Aiming at the problems of low detection accuracy and poor generalization ability of Wreless Sensor Network （WSN） intrusion detection methods on imbalanced datasets with discrete high-dimensional features， an intrusion detection method for WSN based on Bidirectional Circulation Generative Adversarial Network was proposed， namely BiCirGAN. Firstly， Adversarially Learned Anomaly Detection （ALAD） was introduced to improve the understandability of the original features by reasonably representing the high-dimensional， discrete original features through the latent space. Secondly， the bidirectional circulation adversarial structure was adopted to ensure the consistency of bidirectional circulation in real space and latent space， thereby ensuring the stability of Generative Adversarial Network （GAN） training and improving performance of anomaly detection. At the same time， Wasserstein distance and spectral normalization optimization methods were introduced to improve the objective function of GAN to further solve the problems of mode collapse of GAN and lack of diversity of generators. Finally， because the statistical properties of intrusion attack data changed in an unpredictable way over time， a full connection layer network with Dropout operation was established to optimize the anomaly detection results. Experimental results on KDD99， UNSW-NB15 and WSN_DS datasets show that compared to Anomaly detection with GAN （AnoGAN）， Bidirectional GAN （BiGAN）， Multivariate Anomaly Detection with GAN （MAD-GAN） and ALAD methods， BiCirGAN has a 3.9% to 33.0% improvement in detection accuracy， and the average inference speed is 4.67 times faster than that of ALAD method.

The user innovation community does not consider the impact of incentive mechanism of enterprise on the knowledge sharing behavior of lead users. In order to solve the problem, a new knowledge sharing behavior incentive mechanism for lead users based on evolutionary game was proposed. Firstly, the enterprise and lead users were regarded as the main players of the evolutionary game, and the models under the conditions that the enterprise did not adopt incentive measures and the enterprise adopted incentive measures were constructed respectively. Then, to explore the dynamic evolution process and evolutionary stable strategy of the system, the local stability analysis was performed to the two models respectively. Finally, through the computer simulation, the evolution results of knowledge sharing under the two conditions were compared, and the influence factors and the best incentive strategy of the knowledge sharing behavior of lead users were analyzed. Experimental results show that, the enterprise taking incentive measures can effectively promote the knowledge sharing behavior of lead users, and when the incentive distribution coefficient is controlled within a certain range, the system will reach the best stable state; the optimal incentive distribution coefficient is determined by knowledge sharing cost, knowledge search cost and additional cost; the knowledge sharing cost, knowledge search cost and incentive distribution coefficient can significantly influence the level of knowledge sharing behavior of lead users.

The robust optimal control of single Conveyor-Serviced Production Station (CSPS) with uncertain service rate was researched. Under the cases where only the interval of service rate was given and the look-ahead range was controllable, the optimal robust control problem could be described as a mini-max problem by using Semi-Markov Decision Process (SMDP) with uncertain parameters. Global optimization method was adopted to derive the optimal robust control policy when states were dependent. Firstly, the worst performance value was obtained under fixed policy by genetic algorithm. Secondly, according to the obtained worst performance value, the optimal robust control policy was achieved with simulated annealing algorithm. The simulation results show that there is little difference between optimal performance cost of the system whose service rate is fixed as the mean of interval and optimal robust performance cost of the CSPS system with uncertain service rate. Moreover, the difference is getting smaller when the uncertain interval narrows and it means that the global optimization algorithm works effectively.

With the growth of cloud technology, distributed application platform develops towards elasticity resources and dynamic migration environment. The refinement of distributed application access control policies was associated with resources and environment, which also needs to improve performance to adapt to the dynamics. Although present access control space policies conflict analysis methods could be used in the conflict analysis of distributed application access control policies refinement. The granularity of its calculating unit is too fine to make batter performance. In this article, the authors designed a conflict analysis algorithm used in distributed application access control policies refinement, the conflict analysis algorithm was based on recursive calculation the intersection of sets and the calculation unit of the algorithm was permission assignment unit which improved computing granularity. The experimental results and analysis show that the proposed algorithm has better performance, and fits the needs of improving computing performance of cloud platform access control policies refinement.

