1016results about How to "Reduce false negative rate" patented technology

The invention relates to a processing method and the system of anti-harassment of mobile phone calls and messages and private communication, which is as follow: when grouping the contacts in the mobile phone address list according to different classes, a private group of private communicating contacts is added, and different scene modes of the user are set; when receiving a mobile phone call or a message (text message, multimedia message), depending on the grouping sort of the contact of the incoming call or the message or the multimedia message, and the current scene of the user, together with the behavior characteristics of the harassing call and the spam message with the database information of the public harassing message issued by the authoritative institution or obtained from social statistics, the corresponding process to the call, the message and the multimedia message of the mobile phone is executed to reduce harassment; meanwhile the communication records of incoming, dialed calls and message, multimedia message with the contacts in the private grouping are encrypted and preserved to protect the personal privacy of the user. The invention has the advantages of adopting the operating steps of uniform process, and resolving synthetically the harassment of calls, messages and multimedia messages for the mobile phone and the private protection.

The invention discloses a log management and fault diagnosis method and device under multiple hosts. The method comprises fault log collection, fault log analysis and fault log correlation analysis. Fault log collection comprises collecting fault logs of all hardware and software in the cluster and storing the logs in a log server uniformly. Fault log analysis comprises filtering the fault logs, extracting log template information and classifying the logs according to log types. Fault log correlation analysis comprises performing fault reason analysis by using log analysis results and combining time windows, clustering the related faults caused by the same fault into a category and trying to find the root of the type of the faults. The method and the device are capable of analyzing the system operation condition effectively, assisting administrators to process system faults and improving the fault type determination accuracy.

A leakage detection location method based on pressure and sound information integration is provided, which belongs to the technology field of an oil (gas) pipeline fault diagnosis, and is characterized by leakage detection and leakage location based on information integration. The former comprises: separately acquiring the measurement data of the pressure on the upperstream end and downstream end of the pipeline and a sound wave sensor, sending the data to a computer and gaining final detection results through three levels processing including data filtering, characteristic level integration and decision level integration. If the detection result shows leakage, starting leakage location process based on information integration. The process first carries out leakage location by separately adopting the signals of two kinds of sensors and a plurality of different leakage location algorithms and finally gains the location results via integration of the location results based on the same sensor and different location methods and two levels processing based on the integration of the location results of two kinds of different sensors. The method can effectively reduce the false positive rate and false negative rate and improve the location precision.

An SQL injection attack detecting method and system are provided, comprising building phase of SQL injection attack detecting knowledge base and detecting phase for real-time SQL injection attack. The build of SQL injection attack detecting knowledge base comprises collection of SQL injection attack sample for sorts of scenes, classification of SQL injection ways, and build of SQL injection attack detecting grammar rules aiming at sorts of SQL injection ways; the detecting phase for real-time SQL injection attack comprises extraction and decoding of user inputting data in HTTP request message and matching of the SQL injection attack detecting grammar rules and so on. This invention defines the SQL injection attack detecting grammar rules by using SQL grammar instead of defining the SQL injection attack detecting grammar rules based on the traditional attack characteristic. The invention overcomes shortcomings of uneasy extraction and inclined fraud of the attach characteristic sign of the SQL injection attack incident, which significantly reduces rate of wrong report and rate of missing report while invading the detecting system for detecting SQL injection attack.

The invention relates to the technical field of network security, in particular to an enterprise internal user abnormal behavior detection method and device, discloses an enterprise internal user abnormal behavior detection method, and further discloses an enterprise internal user abnormal behavior detection device. The enterprise internal user abnormal behavior detection device comprises a behavior log acquiring and preprocessing module, a behavior detail modeling module, a service state transfer prediction module and a malicious behavior score discrimination module. According to the enterprise internal user abnormal behavior detection method and device, an unsupervised machine learning method is used, a user behavior model is built by fully utilizing unmarked unhistorical behavior log data in an enterprise, the accurate rate of abnormal behavior detection is increased, the false reporting rate and the missing reporting rate are decreased, and an effective means is provided for detecting enterprise internal threats.

The invention proposes an indoor fire and flame detection method based on high-definition video images. Firstly, a background image is established and updated in video monitoring images; sample picture elements are trained by a Fisher classifier so that a color model of flames is acquired; a foreground moving image is acquired through a background differencing method; flame suspected pixels are detected through color features of the fire flames, that is, pixel points (that is, suspected flame pixel points) with the color features of the flames are found in the foreground moving image and all of the suspected flame pixel points form a flame area; pixel connection areas are combined so that an external rectangle of the suspected flame area is acquired; circularity of the connection areas in the external rectangle is calculated according to morphological characteristics of the flames and a suspected flame area is judged according to the circularity, jitter analysis and flame continuity analysis and the like in the external rectangle; and if preset requirements are met, the suspected flame area is a real flame area and an alarm signal is sent out.

