Abstract: A short-term traffic flow prediction method based on a causal gated-low-pass graph convolutional network can include constructing a causal gated-low-pass graph convolutional network, where the causal gated-low-pass graph convolutional network includes a causal gated-low-pass convolutional block. The causal gated-low-pass convolutional block is connected to a fully-connected output layer, the causal gated-low-pass convolutional block includes two causal gated linear units and a low-pass graph convolutional block, and the low-pass graph convolutional block is set between the causal gated linear units. The method can further include obtaining a traffic flow network diagram and a traffic flow value based on traffic flow data, using the traffic flow network diagram as input, and performing short-term traffic flow prediction by using the causal gated-low-pass graph convolutional network. The method can predict short-term traffic flow with high accuracy.

Abstract: A traffic control method, adapted to a server, includes detecting a packet sent by user equipment and transmitted through a base station to obtain packet information of the packet, wherein the packet information comprises an Internet protocol address, determining whether the packet information is abnormal, tagging identification information corresponding to the Internet protocol address when the packet information is abnormal, and blocking a connection between the user equipment and a network based on the identification information.

Abstract: A verification method and a verification system for an information and communication safety protection mechanism are provided. The verification methods includes: selecting a target malicious program, and collecting at least one behavioral trace of the target malicious program; providing a target machine and deploying a protection mechanism to be tested for the target machine; configuring the target machine to reproduce the at least one behavioral trace; and determining whether the protection mechanism to be tested detects an abnormal event, so as to verify an effectiveness of the protection mechanism to be tested.

Abstract: The present invention relates to a synchronous sampling and measuring system and a method thereof for flue gas partition. The system includes a detection device arranged at an SCR outlet for simultaneous detection of flue gas from the pipelines in different areas, wherein the detection device is connected to a speed measurement device for measuring the speed of flue gas, the speed measurement device is connected to a central control unit and one end of a valve group, respectively, the other end of the valve group is connected to an air extracting device and a dilution unit, respectively, the control end of the valve group and the control end of the air extracting device are connected to a central control unit, respectively, the dilution unit is connected to a CEMS analyzer.

Abstract: An embodiment of the present application discloses a global navigation satellite system (GNSS) integrated circuit (IC). The GNSS IC includes a GNSS module, a memory and a processor. The GNSS module is arranged operably to receive a to-be-identified broadcast GNSS signal. The memory is arranged operably to store a plurality of ephemeris aiding data candidates, wherein the ephemeris aiding data candidates are not provided by the GNSS module. The processor is arranged operably to determine whether the to-be-identified broadcast GNSS signal is a spoofing signal based on an ephemeris aiding data reference in the ephemeris aiding data candidates.

Abstract: A network attack pattern determination apparatus, method, and non-transitory computer readable storage medium thereof are provided. The apparatus is stored with several attack patterns and access records. Each access record includes a network address, time stamp, and access content. Each attack pattern corresponds to at least one attack access relation. Each attack access relation is defined by a network address and access content. The apparatus retrieves several attack records according to at least one attack address. The network address of each attack record is one of the attack address(s). The apparatus divides the attack records into several groups according to the time stamps and performs the following operations for each group: (a) creating at least one access relation for each attack address included in the group and (b) determining that the group corresponds to one of the attack patterns according to the at least one access relation of the group.

Abstract: An attacking node detection apparatus, method, and computer program product thereof are provided. The attacking node detection apparatus stores a plurality of access records of an application, wherein each access record includes a network address of a host and an access content. The attacking node detection apparatus filters the access records into a plurality of filtered access records according to a predetermined rule so that the access content of each filtered access record conforms to the predetermined rule. The attacking node detection apparatus creates at least one access relation of each of the network addresses according to the filtered access records, wherein each access relation is defined by one of the network addresses and one of the access contents. The attacking node detection apparatus identifies a specific network address as an attacking node according to the access relations.

Abstract: A network attack pattern determination apparatus, method, and non-transitory computer readable storage medium thereof are provided. The apparatus is stored with several attack patterns and access records. Each access record includes a network address, time stamp, and access content. Each attack pattern corresponds to at least one attack access relation. Each attack access relation is defined by a network address and access content. The apparatus retrieves several attack records according to at least one attack address. The network address of each attack record is one of the attack address(s). The apparatus divides the attack records into several groups according to the time stamps and performs the following operations for each group: (a) creating at least one access relation for each attack address included in the group and (b) determining that the group corresponds to one of the attack patterns according to the at least one access relation of the group.

Abstract: An attacking node detection apparatus, method, and computer program product thereof are provided. The attacking node detection apparatus is stored with a plurality of access records of an application, wherein each access record includes a network address of a host and an access content. The attacking node detection apparatus filters the access records into a plurality of filtered access records according to a predetermined rule so that the access content of each filtered access record conforms to the predetermined rule. The attacking node detection apparatus creates at least one access relation of each of the network addresses according to the filtered access records, wherein each access relation is defined by one of the network addresses and one of the access contents. The attacking node detection apparatus identifies a specific network address as an attacking node according to the access relations.

Abstract: The instant disclosure illustrates a system and method for information security management based on application level log analysis. The system and method for information security management involve analyzing a plurality of application level logs of a user and modeling the continuative behaviors of the user. Furthermore, the system and method for information security management include the selection of models according to different environmental contexts, thereby efficiently determining whether the user has had an abnormal behavior occur.

