In order to solve the problem that network security attacks against the Cyber-Physical System (CPS) will cause a system failure, a CPS risk modeling and analysis method based on dynamic fault tree was proposed. Firstly, the integrated modeling was performed to dynamic fault tree and dynamic attack tree to build the Attack-Dynamic Fault Trees (Attack-DFTs) model. Then, the formal models of static subtree and dynamic subtree in Attack-DFTs were given by binary decision graph and input-out Markov chain respectively. On this basis, the qualitative analysis method of Attack-DFTs was given to analyze the basic event path of the system failure caused by network security attacks. Finally, the effectiveness of the proposed method was verified by the typical case study of a pollution system. The case analysis results show that, the proposed method can analyze the event sequence of system failure caused by network security attack in CPS, and effectively realize the formal safety assessment of CPS.

In order to solve the problem of communication interference in Transform Domain Communication System (TDCS) under complex electromagnetic environment, a TDCS model based on store and forward mechanism was proposed. Based on the analysis of the electromagnetic spectrum environment, the spectrum sensing cases of transmitter and receiver were classified according to their respective perceptions. With the analysis of consistent spectrum conditions, the TDCS model for long distance aviation communication system was established based on store and forward modules in inconsistent spectrum conditions, and the specific communication schemes were designed, which can effectively improve the system performance. The simulation results show that the interference model and spectrum setting are reasonable, the performance of TDCS is close to the ideal bit error rate under the condition of the same spectrum. Under the condition of different frequency spectrum with more concentrated comb spectrum interference, the bit error rate is reduced by about 24.48%; moreover, with the increase of Signal-to-Noise Ratio (SNR), the performance improvement is more obvious, and the performance improvement is about 1dB under the same bit error rate.

In the enterprise network, if the internal attacker obtains the user's identity authentication information, his behavior will be very difficult to distinguish with the normal user. The current research on the abnormal user detection method in enterprise network is relatively simple and the detection rate is low. The user's authentication activity information directly reflects the user's interaction with various resources or personnel in the network. Based on this, a new abnormal user detection method by using user authentication activity information was proposed. The user's authentication activity was used to generate the user authentication graph, and then the attributes in the authentication graph were extracted based on the graph analysis method, such as the size of the largest connected components of the graph and the number of isolated certificates. These attributes reflect the user's authentication behavioral characteristics in the enterprise network. Finally, a supervised Support Vector Machine (SVM) was used to model the extracted graph attributes to indirectly identify and detect abnormal users in the network. After extracting the user graph vector, the training set and the test set, the penalty parameter and the kernel function were analyzed by taking different values. Through the adjustment of these parameters, the recall, accuracy and F1-Score of the propsed method have reached more than 80%. The experimental results show that the proposed method can effectively detect abnormal users in the enterprise network.

A large amount of alarms considerably complicate the root-cause analysis in telecom networks, thus a new alarm filtering algorithm was proposed to minimize the interference on the analysis. Firstly, a quantitative analysis for the alarm data, e.g., the quantity distribution and the average duration, was conducted, and the concepts of alarm impact and high-frequency transient alarm were defined. Subsequently, the importance of each alarm instance was evaluated from four perspectives:the amount of the alarms, the average duration of the alarms, the alarm impact, and the average duration of the alarm instance. Accordingly, an alarm filtering algorithm with O ( n) computation complexity in principle was proposed, where n is the number of alarms under analysis. Single-factor experimental analysis show that the compression ratio of the alarm data has a positive correlation with the alarm amount of a specific alarm element, the average duration of the alarms, the alarm impact, and the duration of the alarm instance; further, the accuracy of the proposed algorithm is improved by 18 percentage points at most compared with Flexible Transient Flapping Determination (FTD) algorithm. The proposed algorithm can be used both for off-line analysis of historical alarm data and for on-line alarm filtering.

In order to improve the filtering effect of noise image, this paper put forward a new filtering algorithm. This algorithm consisted of three stages. Firstly, the similarities of the pixels were used in the image to detect the impulse noise. Then the filter window was divided into eight main directions to determine the directions of the edges, and at last these impulse noises were restored using an edge-preserving method. The simulation results indicate that this algorithm can not only accurately detect the noise points, but aslo protect the noise-free pixels and the boundaries in the noise image when the noise density is small.

Based on the analysis of several typical simulation I/O architectures, a scalable distributed simulation two-tier I/O architecture was presented. It directly supported large number of simple digital displays(e.g 7-segment display) sharing a single data bus to decrease the hardwire complexity from O(n) to O( log n) for each of I/O controllers. This two-tier simulation I/O architecture has been proved to be able to meet the need of hardware-in-the-loop simulation with many good features such as real-time, scalability, fault-tolerance, maintainability and versatility.