Aiming at the integrity threat of Android systems at present brought by kernel-level attacks, a method for dynamic measurement of Android kernel, namely DIMDroid (Dynamic Integrity Measurement of Android), was proposed. The hardware-assisted virtualization technology was used to provide the isolation between the measurement module and the measured Android system. First of all, the static and dynamic measurement objects were obtained by analyzing the kernel elements that affect kernel integrity in the running of the Android system. Secondly, these measurement objects were semantically reconstructed at the measurement layer. Finally, an integrity analysis was performed to determine whether the Android kernel is under attack or not. At the same time, the boot protection based on hardware-based trust chain and the runtime protection based on memory isolation were performed to ensure the security of DIMDroid itself. The experimental results show that DIMDroid can detect the rootkit which breaks Android kernel integrity in time, and the performance loss of the method is within an acceptable range.

Concerning the drawbacks of the Ant Colony Optimization (ACO) algorithm such as low convergence rate and being easy to fall into local optimum solutions, an ACO algorithm based on Improved Pheromones Double Updating and Local Optimization (IPDULACO) was proposed. Double updating was performed on the pheromones of subpaths whose path contribution degrees to the current global optimal solution obtained by colony were bigger than the prescribed path contribution threshold. The selected probability of the subpaths which were used to constitute the potential optimal solution was increased and the convergence rate of the proposed algorithm was accelerated. Then, when the ant colony fell into the local optimal solution in the search process, the random insertion method was utilized to change the city sequences of the current local optimal solution in order to enhance the algorithm's ability of jumping out of local optimal solution. The improved algorithm was applied to several classical Traveling Salesman Problem (TSP) instances in the simulation experiments. The experimental results show that, for small-size TSP instances, the IPDULACO can obtain the known optimal solution in less number of iterations. For relatively large-size TSP instances, the IPDULACO can obtain the optimal solution with higher accuracy in less number of iterations. Therefore, the IPDULACO has the stronger ability of searching for the global optimal solution and faster convergence rate, and it can be used for solving TSP effectively.

To solve the problem that basic discrete Particle Swarm Optimization (PSO) algorithm often leads the computation process into local optimum and premature convergence when applied to Traveling Salesman Problem (TSP), a PSO based on Self-adaptive Excellence Coefficients (SECPSO) algorithm was proposed. To improve the global search ability, heuristic information was further utilized to modify the static excellence coefficients of paths based on previous work, so that these coefficients could be adjusted adaptively and dynamically according to the process of searching for the solutions. Furthermore, a 3-opt search mechanism was added to improve the accuracy of the solution and the convergence rate of the algorithm. Through simulation experiments with Matlab, the performance of the proposed algorithm was evaluated using several classical examples in the international general TSP database (TSPLIB). The experimental results indicate that the proposed SECPSO algorithm performs better in terms of global search ability and convergence rate compared with several other algorithms, and thus is a potential intelligent algorithm for solving TSP.

Aiming at the problem of low-level intelligence and low utilization of audit logs of the security audit system, a secure audit system based on association rule mining was proposed. The proposed system was able to take full advantage of the existing audit logs and establish the behavior pattern database of users and the system with data mining technique. The abnormal situation was discovered in a timely manner and the security of computer system was improved. An improved E-Apriori algorithm was proposed which could narrow the scanning range of the set of transactions, lower the time complexity, and refine the operating efficiency. The experimental results indicate that the lift of recognition capability to identify the type of attack can reach 10% in the secure audit system based on association rule mining, the proposed E-Apriori algorithm clearly outperforms the traditional Apriori algorithm and FP-GROWTH algorithm, and the maximum increase can reach 51% especially in the large sparse datasets.

Concerning the problem that a large number of services' massive behavior data leads to inefficiency in anomaly detection of services and dynamic composition of services leads to uncertainty in service under the distributed environment, a new distributed service anomaly detection model based on danger theory was proposed. Firstly, inspired by the biological processes of artificial immune recognizing abnormalities, this paper used differentiation to describe the variation of massive services' behavior data, and constructed characteristic triad to detect abnormal source. Then, service guided by the idea of cloud model, this paper resolved uncertainty among services by constructing status cloud of the services and computing the degree of membership between services, and calculated the danger zone. Finally, the simulation experiments of student for selecting courses were carried out. According to the simulation results, the model not only detects abnormal services dynamically, but also describes of the dependencies between services accurately, and improves the anomaly detection efficiency. The simulation results verify the validity and effectiveness of the model.

Based on the principle and characteristics of the Differential Power Analysis (DPA) attack, the kernel function was used to estimate the probability distribution density of the leakage of power consumption in the password chip work process. By calculating the mutual information between the attack model and the power leakage, when the guessed key was correct, this paper quantified the risk value of the password chip in the face of DPA attacks. The experiments show that the risk quantification method can be a good estimate of the correlation degree between the attack model and power leakage when the guessed key is correct and then provides important indicators to complete password chip risk evaluation.

To solve the problems that the index value of cryptographic modules is not fixed, the index system is hardly built, and the security assurance ability can not be quantitatively assessed, a security assurance capability assessment for cryptographic module was proposed. The description on indexes by interval number was applied to illustrate the security attribute of cryptographic modules. This paper determined the weight vector of each period point by entropy weight coefficient method combined with expert decision weight method. According to the interval multi-attribute decision methodology, a feasible methodology was adopted to solve the interval Information Assurance (IA) capability evaluation problem of cryptographic modules. Finally, through analyzing two kinds of cryptographic modules, the experimental results show that the proposed method is feasible.

The self-governed identity authentication and user management lead to different identity, redundant information, self-governed system and bad security in heterogeneous information systems. A new method of integration based on uniform data exchange standard and interface standard, especially the system model, data flow and authentication protocol were put forward. Furthermore, a uniform identity authentication system based on Enterprise Service Bus (ESB) was realized. The experimental results show that the system can avoid redundant authentication logic and data, and it also enhances authentication efficiency and makes the best use of the available resources.