A Web Shell Detection Method Based on Multiview Feature Fusion

Web shell is a malicious script file that can harm web servers. Web shell is often used by intruders to perform a series of malicious operations on website servers, such as privilege escalation and sensitive information leakage. Existing web shell detection methods have some shortcomings, such as viewing a single network traffic behavior, using simple signature comparisons, and adopting easily bypassed regex matches. In view of the above deficiencies, a web shell detection method based on multiview feature fusion is proposed based on the PHP language web shell. Firstly, lexical features, syntactic features, and abstract features that can effectively represent the internal meaning of web shells from multiple levels are integrated and extracted. Secondly, the Fisher score is utilized to rank and filter the most representative features, according to the importance of each feature. Finally, an optimized support vector machine (SVM) is used to establish a model that can effectively distinguish between web shell and normal script. In large-scale experiments, the final classification accuracy of the model on 1056 web shells and 1056 benign web scripts reached 92.18%. The results also surpassed well-known web shell detection tools such as VirusTotal, ClamAV, LOKI, and CloudWalker, as well as the state-of-the-art web shell detectionmethods.

Download Full-text

UAV-BASED STRUCTURAL DAMAGE MAPPING – RESULTS FROM 6 YEARS OF RESEARCH IN TWO EUROPEAN PROJECTS

ISPRS - International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences ◽

10.5194/isprs-archives-xlii-3-w8-187-2019 ◽

2019 ◽

Vol XLII-3/W8 ◽

pp. 187-194 ◽

Cited By ~ 3

Author(s):

N. Kerle ◽

F. Nex ◽

D. Duarte ◽

A. Vetrivel

Keyword(s):

Damage Detection ◽

Structural Damage ◽

Point Cloud ◽

Feature Fusion ◽

Texture Features ◽

Mobile App ◽

Detection Methods ◽

Support Vector ◽

3D Point Cloud ◽

Damage Mapping

<p><strong>Abstract.</strong> Structural disaster damage detection and characterisation is one of the oldest remote sensing challenges, and the utility of virtually every type of active and passive sensor deployed on various air- and spaceborne platforms has been assessed. The proliferation and growing sophistication of UAV in recent years has opened up many new opportunities for damage mapping, due to the high spatial resolution, the resulting stereo images and derivatives, and the flexibility of the platform. We have addressed the problem in the context of two European research projects, RECONASS and INACHUS. In this paper we synthesize and evaluate the progress of 6 years of research focused on advanced image analysis that was driven by progress in computer vision, photogrammetry and machine learning, but also by constraints imposed by the needs of first responder and other civil protection end users. The projects focused on damage to individual buildings caused by seismic activity but also explosions, and our work centred on the processing of 3D point cloud information acquired from stereo imagery. Initially focusing on the development of both supervised and unsupervised damage detection methods built on advanced texture features and basic classifiers such as Support Vector Machine and Random Forest, the work moved on to the use of deep learning. In particular the coupling of image-derived features and 3D point cloud information in a Convolutional Neural Network (CNN) proved successful in detecting also subtle damage features. In addition to the detection of standard rubble and debris, CNN-based methods were developed to detect typical façade damage indicators, such as cracks and spalling, including with a focus on multi-temporal and multi-scale feature fusion. We further developed a processing pipeline and mobile app to facilitate near-real time damage mapping. The solutions were tested in a number of pilot experiments and evaluated by a variety of stakeholders.</p>

Download Full-text

Erratum to: Real-time, large-scale duplicate image detection method based on multi-feature fusion

Journal of Real-Time Image Processing ◽

10.1007/s11554-017-0673-8 ◽

2017 ◽

Vol 16 (5) ◽

pp. 1881-1881

Author(s):

Ming Chen ◽

Yuhua Li ◽

Zhifeng Zhang ◽

Ching-Hsien Hsu ◽

Shangguang Wang

Keyword(s):

Real Time ◽

Large Scale ◽

Detection Method ◽

Feature Fusion ◽

Image Detection ◽

Duplicate Image Detection

Download Full-text

Real-time, large-scale duplicate image detection method based on multi-feature fusion

