PDF Advances in Computer Science For Engineering and Education Ii Zhengbing Hu Ebook Full Chapter
PDF Advances in Computer Science For Engineering and Education Ii Zhengbing Hu Ebook Full Chapter
PDF Advances in Computer Science For Engineering and Education Ii Zhengbing Hu Ebook Full Chapter
https://textbookfull.com/product/advances-in-computer-science-
for-engineering-and-education-iii-zhengbing-hu/
https://textbookfull.com/product/advances-in-artificial-systems-
for-medicine-and-education-ii-zhengbing-hu/
https://textbookfull.com/product/advances-in-electric-and-
electronics-lecture-notes-in-electrical-engineering-155-2012th-
edition-hu-wensong-editor/
Academic English for Computer Science An English for
Specific and Academic Purposes Course for International
students of Computer Science Computer Engineering
Information and Communication Systems Rizopoulou
https://textbookfull.com/product/academic-english-for-computer-
science-an-english-for-specific-and-academic-purposes-course-for-
international-students-of-computer-science-computer-engineering-
information-and-communication-systems-riz/
https://textbookfull.com/product/advances-in-manufacturing-ii-
volume-4-mechanical-engineering-bartosz-gapinski/
https://textbookfull.com/product/computer-science-and-
engineering-theory-and-applications-coll/
Zhengbing Hu
Sergey Petoukhov
Ivan Dychka
Matthew He Editors
Advances in
Computer
Science for
Engineering and
Education II
Advances in Intelligent Systems and Computing
Volume 938
Series Editor
Janusz Kacprzyk, Systems Research Institute, Polish Academy of Sciences,
Warsaw, Poland
Advisory Editors
Nikhil R. Pal, Indian Statistical Institute, Kolkata, India
Rafael Bello Perez, Faculty of Mathematics, Physics and Computing,
Universidad Central de Las Villas, Santa Clara, Cuba
Emilio S. Corchado, University of Salamanca, Salamanca, Spain
Hani Hagras, Electronic Engineering, University of Essex, Colchester, UK
László T. Kóczy, Department of Automation, Széchenyi István University,
Gyor, Hungary
Vladik Kreinovich, Department of Computer Science, University of Texas
at El Paso, El Paso, TX, USA
Chin-Teng Lin, Department of Electrical Engineering, National Chiao
Tung University, Hsinchu, Taiwan
Jie Lu, Faculty of Engineering and Information Technology,
University of Technology Sydney, Sydney, NSW, Australia
Patricia Melin, Graduate Program of Computer Science, Tijuana Institute
of Technology, Tijuana, Mexico
Nadia Nedjah, Department of Electronics Engineering, University of Rio de Janeiro,
Rio de Janeiro, Brazil
Ngoc Thanh Nguyen, Faculty of Computer Science and Management,
Wrocław University of Technology, Wrocław, Poland
Jun Wang, Department of Mechanical and Automation Engineering,
The Chinese University of Hong Kong, Shatin, Hong Kong
The series “Advances in Intelligent Systems and Computing” contains publications
on theory, applications, and design methods of Intelligent Systems and Intelligent
Computing. Virtually all disciplines such as engineering, natural sciences, computer
and information science, ICT, economics, business, e-commerce, environment,
healthcare, life science are covered. The list of topics spans all the areas of modern
intelligent systems and computing such as: computational intelligence, soft comput-
ing including neural networks, fuzzy systems, evolutionary computing and the fusion
of these paradigms, social intelligence, ambient intelligence, computational neuro-
science, artificial life, virtual worlds and society, cognitive science and systems,
Perception and Vision, DNA and immune based systems, self-organizing and
adaptive systems, e-Learning and teaching, human-centered and human-centric
computing, recommender systems, intelligent control, robotics and mechatronics
including human-machine teaming, knowledge-based paradigms, learning para-
digms, machine ethics, intelligent data analysis, knowledge management, intelligent
agents, intelligent decision making and support, intelligent network security, trust
management, interactive entertainment, Web intelligence and multimedia.
The publications within “Advances in Intelligent Systems and Computing” are
primarily proceedings of important conferences, symposia and congresses. They
cover significant recent developments in the field, both of a foundational and
applicable character. An important characteristic feature of the series is the short
publication time and world-wide distribution. This permits a rapid and broad
dissemination of research results.
