal of network security situational awareness (NSSA) research means a breakthrough and an innovation to the traditional network security technologies, and it has become a new hot research topic in network security field. Combined with evolutionary strategy and neural network, a quantitative method of network security situational awareness is proposed in this paper. Evolutionary strategy is used to optimize the parameters of neural network, and then the evolutionary neural network model is established to extract the network security situational factors, so the quantification of network security situation is achieved. Finally simulated experiment is done to validate that the evolutionary neural network model can extract situational factors and the model has better generalization ability, which supports the network security technical technologies greatly.

Network security situation awareness model based on heterogeneous multi-sensor data fusion

Abstract: Network security situation awareness (NSSA) is an emerging technique in the Held of network security and it helps security analysts to be aware of the actual security situation of their networks. In this paper we presented a novel NSSA model based on multi-sensor data fusion and multi-class support vector machines. In our model, we adopted Snort and NetFlow as two sensors to gather data from network traffic. We employed multi-class support vector machines as fusion engine of our model in combination with an efficient feature reduction approach to fuse the gathered data from heterogeneous sensors. Furthermore, we discussed the alert aggregation algorithm and the security situation awareness generation techniques detailedly. Our model is proved to be feasible and effective through a series of experiments.

Heterogeneous Multisensor Data Fusion with Neural Network: Creating Network Security Situation Awareness.

Abstract: A coating composition comprising a monomer mixture of mono- or polypentaerythritol hving at least three (meth) acryloyloxy groups and at least one monofunctional acrylate or methacrylate having at least one ether bond in the molecule, a boiling point above 150 DEG C. under normal pressure and a viscosity below 20 centipoises at 20 DEG C., a photosensitizing agent, at least one silicon containing surface active agent and at least one organic solvent capable of forming a uniform solution upon mixing with the vinyl monomer mixture. Also disclosed is a process of coating surfaces with the coating compositions.

Intrusion detection and Big Heterogeneous Data: a Survey

Abstract: Intrusion Detection has been heavily studied in both industry and academia, but cybersecurity analysts still desire much more alert accuracy and overall threat analysis in order to secure their systems within cyberspace. Improvements to Intrusion Detection could be achieved by embracing a more comprehensive approach in monitoring security events from many different heterogeneous sources. Correlating security events from heterogeneous sources can grant a more holistic view and greater situational awareness of cyber threats. One problem with this approach is that currently, even a single event source (e.g., network traffic) can experience Big Data challenges when considered alone. Attempts to use more heterogeneous data sources pose an even greater Big Data challenge. Big Data technologies for Intrusion Detection can help solve these Big Heterogeneous Data challenges. In this paper, we review the scope of works considering the problem of heterogeneous data and in particular Big Heterogeneous Data. We discuss the specific issues of Data Fusion, Heterogeneous Intrusion Detection Architectures, and Security Information and Event Management (SIEM) systems, as well as presenting areas where more research opportunities exist. Overall, both cyber threat analysis and cyber intelligence could be enhanced by correlating security events across many diverse heterogeneous sources.

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

Abstract: This paper provides a survey of prediction, and forecasting methods used in cyber security. Four main tasks are discussed first, attack projection and intention recognition, in which there is a need to predict the next move or the intentions of the attacker, intrusion prediction, in which there is a need to predict upcoming cyber attacks, and network security situation forecasting, in which we project cybersecurity situation in the whole network. Methods and approaches for addressing these tasks often share the theoretical background and are often complementary. In this survey, both methods based on discrete models, such as attack graphs, Bayesian networks, and Markov models, and continuous models, such as time series and grey models, are surveyed, compared, and contrasted. We further discuss machine learning and data mining approaches, that have gained a lot of attention recently and appears promising for such a constantly changing environment, which is cyber security. The survey also focuses on the practical usability of the methods and problems related to their evaluation.

Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines

Abstract: Despite extensive research effort, ordinary anomaly detection systems still suffer from serious drawbacks such as high false alarm rates due to the enormous variety of network traffic. Also, increasingly fast network speeds pose performance problems to systems which base upon deep packet inspection. In this paper, we address these problems by proposing a novel inductive network intrusion detection system. The system operates on lightweight network flows and uses One-Class Support Vector Machines for analysis. In contrast to traditional anomaly detection systems, the system is trained with malicious rather than with benign network data. The system is suited for the load of large-scale networks and is less affected by typical problems of ordinary anomaly detection systems. Evaluations brought satisfying results which indicate that the proposed approach is interesting for further research and perfectly complements traditional signature-based intrusion detection systems.

Toward reducing failure risk in an integrated vehicle health maintenance system

Abstract: Highlights? Factor analysis identified four sub-systems: gear, engine, fuel and electrical. ? Fuzzy multi-sensor data fusion Kalman model developed. ? Fault detection and risk reduction in maintenance decision support system. ? Fuzzy Kalman filter approach reduced time and improved control of systems. This paper reports on a new integrated vehicle health maintenance system (IVHMS) based on fault detection and feedback. A fuzzy multi-sensor data fusion Kalman model was used to help reduce IVHMS failure risk. The IVHMS was tested, and sensors with and without faults were identified. The results demonstrate that multi-sensor data fusion based on fault detection and fuzzy Kalman feedback is an effective method of reducing risk in an IVHMS. Use of the fuzzy Kalman filter approach reduced the time needed to perform complex matrix manipulations to control higher order systems in the IVHMS. Moreover, the approach was able to capture the nonlinearity of engine operations under the influence of various anomalies.