Journal of Real-Time Image Processing ◽

10.1007/s11554-016-0632-9 ◽

2016 ◽

Vol 13 (3) ◽

pp. 557-570 ◽

Cited By ~ 6

Author(s):

Ming Chen ◽

Yuhua Li ◽

Zhifeng Zhang ◽

Ching-Hsien Hsu ◽

Shangguang Wang

Keyword(s):

Real Time ◽

Large Scale ◽

Detection Method ◽

Feature Fusion ◽

Image Detection ◽

Duplicate Image Detection

Download Full-text

FeatureTransfer: Unsupervised Domain Adaptation for Cross-Domain Deepfake Detection

Security and Communication Networks ◽

10.1155/2021/9942754 ◽

2021 ◽

Vol 2021 ◽

pp. 1-8

Author(s):

Baoying Chen ◽

Shunquan Tan

Keyword(s):

Large Scale ◽

Detection Method ◽

Domain Adaptation ◽

Third Party ◽

Detection Methods ◽

Target Domain ◽

Feature Vectors ◽

Unsupervised Domain Adaptation ◽

Cross Domain ◽

Overfitting Problem

Recently, various Deepfake detection methods have been proposed, and most of them are based on convolutional neural networks (CNNs). These detection methods suffer from overfitting on the source dataset and do not perform well on cross-domain datasets which have different distributions from the source dataset. To address these limitations, a new method named FeatureTransfer is proposed in this paper, which is a two-stage Deepfake detection method combining with transfer learning. Firstly, The CNN model pretrained on a third-party large-scale Deepfake dataset can be used to extract the more transferable feature vectors of Deepfake videos in the source and target domains. Secondly, these feature vectors are fed into the domain-adversarial neural network based on backpropagation (BP-DANN) for unsupervised domain adaptive training, where the videos in the source domain have real or fake labels, while the videos in the target domain are unlabelled. The experimental results indicate that the proposed method FeatureTransfer can effectively solve the overfitting problem in Deepfake detection and greatly improve the performance of cross-dataset evaluation.

Download Full-text

Arching Detection Method of Slab Track in High-Speed Railway Based on Track Geometry Data

Applied Sciences ◽

10.3390/app10196799 ◽

2020 ◽

Vol 10 (19) ◽

pp. 6799

Author(s):

Zhuoran Ma ◽

Liang Gao ◽

Yanglong Zhong ◽

Shuai Ma ◽

Bolun An

Keyword(s):

High Speed ◽

Large Scale ◽

Detection Method ◽

Low Cost ◽

Detection Methods ◽

Data Conversion ◽

Track Geometry ◽

Slab Track ◽

Detection Model ◽

Characteristics Analysis

During the long-term service of slab track, various external factors (such as complicated temperature) can result in a series of slab damages. Among them, slab arching changes the structural mechanical properties, deteriorates the track geometry conditions, and even threatens the operation of trains. Therefore, it is necessary to detect slab arching accurately to achieve effective maintenance. However, the current damage detection methods cannot satisfy high accuracy and low cost simultaneously, making it difficult to achieve large-scale and efficient arching detection. To this end, this paper proposed a vision-based arching detection method using track geometry data. The main works include: (1) data nonlinear deviation correction and arching characteristics analysis; (2) data conversion and augmentation; (3) design and experiments of convolutional neural network- based detection model. The results show that the proposed method can detect arching damages effectively, and the F1-score reaches 98.4%. By balancing the sample size of each pattern, the performance can be further improved. Moreover, the method outperforms the plain deep learning network. In practice, the proposed method can be employed to detect slab arching and help to make maintenance plans. The method can also be applied to the data-based detection of other structural damages and has broad prospects.