Editors
Advances in Computer
Science for Engineering
and Education II
123
Editors
Zhengbing Hu Sergey Petoukhov
School of Educational Information Mechanical Engineering Research Institute
Technology of the Russian Academy of Sciences
Central China Normal University Moscow, Russia
Wuhan, Hubei, China
Matthew He
Ivan Dychka Halmos College of Natural Sciences
“Igor Sikorsky Kiev Polytechnic Institute” and Oceanography
National Technical University of Ukraine Nova Southeastern University
Kiev, Ukraine Ft. Lauderdale, FL, USA
This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Preface
v
vi Preface
Honorary Chairs
Chairs
General Co-chairs
vii
viii Organization
Steering Chairs
Publication Chairs
xi
xii Contents
1 Introduction
According to many reputable studies, malware has been among the most dangerous
threats in both general and special-purpose modern computer systems for quite a long
time [1, 5, 10, 11]. This is suggested by well-known cases of successful cyber-attacks
implemented using various malicious programs [12, 15]. A number of experts are
occupied with the development of appropriate security tools, but the problem is still far
from being resolved. The main difficulties arise when detecting the malware as it
penetrates the computer system. For this purpose, modern protection systems use
solutions related to the artificial neural networks (ANN) theory on a large scale. The
future prospects of this trend are confirmed by separate successful applications of ANN
in computer virus detection means (open source code ClamAV antivirus, Deep Instinct
startup) and a large number of relevant theoretical and practical works, which are
summarized in [7, 9, 16]. At the same time, insufficient detection accuracy and poor
adaptability to operating conditions, as well as the closed nature of the solutions used
limits their scope considerably, while the constant progress of the neural networks
theory indicates that significant improvement of proven neural network tools (NNT) for
malware detection is possible. This explains the relevance of research for improvement
of the existing NNT, which, through the use of modern theoretical solutions, would
allow for effective malware detection.
The main objective of the ANN use in malware protection means is malware detection
based on the generalization of controlled parameters as shown in case studies [13, 14,
16]. At the same time, the neural network malware detection process typically involves
the evaluation of a set of controlled parameter values by the neural network. If an ANN
estimation is within a certain range, then malware is considered to be detected, and in
case it is out of the range, it is assumed that there is no malware in the computer system.
According to the information protection NNT development methodology described in
[9], the main trends for increasing the efficiency of such tools are associated with the
adaptation of the neural network model (NNM) type and parameters to the expected
conditions of use, which are primarily determined by the used set of input parameters.
For example, in [2, 3] the methods for determining the program code fragments to
list and assess the ANN input parameter values used in the malware detection systems
and in anti-virus protection systems are described. Also, an approach for NNM
application based on Kohonen self-organizing topographic map is described. The
choice of the NNM type is stated to be due to the implementation of comparative
numerical experiments. The training time has been used as a comparison standard. In
[9], the description and results of experiments in which ANN was used for malware
detection on the basis of a two-layer perceptron are provided. At the same time, neither
NNM parameters nor the training procedure have been optimized.
In [5], an approach has been suggested for the determination of NNM input
parameters intended for malware detection based on the obfuscated code analysis. The
approach assumes the use of theoretical solutions for deobfuscation in order to optimize
the code. A procedure for software code deobfuscation using a value/state dependency
graph has also been developed. It has been established that the developed procedure
represents the functional semantics of the tested programs in the form of a graph. As a
result, neural network malware detection on the basis of its implementation semantics
has become possible.
[2, 3, 7, 13] offer a computer virus detection system based on the neural network
analysis of normalized signatures.
The detection accuracy is declared to be within 80–91%. The possibility of poly-
morphic viruses detection is indicated. The main difference between the results in
Malware Detection Using Artificial Neural Networks 5
[2, 3, 7, 13] is the use of different approaches for the preliminary processing of ANN
input parameters. It should be noted that in [2, 3, 7, 13], no mechanisms for optimizing
the two-layer perceptron structure or forming the training sample are given. Also, there
are certain doubts as to the expediency of using NNM based on obsolete ANN,
including the two-layer perceptron and Kohonen topographic map. It should be noted
that modern NNTs are based on NNM of a deep neural network (DNN) type [4, 6–9].
For example, in [8] DNN with autoencoder pre-education has been used. The
network consists of 8 layers with 30 neurons each. To obtain a set of DNN input data, a
specially designed method for automatic generation of malware signatures has been
used. The results of numerical experiments with the detection accuracy reaching 98%
are given. However, [8] states that DNN is taught based on unlabelled data only with
the help of the autoencoder mechanism. This somewhat reduces the reliability of the
results, since it is considered that in order to ensure high detection accuracy, it is also
necessary to predict DNN training using the algorithm for reverse error distribution
based on labelled training data.
