In anomaly detection, a challenge is how to model a user's dynamic behavior. Many previous works represent the user behavior based on fixed-length models. To overcome their shortcoming, we propose a novel method based on discrete-time Markov chains (DTMC) with states of variable-length sequences. The method firstly generates multiple shell command streams of different lengths and combines them into the library of general sequences. Then the states are defined according to variable-length behavioral patterns of a valid user, which improves the precision and adaptability of user profiling. Subsequently the transition probability matrix is created. In order to reduce computational complexity, the classification values are determined only by the transition probabilities, then smoothed with sliding windows, and finally used to discriminate between normal and abnormal behavior. Two empirical evaluations on datasets from Purdue University and AT&T Shannon Lab show that the proposed method can achieve higher detection accuracy and require less memory than the other traditional methods.
Compressed Sensing (CS) is an emerging technology in the field of signal processing, which can recover a sparse signal by taking very few samples and solving a linear programming problem. In this paper, we study the application of Low-Density Parity-Check (LDPC) Codes in CS. Firstly, we find a sufficient condition for a binary matrix to satisfy the Restricted Isometric Property (RIP). Then, by employing the LDPC codes based on Berlekamp-Justesen (B-J) codes, we construct two classes of binary structured matrices and show that these matrices satisfy RIP. Thus, the proposed matrices could be used as sensing matrices for CS. Finally, simulation results show that the performance of the proposed matrices can be comparable with the widely used random sensing matrices.
Erasure code is widely used as the redundancy scheme in distributed storage system. When a storage node fails, the repair process often requires to transfer a large amount of data. Regenerating code and hierarchical code are two classes of codes proposed to reduce the repair bandwidth cost. Regenerating codes reduce the amount of data transferred by each helping node, while hierarchical codes reduce the number of nodes participating in the repair process. In this paper, we propose a "sub-code nesting framework" to combine them together. The resulting regenerating hierarchical code has low repair degree as hierarchical code and lower repair cost than hierarchical code. Our code can achieve exact regeneration of the failed node, and has the additional property of low updating complexity.