Download Full-text

A P2P Traffic Detection Method Based on Support Vector Machine

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.198-199.1280 ◽

2012 ◽

Vol 198-199 ◽

pp. 1280-1285 ◽

Cited By ~ 1

Author(s):

Shang Fu Gong ◽

Juan Chen

Keyword(s):

Support Vector Machine ◽

Detection Method ◽

Detection Methods ◽

Support Vector ◽

Svm Classifier ◽

Data Sets ◽

Security Risks ◽

Trip Time ◽

And Control ◽

Traffic Detection

The widely use of P2P (Peer-to-Peer) technology has caused resources take up too much, security risks and other problems, it is necessary to detect and control P2P traffic. After analyzing current P2P detection methods, a new method called TCBDM (Traffic Characters Based Detection Method) is put forward which combines P2P traffic character with support vector machine to detect P2P traffic. By choosing P2P traffic characters which differ from other network traffic, such as Round-Trip Time (RTT), the method creates a SVM classifier, uses a package named LIBSVM to classify P2P traffic in Moore_Set data sets. The result shows that TCBDM can detect P2P traffic effectively; the accuracy could reach 98%.

Download Full-text

BSFCoS: Block and Sparse Principal Component Analysis-Based Fast Co-Saliency Detection Method

International Journal of Pattern Recognition and Artificial Intelligence ◽

10.1142/s021800141655003x ◽

2015 ◽

Vol 30 (01) ◽

pp. 1655003 ◽

Cited By ~ 2

Author(s):

Ning-Min Shen ◽

Jing Li ◽

Pei-Yun Zhou ◽

Ying Huo ◽

Yi Zhuang

Keyword(s):

Detection Method ◽

Feature Fusion ◽

Rapid Development ◽

Saliency Detection ◽

Principal Component ◽

Saliency Map ◽

Detection Methods ◽

Image Block ◽

Feature Extraction Method ◽

Sparse Features

Co-saliency detection, an emerging research area in saliency detection, aims to extract the common saliency from the multi images. The extracted co-saliency map has been utilized in various applications, such as in co-segmentation, co-recognition and so on. With the rapid development of image acquisition technology, the original digital images are becoming more and more clearly. The existing co-saliency detection methods processing these images need enormous computer memory along with high computational complexity. These limitations made it hard to satisfy the demand of real-time user interaction. This paper proposes a fast co-saliency detection method based on the image block partition and sparse feature extraction method (BSFCoS). Firstly, the images are divided into several uniform blocks, and the low-level features are extracted from Lab and RGB color spaces. In order to maintain the characteristics of the original images and reduce the number of feature points as well as possible, Truncated Power for sparse principal components method are employed to extract sparse features. Furthermore, K-Means method is adopted to cluster the extracted sparse features, and calculate the three salient feature weights. Finally, the co-saliency map was acquired from the feature fusion of the saliency map for single image and multi images. The proposed method has been tested and simulated on two benchmark datasets: Co-saliency Pairs and CMU Cornell iCoseg datasets. Compared with the existing co-saliency methods, BSFCoS has a significant running time improvement in multi images processing while ensuring detection results. Lastly, the co-segmentation method based on BSFCoS is also given and has a better co-segmentation performance.

Download Full-text

A Lightweight YOLOv4-Based Forestry Pest Detection Method Using Coordinate Attention and Feature Fusion

Entropy ◽

10.3390/e23121587 ◽

2021 ◽

Vol 23 (12) ◽

pp. 1587

Author(s):

Mingfeng Zha ◽

Wenbin Qian ◽

Wenlong Yi ◽

Jing Hua

Keyword(s):