Based on the tree model of access routers of nested mobile network, a solution to crack the stalemate situation of mobile home Agent was proposed. In comparison with its counterparts, the proposed scheme could decrease network handover delay and save more overhead in traffic from and to mobile network with deeper nesting while guaranteeing the session continuity between the mobile network nodes and any correspondent from the Internet and among nodes from floating nested mobile networks as well.

Increasing diversity and complexity of the computing environments result in various security requirements. MLS security policy only aims at confidentiality assurance, in less consideration of integrity assurance and weakness in channel control. To handle that the trusted subjects have many security shortcomings of MLS model, a multipolicy views security model (MPVSM) was presented. Based on the MLS model, MPVSM combined the domain and type attributes to the model, to enforce the channel control policy, make permission management more finegrained and enhance the ability to confine the permission of the trusted subjects. MPVSM was also able to enforce multipolicy views in operating system in a flexible way. The implementation of the MPVSM model in our prototype trusted operating system Nutos was also introduced.

Too many memory accesses slow down the process of high-speed data streams in NP-based firewalls significantly.Hash table is one of the most important data structures in firewall designing.The average memory access is in direct proportion to the length of chain if we resolve hash collision with separate chaining.To divide one chain into a pair can improve system performance by reducing total number of memory access.A method to handle hash collision with dual chain was introduced,and its affection on performance was analyzed,The design and implementation was given based on network processor IXP2400.

In order to evaluate a systems security and predict the attack actions, an attack model  based on system states aggregation was presented. In the model, the threat was abstracted as the aggregation of the systems states, and the attack process was depicted as the change of the system states aggregation. A method of detecting network attacks and early warning using the model was also described. Based on the model, an early warning prototype was implemented. Our experiment shows that the prototype is able to  detect attack processes effectively and predict the possible risk level the system will reach.

 In traditional monolithic kernel operating systems, all kernel codes run within a common and shared address space, and any vulnerabilities in kernel or any untrusted modules loaded in kernel would compromise the whole system security. The development of a layered and separated secure kernel was described in this paper. Since the powers of kernel are partitioned, the vulnerabilities of kernel are confined, and arbitrarily tampering of kernel by malice codes was prevented. The prototype system is entirely developed from beginning for the i386 architecture.

Network-based intrusion detection system (NIDS) detects attacks by capturing and analyzing network packets. As network band increases, NIDS can hardly keep up with the speed of networks. A method of improving NIDS’ process ability using symmetric multi-processor (SMP) was proposed in the paper. Several CPUs of the system were used to process network packets in parallel to improve the performance. After analyzing NIDS’ process procedure, an effective parallel processing structure was devised, which guaranteed threads on different CPUs running in parallel. Moreover, the synchronization method of threads proposed avoided the mutually exclusive access to the shared resource, which further increased the parallelity of threads, and guaranteed the correctness of the functionality of the program. Experiments show that the NIDS implemented on a SMP system with dual CPUs is almost 80% faster than the one based on a system with unique CPU.

All kinds of system events are stored in logs. After a successful intrusion, the intruder will try to modify the logs to conceal the intrusion. A method for verifying and protecting log integrity was described to make all log entries generated prior to the logging system’s compromise impossible for the attacker to undetectably modify. A set of trusted log entries was provided to other programs when damages are made to log integrity.

VIA(Virtual Interface Architecture) has been developed to standardize user-level network communication protocol. The kernel VIA was implemented and used in network storage. The test on Linux platform shows that the kernel-level VIA can improve all aspects of the I/O path between the storage nodes and the servers compared to the user-level VIA, especially can decrease the latency at least 30% for small-sized requests(<512B).

Rule based intrusion detection system is the mainstream of intrusion detection systems. For every incoming network packet, a scheme of creating a single rule set for pattern match was discussed. This scheme could reduce the work of pattern match, and improve the efficiency of system.