The invention provides a WebShell detection method and system. The system comprises a log auditing module, a local detection module, a remote detection module and a result output module. The system executes the following processing flow: A, collecting a server access log, and analyzing a URL (Uniform Resource Locator) with suspicious access behaviors; B, performing local detection and remote detection on the analyzed URL with suspicious access behaviors in combination with a WebShell feature library; C, and performing judgment according to the detection, reporting a WebShell path if WebShell is found, and meanwhile adding the path identified as WebShell into a WebShell path library. Through adoption of the method and the system, the detection rate and detection efficiency of WebShell detection in network Web application are increased, and the missing report rate and false report rate are lowered.

The invention discloses a database SQL infusion protecting method based on self-learning, comprising a learning phase and a filtering phase. The learning phase works in safe environment. At the moment, all SQL sentences are legitimate SQL sentences generated by an application system. A knowledge model (knowledge base) of the legitimate SQL sentences can be constituted by analyzing the sentences as well as analyzing and summarizing the characteristics of the sentences on the basis of sentence analysis results. The filtering phase works in real environment. At the moment, all SQL sentences are assumed to be possibly illegitimate SQL sentences. The sentences undergo pattern matching with the knowledge base established in the safe environment. If the matching is successful, the sentences are legitimate SQL sentences, otherwise, the sentences are illegitimate SQL sentences. The database SQL infusion protecting method has the advantage that an SQL infusion protecting system based on learning the legitimate SQL sentences can greatly reduce the false report rate and missing report rate which are caused by traditional SQL infusion protection, and the defending capability of the whole system can be improved.

An abnormal condition identification method for the tire pressure of a goods wagon belongs to the technical field of secure state detection of an automobile. The abnormal condition identification method comprises the steps as follows: a tire state data base comprising tire models, the relation between load and initial inflation pressure, real-time tire pressure, load, vehicle speed and external environmental temperature is created; frequency is acquired on the basis of set data so as to measure tire state parameters which are then input to the tire state data base in an industrial computer; the prewarning threshold value of the abnormal condition identification of the tire pressure is confirmed on the basis of a test on the relation between the rolling tire pressure and influence factors thereof; in addition, data processing programs of the abnormal condition identification of the tire pressure are written, and the tire pressure states of start-up, parking and driving of the automobile can be monitored and prewarned respectively. The abnormal condition identification method effectively solves the difficult problem that the prewarning threshold value of the rolling tire pressure varies with the changes of working conditions, can greatly reduce the probability of misinformation and omission, improves the prewarning accuracy of the abnormal condition of the tire pressure, and canprovide the theory basis for the setting of prewarning regulations of a tire pressure monitoring prewarning system at the same time.

The invention discloses a pedestrian detection method based on an infrared image. The method comprises the steps that a pedestrian standard data set and a non-pedestrian standard data set of the infrared image are established; sample image characteristics of an HOG are extracted; sample image characteristics of an HOI are extracted; the pedestrian classification features and the characteristics of an HOGI are designed; the sample image HOGI characteristics are extracted, and a pedestrian classifier is trained; the searching detection is carried out on the infrared image based on the multi-scale sliding window method; multi-window classification results can be combined to determine the pedestrian position. The pedestrian detecting characteristics special for the infrared image are provided on the basis of studying the present pedestrian detecting characteristics. The advantages of the HOG characteristics and the advantages of the HOI characteristics are combined, and the HOGI characteristics suitable for infrared image pedestrian detection are obtained through an SVM. According to the pedestrian detection method, pedestrians walking at night are detected, and the pedestrian detection method has the advantages of being high in detection ratio, low in false drop rate, good in environmental adaptability and the like.

The invention discloses a batch process failure monitoring method based on AR-PCA (Autoregressive Principal Component Analysis). Through the batch process failure monitoring method, the batch process with strong dynamics can be monitored online; when monitoring the bath process, a conventional MPCA (Multiway Principal Component Analysis) does not take corresponding self-correlation and mutual correlation of variables due to the existence of various random noises and interferences into account, so that a large quantity of false alarm is generated in the online monitoring process. The batch process failure monitoring method comprises the following steps: firstly, building a multi-variable autoregressive (AR) model according to measurement variables, recognizing a model coefficient matrix by using a PLS (Partial Least Squares) method and recognizing a model order by using an AIC (Akaike Information Criterion); and then building a PCA model for a residual error of the AR model. Meanwhile, training data is introduced when a new bath of data is monitored online through the algorithm, so that the monitoring effect of the algorithm is improved. Through the batch process failure monitoring method, the defect of a large quantity of false alarm of the conventional MPCA method during the process of monitoring the batch process with strong dynamics can be made up; and the batch process failure monitoring method is of great significance to monitoring of an actual bath production process.

The invention discloses a system exception monitoring method and apparatus. The method comprises the steps of firstly, determining an eigenvalue of each dimension generated by a target system; then according to a pre-trained exception judgment model, determining a probability of generating an exception in the target system; and when the probability is in a small probability interval corresponding to the exception judgment model, determining that the exception is generated in the target system. Through the method provided by the invention, the running condition of the target system is determined according to the trained exception judgment model, and corresponding processing can be performed according to the actual running condition of the target system; and compared with the prior art, the false reporting and missing reporting probabilities of target system exception are reduced and the monitoring accuracy and efficiency are improved.