In order to extend the results of the analysis, academic and research papers devoted
to the NNT assessment of information systems security parameters have also been
considered. For instance, in [4] a basic set of criteria for the effectiveness of the NNM
type used to evaluate security parameters has been formed. The ways to expand this set
have been specified. In addition, the procedure for NNT development to estimate the
security parameters of information system resources, which can be used in the con-
struction of malware detection systems, has been developed in the paper. Also, a
method to assess the NNT detection effectiveness for Internet-oriented cyber-attacks,
which can also include Internet-oriented malware, has been developed.
In [4], NNM to recognize network cyber-attacks on information resources has been
developed. The expediency of DNN application is shown. This is due to the fact that
this type of the neural network model is characterized by high learning ability, high
computing capabilities and high adaptability to the application environment. The
results of experiments based on network cyber-attack detection are shown, with sig-
natures listed in the NSL-KDD database.
Also, in related works [1–12, 15, 16], the method for adapting DNN parameters to
the conditions of computer virus recognition was not found.
The analysis suggests that the use of DNN-based neural network detection devices
is a promising area for improving the effectiveness of malware protection systems. At
the same time, the set of input DNN parameters depends on the features of the detection
system. For a behaviour analyser, the list is defined by a set of signs of potentially
dangerous functions calls in the application interface of the operating system. For an
antivirus scanner, the list of features may correlate with malware signatures. A con-
clusion can be made that in most relevant academic and research papers, no theoretical
justification of using DNN in malware detection means, as well as the justification of
DNN architectural parameters adaptation to the expected application conditions, is
available.
Therefore, the purpose of this study is to ensure the effectiveness of malware
detection systems by adapting the type of deep neural network architecture and
architectural parameters to the expected conditions of use.
6 I. Dychka et al.
DNN Effectiveness Calculation Principle. The effectiveness of the i-th DNN type
(DNNi) correlates to the extent, to which this type of DNN meets the basic functional
requirements described using the efficiency criteria. The following expression is used to
quantify the effectiveness:
X
K
V ðDNNi Þ ¼ ak Hk ðDNNi Þ ð2Þ
k¼1
where V(DNNi) is the value of the efficiency function, Hk(DNNi) is the value of the k-th
criterion for DNN with the i-th architecture, a [0…1] is the weight factor of the k-th
efficiency criterion, and К is the number of criteria.
DNN Effectiveness Estimation Principle. Among the admissible types, i-th DNN type
(DNNi) is the most effective, provided that its efficiency function (Vi) has the maximum
value:
where DNNent is a set of available DNN types, DNNavl is a set of admissible DNN
types, and DNNeff is a set of effective DNN types.
Based on theoretical developments related to ANN, the following has been defined:
where dnn1 is fully connected DNNs for which no pretraining procedure is provided,
dnn2 is fully connected DNNs for which the pretraining procedure is used, dnn3 is
convolutional neural networks (CNN) with direct signal propagation, dnn4 is recurrent
CNN (RCN).
Malware Detection Using Artificial Neural Networks 7
The admissibility condition for dnn1 and dnn4 DNN types is defined:
if 20Nx 0w þ 0; 2k Nx þ Ny savl ! fdnn1 ; dnn4 g 2 DNNavl ð4Þ
where Nx, Ny is the number of DNN input and output parameters, #w is the average time
required to create one case study with the expected output signal, k is the duration of
one training iteration.
The admissibility of dnn3 DNN type is defined by the following expression:
if Nx 0w þ 0; 2k Nx þ Ny savl ! dnn3 2 DNNavl : ð5Þ
where #n is the average time required to create one case study without the output signal
expectation.
Also, the results of [4, 9] have been used to suggested the set of criteria for the
effectiveness of the DNN type criteria correlating with the basic requirements for the
NNM in the MS recognition task, which is presented in Table 1. The suggested effi-
ciency criteria are dimensionless. The list may be further modified in accordance with
the specific conditions of the malware detection task.
Similarly to [4, 9], it has been assumed that the values of the suggested criteria can
vary within the range of 0 to 1. At the same time, the value of the k-th criterion for the i-
th DNN architecture is 1 if the corresponding k-th requirement is fully provided in this
architecture, and 0 if it is not provided. See Table 2 for the calculated criteria values for
the included DNN.