Detection Method ◽

Feature Fusion ◽

State Of The Art ◽

Detection Methods ◽

Model Parameters ◽

Symmetric Structure ◽

Proposed Model ◽

Pest Detection ◽

Feature Information ◽

Small Targets

Traditional pest detection methods are challenging to use in complex forestry environments due to their low accuracy and speed. To address this issue, this paper proposes the YOLOv4_MF model. The YOLOv4_MF model utilizes MobileNetv2 as the feature extraction block and replaces the traditional convolution with depth-wise separated convolution to reduce the model parameters. In addition, the coordinate attention mechanism was embedded in MobileNetv2 to enhance feature information. A symmetric structure consisting of a three-layer spatial pyramid pool is presented, and an improved feature fusion structure was designed to fuse the target information. For the loss function, focal loss was used instead of cross-entropy loss to enhance the network’s learning of small targets. The experimental results showed that the YOLOv4_MF model has 4.24% higher mAP, 4.37% higher precision, and 6.68% higher recall than the YOLOv4 model. The size of the proposed model was reduced to 1/6 of that of YOLOv4. Moreover, the proposed algorithm achieved 38.62% mAP with respect to some state-of-the-art algorithms on the COCO dataset.

Download Full-text

Convolutional Neural Networks for Crystal Material Property Prediction Using Hybrid Orbital-Field Matrix and Magpie Descriptors

Crystals ◽

10.3390/cryst9040191 ◽

2019 ◽

Vol 9 (4) ◽

pp. 191 ◽

Cited By ~ 9

Author(s):

Zhuo Cao ◽

Yabo Dan ◽

Zheng Xiong ◽

Chengcheng Niu ◽

Xiang Li ◽

...

Keyword(s):

Neural Networks ◽

Convolutional Neural Networks ◽

Large Scale ◽

Feature Fusion ◽

Computational Prediction ◽

Support Vector ◽

Two Dimensional ◽

Material Informatics ◽

Crystal Material ◽

Vector Machines

Computational prediction of crystal materials properties can help to do large-scale insiliconscreening. Recent studies of material informatics have focused on expert design of multidimensionalinterpretable material descriptors/features. However, successes of deep learning suchas Convolutional Neural Networks (CNN) in image recognition and speech recognition havedemonstrated their automated feature extraction capability to effectively capture the characteristicsof the data and achieve superior prediction performance. Here, we propose CNN-OFM-Magpie, aCNN model with OFM (Orbital-field Matrix) and Magpie descriptors to predict the formationenergy of 4030 crystal material by exploiting the complementarity of two-dimensional OFM featuresand Magpie features. Experiments showed that our method achieves better performance thanconventional regression algorithms such as support vector machines and Random Forest. It is alsobetter than CNN models using only the OFM features, the Magpie features, or the basic one-hotencodings. This demonstrates the advantages of CNN and feature fusion for materials propertyprediction. Finally, we visualized the two-dimensional OFM descriptors and analyzed the featuresextracted by the CNN to obtain greater understanding of the CNN-OFM model.

Download Full-text

A Fast Intrusion Detection Method for High-Speed Railway Clearance Based on Low-Cost Embedded GPUs

Sensors ◽

10.3390/s21217279 ◽

2021 ◽

Vol 21 (21) ◽

pp. 7279

Author(s):

Yao Wang ◽

Peizhi Yu

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

High Speed ◽

Large Scale ◽

Feature Fusion ◽

Low Cost ◽

Obstacle Detection ◽

Detection Methods ◽

Detection Accuracy ◽

Real Time Processing

The efficiency and the effectiveness of railway intrusion detection are crucial to the safety of railway transportation. Most current methods of railway intrusion detection or obstacle detection are inappropriate for large-scale applications due to their high cost or limited coverage. In this study, we present a fast and low-cost solution to intrusion detection of high-speed railways. As the solution to heavy computational burdens in the current convolutional-neural-network-based detection methods, the proposed method is mainly a novel neural network based on the SSD framework, which includes a feature extractor using an improved MobileNet and a lightweight and efficient feature fusion module. In addition, aiming to improve the detection accuracy of small objects, the feature map weights are introduced through convolution operation to fuse features at different scales. TensorRT is employed to optimize and deploy the proposed network in the low-cost embedded GPU platform, NVIDIA Jetson TX2, to enhance the efficiency. The experimental results show that the proposed methods achieved 89% mAP on the railway intrusion detection dataset, and the average processing time for a single frame was 38.6 ms on the Jetson TX2 module, which satisfies the need of real-time processing.

Download Full-text