Abstract: A method, an electronic device, and a user interface for on-demand detecting a malware are provided and adapted for estimating whether an application has vulnerabilities or malicious behaviors. The method includes the following steps. Firstly, evaluating a risk level and a test time of the application which has vulnerabilities or malicious behaviors. Next, detecting the application by selection of user to estimate the risk level of the application which has vulnerabilities or malicious behaviors and then correspondingly generating a detection result. Therefore, the method, the electronic device, and the user interface for on-demand detecting the malware can detect the risk level of the application which has vulnerabilities or malicious behaviors before getting virus pattern of the variant or new malware.

Abstract: A method, an electronic device, and a user interface for on-demand detecting a malware are provided and adapted for estimating whether an application has vulnerabilities or malicious behaviors. The method includes the following steps. Firstly, evaluating a risk level and a test time of the application which has vulnerabilities or malicious behaviors. Next, detecting the application by selection of user to estimate the risk level of the application which has vulnerabilities or malicious behaviors and then correspondingly generating a detection result. Therefore, the method, the electronic device, and the user interface for on-demand detecting the malware can detect the risk level of the application which has vulnerabilities or malicious behaviors before getting virus pattern of the variant or new malware.

Abstract: A method for tracing at least one domain name is disclosed. In the method, several DNS resource records of candidate domain names are queried from at least one DNS name server. The candidate domain names are domain names that need to be traced. Internet Protocol (IP) addresses associated with the candidate domain names are retrieved from the DNS resource records of the candidate domain names. At least one external resource server is connected to retrieve corresponding registration information of the respective IP addresses of the candidate domain names. A tracing weight of each of the candidate domain names is calculated according to the DNS resource records, the IP addresses and the corresponding registration information of the candidate domain names. The candidate domain names are traced according to their respective tracing weights. A system for tracing at least one domain name is also disclosed.

Abstract: A method for generating a cross-site scripting attack is provided. An attack string sample is analyzed for obtaining a token sequence. A string word corresponding to each token is used to replace the token for generating a cross-site scripting attack string. Accordingly, a large number of cross-site scripting attacks are generated automatically, so as to execute a penetration test for a website.

Abstract: A method for generating a cross-site scripting attack is provided. An attack string sample is analyzed for obtaining a token sequence. A string word corresponding to each token is used to replace the token for generating a cross-site scripting attack string. Accordingly, a large number of cross-site scripting attacks are generated automatically, so as to execute a penetration test for a website.

Abstract: A network attack detection device is provided, including a spatial coordinate database for storing spatial coordinate data; a standard time zone database for storing standard time zone data; a domain name system packet collector for collecting a domain name system packet; a spatial snapshot feature extractor for extracting internet protocol address corresponding to the domain name system packet according to the domain name system packet, and generating spatial feature data corresponding to the internet protocol address according to the internet protocol address, the spatial coordinate data and the standard time zone data; and an attack detector for determining whether the domain name system packet is an attack according to the spatial feature data and a spatial snapshot detection model, and when determining that the domain name system packet is an attack, sending a warning to indicate the attack.

Abstract: A botnet detection system is provided. A bursty feature extractor receives an Internet Relay Chat (IRC) packet value from a detection object network, and determines a bursty feature accordingly. A Hybrid Hidden Markov Model (HHMM) parameter estimator determines probability parameters for a Hybrid Hidden Markov Model according to the bursty feature. A traffic profile generator establishes a probability sequential model for the Hybrid Hidden Markov Model according to the probability parameters and pre-defined network traffic categories. A dubious state detector determines a traffic state corresponding to a network relaying the IRC packet in response to reception of a new IRC packet, determines whether the IRC packet flow of the object network is dubious by applying the bursty feature to the probability sequential model for the Hybrid Hidden Markov Model, and generates a warning signal when the IRC packet flow is regarded as having a dubious traffic state.

Abstract: A method for detecting a malicious script is provided. A plurality of distribution eigenvalues are generated according to a plurality of function names of a web script. After the distribution eigenvalues are inputted to a hidden markov model (HMM), probabilities respectively corresponding to a normal state and an abnormal state are calculated. Accordingly, whether the web script is malicious or not can be determined according to the probabilities. Even an attacker attempts to change the event order, insert a new event or replace an event with a new one to avoid detection, the method can still recognize the intent hidden in the web script by using the HMM for event modeling. As such, the method may be applied in detection of obfuscated malicious scripts.

Abstract: A hot video prediction system is provided. A video comments database stores video comments submitted by a plurality of users. A user social network constructor establishes a user social network according to the video comments. When new comments of a new video are received, a hot video predictor uses the user social network to determine a similar theme between the new video and hot videos that have been hot for a period of time, and predicts whether the new video will become popular accordingly. A social network adaptor checks the prediction, and modifies the user social network accordingly.

Abstract: The invention provides a positioning system. In one embodiment, the positioning system comprises a Global Navigation Satellite System (GNSS) module, a dead reckoning module, a Geographic Information System (GIS) module, and an calculating module. The GNSS module generates a first positioning data according to satellite communication. The dead reckoning module estimates a second positioning data according to a sensor's measurement data, the first positioning data, and a feedback positioning data of a previous epoch. The GIS module fits the first positioning data to a map to generate a third positioning data taken as a final output of the positioning system. The calculating module integrates the third positioning data and the second positioning data according to predetermined weights to obtain the feedback positioning data of a current epoch, which is recursively fed back to the dead reckoning module for a next estimation.