8 I. Dychka et al.
The input data for the method are parameters that are characterized by the expected
conditions for the DNN use in the malware detection tools, and the output is the type
and parameters of the DNN architecture. Let us consider the use of the suggested
method on a specific example of the DNN architecture adaptation to the following
conditions of application:
– The detection system refers to the commonly used hardware and software;
– NNM is used to recognize Windows-based computer viruses;
– The NNM input is represented by information received during test files scanning;
– The permissible time for NNT creation is 1 month (2,592,000 s);
– Microsoft BIG-2015 computer virus database is used for NNM training and testing.
Malware Detection Using Artificial Neural Networks 9
Step 4. By substituting the data from Table 4 for each DNN type into expression (3),
the followins values are obtained: V(dnn1) = 0.75, V(dnn2) = 0.535,
V(dnn3) = 0.725, V(dnn4) = 0.64. Expression (4) determines that the most
effective type is dnn1.
Step 5. With known values of Nx and Ny, the dnn1 basic architectural parameters are
the number of hidden neural layers, the number of neurons in each hidden
layer, and the type of activation function. Three-layer perceptron with the
number of hidden layers Kh = 2 has been chosen as dnn1 basic option
where Nh is the number of neurons in each hidden layer, Kh is the number of hidden
layers; f(zk) = max(0, zk) is activation function of the hidden and output layer neurons,
where zk is the total input signal of the k-th neuron in the hidden or output layer. By
substituting the known P, Nx, Ny and Kh values into expression (7), Nh = 135 is
obtained.
Following the determination of architectural parameters we could proceed to the
development of relevant software. This was done using the Python programming
language and the TensorFlow library (developed by Google). The experiments have
been performed on a personal computer (AMD FX-9800P (2.7–3.6 GHz)/RAM
8 GB/HDD 1 TB/AMD Radeon RX 540, 2 GB) with OS Windows 10.
The training had 100 stages. After about 90 training stages, the training error
stabilized at the level of 0.01. Subsequently, test samples not used in the training have
been submitted to the DNN input from the BIG-2015 Database. Figure 1 shows
recognition errors for different viruses.
Analysis of Fig. 1 indicates that the biggest recognition error is typical of Simda,
Tracur, and Vundo viruses. This can be explained by a small number of case studies
that correspond to these viruses. At the same time, the average error of recognition for
all virus types is 0.036. It should also be noted that due to the use of the suggested
method during NN development, we managed to avoid long-term numerical experi-
ments aimed at determining the expediency of its application and at optimizing its
structural parameters. Considering that the recognition error achieved corresponds to
the error of modern antivirus tools [1, 2, 5, 7, 11, 12], this indicates the effectiveness of
the suggested solutions.
Malware Detection Using Artificial Neural Networks 11
0,1
0,09
0,08
0,07
0,06
0,05
0,04
0,03
0,02
0,01
0
CY
p
ur
o
t
da
3
ak
ni
d
po
er
er
ac
un
m
am
at
r.A
_v
_v
lli
Tr
Si
G
V
Lo
R
os
os
to
ih
ih
ca
el
el
us
K
bf
O
Fig. 1. Recognition error per sample.
5 Conclusions
It has been shown that improving the mathematical support of malware detection
systems using modern neural network models based on deep neural networks is a
promising area of malware detection systems development. The need for creating a
development method for this model, which is adapted to the conditions of application
as an anti-virus means, has been determined. The method for developing a deep neural
network architecture designed to detect malware has been suggested. In contrast to the
existing methods, this method allows avoiding the long-term numerical experiments to
determine the expediency of the neural network model application and optimize its
structural parameters during its development. At the same time, numerical experiments
using the Microsoft BIG-2015 computer virus database show that the method allows
for construction of a neural network model that provides a recognition error com-
mensurate with the error of modern computer virus detection systems. Further research
is related to the adaptation of the suggested method for the deep neural networks
application in behaviour analysers.
References
1. Ahmadi, M., Ulyanov, D., Semenov, S., Trofimov, M., Giacinto, G.: Novel feature
extraction, selection and fusion for effective malware family classification. In: Proceedings
of the Sixth ACM Conference on Data and Application Security and Privacy (CODASPY
2016), New York, NY, USA, pp. 183–194 (2016)
2. Akhmetov, B.A., Lakhno, V.B., Akhmetov, B.C., Alimseitova, Z.: Development of sectoral
intellectualized expert systems and decision making support systems in cybersecurity. In:
Advances in Intelligent Systems and Computing, 2nd Computational Methods in Systems
and Software (CoMeSySo), vol. 860, pp. 162–171 (2018). https://doi.org/10.1007/978-3-