The invention discloses a detection method of an abnormal event of multi-variable water quality parameter time sequence data. The detection method comprises the following steps: firstly, inputting a plurality of water quality parameter models; training and constructing a data driven predication model (BP model); analyzing multi-variable water quality time sequence data in a water supply pipe net and estimating the model; secondly, predicating through the BP model to obtain a predicated value of water quality data; comparing an actually measured value of a current state and the predicated value obtained by the predication model and carrying out error estimation and classification analysis, so as to determine a single-variable parameter abnormal event; classifying based on an error counting result, and updating and determining the event probability of single-variable water quality parameters through sequential Bayesian updating; carrying out multi-variable fusion decision-making and fusing information from a plurality of water quality monitoring indexes; providing a unified decision-making result and determining whether the water supply pipe net has the abnormal event on a specific node or not.

The invention discloses a continuous casting breakout prediction method based on a neural network, which comprises the following steps that: step 1: the temperature data of a thermocouple on a continuous casting site is collected on line and saved; step 2: the temperature data is pre-processed; step 3: the temperature data which is collected from any one thermocouple and is pre-processed is input a single-couple time sequence network breakout prediction model, the output value of the single-couple time sequence network breakout prediction model is compared with the maximum determination threshold, and if the output value of the model is more than the maximum determination threshold, the breakout is predicted; and the method is characterized in that genetic algorithm is used for initializing the connection weights and thresholds of the single-couple time sequence network breakout prediction model. The method can improve the identification effect and the prediction precision of a continuous casting bonding breakout process so as to greatly reduce the false prediction rate and missing prediction rate.

The invention discloses a lightning early warning system based on lightning monitoring devices arranged in a distributed mode. The lightning early warning system comprises a background server or a cloud server, the lightening monitoring devices and a communication module, wherein the lightning monitoring devices are arranged in a region in the distributed mode, and each lightning monitoring device transmits lightning monitoring data to the background server or the cloud server through the communication module. The background server or the cloud server stores and analyzes the lightning monitoring data and generates lightning early warning information. The invention further discloses a lightning early warning method based on the lightning monitoring devices arranged in the distributed mode. By means of the lightning early warning method and system, accurate forecasting can be achieved for the local thunder cloud expected direction and the possible thunderstorm occurrence time, the rate of false forecast and the rate of missing forecast are effectively decreased, the background server or the cloud server of the early warning system can be further checked and modified, and furthermore, the lightning early warning and forecasting accuracy is unceasingly perfected and improved.

The invention relates to a pedestrian detecting method based on improved HOG feature and PCA (Principal Component Analysis). The method comprises the following steps: extracting a sample feature by using a feature extracting algorithm for HOG feature cascaded PCA in a concentrated area of gradient information of a pedestrian in a sample image; training a SVM classifier by utilizing the feature extracted from the sample; and utilizing a feature extracting method to extract a feature vector for a detected sample and utilizing the trained and obtained SVM classifier to detect the pedestrian. The invention provides a pedestrian detecting method based on improved HOG feature and PCA, with the capabilities of efficiently reducing the training speed and reducing the false detecting rate and missing report rate.

The present invention discloses an ultraweak fiber bragg grating array and Phi-OTDR combined optical fiber vibration sensing system. According to the system, the ultraweak fiber bragg grating arrays are accessed in a sensing optical fiber with the same spacing, and the spacing selection must be same with the spatial resolution of a Phi-OTDR optical fiber sensing system or must be integer multiples of the spatial resolution. By utilizing the reflection characteristics of the ultraweak fiber bragg gratings, the optical power of the detected backward rayleigh scattered light is improved, thereby improving the signal to noise ratio and the sensitivity of the Phi-OTDR optical fiber vibration sensing system.

The invention relates to a machine-learning-based flow identification technology. An identified object is an encrypted malicious flow. The provided machine-learning-based flow identification technology is not only mainly applied to the flow identification filed but also applied to the field of network attack detection in an assisted manner. The machine-learning-based flow identification technologyis characterized by establishing malicious encrypted flow identification model by using a machine learning algorithm and identifying a new flow by the model. The working flow of the novel technologyis as follows: lots of known attribute flow data are read; statistical characteristics of the flow are extracted and the extracted characteristics are used as attributes; a model is established by using a random forest algorithm; and then a newly inputted flow is identified by using the model. The identification process of the newly inputted flow is as follows: extracting statistical characteristics of the flow, inputting the statistical characteristics into the model for identification, and acquiring an identification result. According to the invention, the technology is oriented at the encrypted and coded flows and data participating in modeling are formed by normal encrypted flow and the malicious encrypted flow. At present, the existing non-encrypted flow identification technology is mature but the encrypted or coded flow identification can not be carried out easily; however, the invention provides a novel solution method for identification of the encrypted flow.