030-00184-1_15
12 I. Dychka et al.
3. Artemenko, A.V., Golovko, V.A.: Analysis of neural network computer virus recognition
methods. Molodezhnyiy innovatsionnyiy forum «INTRI», GU «BelISA», Minsk, Belorus,
239 p. (2010). (in Russian)
4. Asiru, O.F., Dlamini, M.T., Asiru, J.M.B.: Application of artificial intelligence for detecting
derived viruses. In: 16th European Conference on Cyber Warfare and Security (ECCWS
2017), University College Dublin, Dublin, Ireland, 29–30 June 2017, pp. 217–227 (2017)
5. Bapiyev, I.M., Aitchanov, B.H., Tereikovskyi, I.A., Tereikovska, L.A., Korchenko, A.A.:
Deep neural networks in cyber attack detection systems. Int. J. Civil Eng. Technol. (IJCIET)
8(11), 1086–1092 (2017)
6. Dychka, I., Tereikovskyi, I., Tereikovska, L., Pogorelov, V., Mussiraliyeva, S.: Deobfus-
cation of computer virus malware code with value state dependence graph. In: Advances in
Intelligent Systems and Computing, pp. 370–379 (2018). https://doi.org/10.1007/978-3-319-
91008-6
7. Falaye, A.A., Oluyemi, E.S., Victor, A.N., Uchenna, U.C., Ogedengbe, O., Ale, S.:
Parametric equation for capturing dynamics of cyber attack malware transmission with
mitigation on computer network. Int. J. Math. Sci. Comput. (IJMSC) 3(4), 37–51 (2017).
https://doi.org/10.5815/ijmsc.2017.04.04
8. Hu, Z., Tereykovskiy, I.A., Tereykovska, L.O., Pogorelov, V.V.: Determination of structural
parameters of multilayer perceptron designed to estimate parameters of technical systems. Int.
J. Intell. Syst. Appl. (IJISA) 9(10), 57–62 (2017). https://doi.org/10.5815/ijisa.2017.10.07
9. Korchenko, A., Tereykovskiy, I., Karpinskiy, N., Tynymbayev, S.: Neural network models,
methods and tools for assessing the security parameters of internet-oriented information
systems. In: TOV NashFormat, Kiev, Ukraine, 275 p. (2016). (in Russian)
10. Lakhno, V., Malyukov, V., Parkhuts, L., Buriachok, V., Satzhanov, B., Tabylov, A.:
Funding model for port information system cyber security facilities with incomplete Hacker.
J. Theor. Appl. Inf. Technol. 96(13), 4215–4225 (2018)
11. Rudenko, O.H., Bodianskyi, Ye.: Artificial neural networks, Kharkiv, Kompaniia SMIT, 404
p. (2016). (in Ukranian)
12. Shah, S., Jani, H., Shetty, S., Bhowmick, K.: Virus detection using artificial neural networks.
Int. J. Comput. Appl. 84(5), 17–23 (2013)
13. Sharma, S.: Design and implementation of malware detection scheme. Int. J. Comput. Netw.
Inf. Secur. (IJCNIS) 10(8), 58–66 (2018). https://doi.org/10.5815/ijcnis.2018.08.07
14. Sujyothi, A., Acharya, S.: Dynamic malware analysis and detection in virtual environment.
Int. J. Modern Educ. Comput. Sci. (IJMECS) 9(3), 48–55 (2017). https://doi.org/10.5815/
ijmecs.2017.03.06
15. Tahir, R.: A study on malware and malware detection techniques. Int. J. Educ. Manag. Eng.
(IJEME) 8(2), 20–30 (2018). https://doi.org/10.5815/ijeme.2018.02.03
16. Tereykovska, L., Tereykovskiy, I., Aytkhozhaeva, E., Tynymbayev, S., Imanbayev, A.:
Encoding of neural network model exit signal, that is devoted for distinction of graphical
images in biometric authenticate systems. News Natl. Acad. Sci. Repub. Kaz. Ser. Geol.
Tech. Sci. 6(426), 217–224 (2017)
Applying Wavelet Transforms for Web Server
Load Forecasting
Abstract. The study focuses on increasing the effectiveness of web server load
forecasting systems, which are utilized for technical state diagnostics and
ensuring data security of distributed computer systems and networks. The
analysis of applied research papers has shown that a promising way of web
server load forecasting systems development is improving their mathematical
background by using modern frequency-time signal analysis methods based on
the wavelet transformation theory. It has been established that the challenges of
using the wavelet transformation theory are primarily related to the choice of
basis wavelet type, parameters of which shall be adapted to the application
conditions in a particular forecasting system. A new basis wavelet type selection
method, which is most effective for web server load parameters forecasting, has
been proposed. This method is based on a series of conditions and criteria to
achieve significant effectiveness for the given forecasting task by choosing a
basis wavelet type. Also, simulation modelling based on the web server request
statistics collected by the authors in a Ukrainian university has shown that the
method allows selecting the basis wavelet type, which ensures the approxima-
tion error level similar to that of the modern web server load forecasting sys-
tems. The possibility to avoid long-term simulation modelling typically used for
basis wavelet type selection is a significant advantage of the proposed method
for wavelet model development. Prospects for further research are related to the
refinement of the effectiveness criteria calculation process and improvement of
the proposed method by developing a basis wavelet parameters calculation
procedure.
1 Introduction
Due to the intensive growth of distributed computer network systems, the challenge of
ensuring their operation reliability becomes more and more important and urgent as an
increasing number of such systems are being integrated in various branches of human
activity. The structure of virtually all modern computer network systems includes one
or more servers to ensure integration with the global computer network, Internet.
Typical services provided by web servers include WWW, FTP and e-mail. Practical
experience has shown repeated disruptions of networked computer systems operation
due to web server software failures, which are both due to excessive server loads and
successful DDoS attacks [2, 4, 6]. It is obvious that the prevention of such violations is
possible by developing effective tools for web server load forecasting tools. Many
researchers [1, 3, 8, 9, 16] suggest that the effectiveness of such tools cannot be
increased without developing new methods and models to create sufficiently reliable
forecasts of operational parameters.
It must be noted that the created forecasts are used as a base for both network
resources planning and determining the control actions applied to them. Therefore, the
computer networks operation efficiency directly depends on the reliability of opera-
tional parameters forecasting methods and models, the development of which is a
general subject of this article.
Z ¼ a þ b t; ð1Þ
X
H
Z¼ ah þ th ; ð2Þ
h¼0
Phot.: Andrae.
Der Tigris bei Assur.
Neun Jahre verwandten Andrae und seine Mitarbeiter auf die
Freilegung der Festungswerke Assurs (vgl. „Die Festungswerke von
Assur“ von Walter Andrae. 2 Bde., 1913), denn ihre Bestimmung war
nicht nur wichtig für die Erkenntnis der ganzen Stadtanlage, für
Ermittlung ihrer Zugänge und zugleich des Verlaufs der wichtigsten
Handelsstraßen, sondern auch für die Geschichte der
Befestigungskunde überhaupt, da man assyrische Festungen bis
dahin nur ungenügend kannte. Die Arbeit war um so schwerer, als
die Mauern am Rande des Stadthügels naturgemäß am meisten der
Vernichtung ausgesetzt waren, und obendrein der Tigris den größten
Teil der Ostfront zerstört hatte.
Assur liegt auf der Spitze eines Ausläufers der Chanukekette,
und der Platz war für eine Festung wie geschaffen. Im Osten
bespülte ihn der schnellfließende, das ganze Jahr über tiefe Tigris,
ein Angriff von dort war also unmöglich. Im Norden fiel der Fels
(weicher Sandstein und Kieselkonglomerat) jäh nach einem
Stromarm ab, der trefflich als Festungsgraben diente. Am Rande
dieses noch erkennbaren Flußbettes hatten wir unser Lager
aufgeschlagen. Vor der Westfront erleichterten zwei kleine Täler die
Anlage von Gräben, die nur da zugeschüttet waren, wo Straßen zu
den Toren führten. Im Süden war eine Geländesenkung. Der einzige
Nachteil war, daß man von dem Hügelplateau im Westen aus in die
Stadt hineinsehen konnte. Deshalb baute man die Westmauer am
höchsten.
Das Alter der Festungsbauten Assurs ist sehr verschieden.
Andrae unterscheidet die archaische Zeit bis zur Mitte des 2.
vorchristlichen Jahrtausends, die altassyrische bis Ende des 2.
Jahrtausends, die jungassyrische vom Anfang des 1. Jahrtausends
bis Sargon, die spätassyrische unter Sargon und den Sargoniten bis
zur Zerstörung des assyrischen Reiches im Jahre 606 v. Chr., die
nachassyrische der Wiedereinwanderung unter den Neubabyloniern
und Cyrus (6. Jahrhundert) und die parthische Zeit, die ersten zwei
Jahrhunderte vor und nach Christus.
Phot.: Andrae.
Der Strand von Assur.
Aus vorgeschichtlicher Zeit haben sich keine Befestigungen
gefunden, nur Grundmauern von Häusern, Feuerstätten und
Kanälen. An der Ostseite führte man schon zu Anfang des 2.
Jahrtausends Mauern auf, um die Stromfahrt zu beherrschen und
das Ufer gegen die Erosion zu schützen. Diese Mauern befestigte
Adadnirari I. in altassyrischer Zeit. Davon ist noch vieles erhalten.
Auch legte man Landeplätze und Treppen am Ufer an. An der
Nordostecke der Stadt lag der Assurtempel mit der Front nach
Norden, und an der Nordwestecke der Palast Tukulti-Ninibs I. auf
seiner ungeheuren Plattform.
In jungassyrischer Zeit baute Salmanassar III. im Westen und
Südwesten eine äußere und eine innere senkrechte Mauer, auf
denen je eine Fahrstraße hinlief. Blaugelbe und schwarzweiß
glasierte Ziegel schmückten die Zinnen. Nach seiner Regierung,
aber vor Sargon, verfiel die innere Mauer; an ihrer Stelle entstanden
Wohnhäuser, und davor legte man eine niedrigere Mauer an.
In spätassyrischer Zeit führten Sargon und Sanherib noch
mancherlei Verbesserungen aus. Die Achämeniden dagegen ließen
die Befestigungen unverändert, und auch in der parthischen Zeit
wurde nichts daran getan.
Aus der Zeit Salmanassars III. grub man sieben Tore aus. Jedes
Tor flankierten zwei Türme; nach innen waren Wachtstuben,
Rampen und Treppen, die zur Mauerzinne hinaufführten. Eines der
Tore hieß Abul gurgurri, das Stadttor der Metallarbeiter; die übrigen
sind bisher namenlos. Die Zapfen der gewaltigen Flügel des
Gurgurritores, zylinderförmige Basaltblöcke, sind noch vorhanden.
Verkohlte Zedernholzbalken lassen auf eine Feuersbrunst schließen.
Zwei sargonitische Kalksteinblöcke an diesem Tor tragen Sanheribs
Namen. Eine Bildsäule Salmanassars III., die im Gurgurritor stand,
besitzt jetzt das Ottomanische Museum in Konstantinopel, eine
andere, die den König auf seinem Throne sitzend darstellt, das
Britische Museum. Beide sind in Lebensgröße.
Der ebenfalls ausgegrabene, offenere Zugang von Norden her,
den man nicht als Tor bezeichnen kann, hieß Muschlal und wird
schon Ende des 3. Jahrtausends auf Ziegelinschriften erwähnt.
Adadnirari I. in altassyrischer Zeit ließ ihn erneuern; auch die
jungassyrische Zeit unter Salmanassar III. kennt ihn. Unter Sanherib
heißt es: „Der Palast Muschlal in der Stadt Assur“, und bei
Assarhaddon: „Bît muslalu, das am Palast der Stadt Assur liegt, ließ
ich aufs neue erbauen als Ein- und Ausgang“.
Straßen an der inneren Mauer stammen aus spätassyrischer
Zeit; sie erinnern an die Straßen Pompejis und der heutigen Städte
des Orients.
Professor Andrae beschreibt ausführlich alle Einzelfunde, die an
den Mauern gemacht wurden, Ziegelkanäle, Straßen und Häuser,
Abflußtrommeln, Poternen, Wehrgänge, Turmtreppen, Bastionen,
emaillierte Terrakottareliefs, Kupferbecken, Konsolen, Haken und
Pfeilspitzen aus Bronze, Gräber und Ziegel mit Inschriften, von
denen folgende aus der Zeit Salmanassars III. als Probe angeführt
sei: „Salmanassar, der König des Alls, König des Landes Assur, der
Sohn des Assurnasirpal, des Königs des Landes Assur. Erobernd
herrschte ich vom großen Meer beim Lande Amurru gegen
Sonnenuntergang bis zum Meer beim Lande Kaldu, genannt Marratu
(d. h. der Salzstrom). Da brach ich die Ruinen der früheren
Festungsmauer meiner Stadt Assur nieder, die Tukulti-Ninib,
Salmanassars Sohn, ehedem gebaut hatte; ich erreichte ihren
Grund; von ihrem Fundament bis zu ihrer Brustwehr fügte und
vollendete ich sie; prächtiger und gewaltiger als zuvor machte ich
sie. Meine Tafeln und Urkunden brachte ich an. Ein zukünftiger Fürst
soll ihre Ruinen wieder aufrichten und meinem Namen wieder seinen
Platz einräumen, dann wird Assur seine Gebete erhören.“
Salmanassar gedachte also der kommenden Jahrtausende, die
seinen Namen vergessen könnten. Dann sollten die Steine für ihn
reden!
Andraes Grabungsmethode in den Ruinen Assurs war eine
andere als die Koldeweys in Babylon. Er zog 5 Meter breite
„Suchgräben“ quer über das ganze Stadtgebiet; sie laufen je 100
Meter voneinander entfernt parallel von der Westmauer bis nach
dem Tigrisufer im Osten. Stieß solch ein Graben auf Reste von
Palästen, Mauern, Toren, Häusern, Kanälen usw., so grub man
seitwärts weiter, bis der ganze Fund bloßgelegt war. Manchmal
zwangen Bodengestaltung oder neuere mohammedanische
Grabstellen zur Aufgabe des 100-Meter-Zwischenraums. Solch ein
unregelmäßiger Graben führte in den Jahren 1909–1911 zur
Entdeckung der merkwürdigen Königspfeiler im Winkel zwischen
dem breiten Nordteil und dem schmalen Südteil der Stadt. (Vgl. „Die
Stelenreihen in Assur“ von Walter Andrae, Leipzig, 1913).
Diese Pfeiler stammen aus der Zeit zwischen dem 14. und 7.
Jahrhundert v. Chr. Sie sind flach, oben abgerundet und tragen eine
Inschrift oder ein Reliefbild der Personen, zu deren Gedächtnis sie
errichtet wurden. Die größten sind aus Basalt und nennen Tukulti-
Ninib I., Semiramis und Assurnasirpal III.; kleinere sind mit den
Namen anderer Könige und hoher Beamten bezeichnet. Einer aus
körnigem, gelbgrauem Kalkstein zeigt das Bild einer Palastdame
Sardanapals. Sie sitzt, nach rechts gewendet, auf einem Thron, ist
mit Armbändern und Ohrringen geschmückt, trägt Rosetten auf den
Schultern und auf ihren üppigen, den Rücken herabwallenden
Locken eine Königskrone; in der Linken hält sie eine Blume, die
Rechte streckt sie nach oben. Das Gesicht entspricht dem
Schönheitsideal des Orients: volle runde Wangen, kräftiges Kinn,
gerade, scharf gezeichnete Nase, schön geschwungene, breite
Augenbrauen und lachende Lippen.
Phot.: Schölvinck.
Ein Suchgraben in Assur.
Phot.: Schölvinck.
Das deutsche Expeditionshaus in Assur.
Einundzwanzigstes Kapitel.
Erlebnisse auf einer
Etappenstraße.
Giara.
Das Bahnhofsgebäude von Giara hatte nur einen bewohnbaren
Raum, eine ungewöhnlich kühle, gewölbte Kammer, in der der
Stationsvorsteher unter einem von Fliegen umschwirrten
Mückennetz an Ruhr erkrankt darniederlag und aus einem primitiven
Filtrierapparat, einem großen Lehmkrug mit porösem Boden, Wasser
tropfen ließ. Hier mußten wir die heißesten Tagesstunden abwarten,
denn die Temperatur draußen war allmählich unerträglich geworden.
Schon morgens um 7 Uhr hatte sie 31 Grad betragen, um 1 Uhr
stieg sie auf 41,2 und anderthalb Stunden später auf 42,6 Grad.
Konsul Schünemanns persischer Schimmel hatte einen Hitzschlag
und Kolik und außerdem Blutegel in Gaumen und Hals. Noch am
Morgen war das Tier ganz frisch gewesen; jetzt legte es sich im
Schatten des Stalles nieder und verendete. Auch im Schlund der
andern Pferde hatten sich beim Trinken Blutegel festgebissen, und
unsere Kutscher befreiten sie mit vieler Mühe von diesen
Plagegeistern.
In der Kranken- und Fliegenstube von Giara zu übernachten, war
unmöglich. Am Spätnachmittag machten wir uns daher zur nächsten
Station Schura auf, die fünf Stunden entfernt sein sollte. Nahe bei
Giara hatten wir ein ziemlich tief und steil eingeschnittenes Tal zu
passieren, auf dessen nackter Sohle Salzkristalle schimmerten und
Erdpechquellen zutage traten. Der Herzog und Busse ritten voraus;
Schölvinck und ich folgten in der Droschke und fuhren in einer
Morastrinne fest. Die Pferde mußten ausgespannt, der Wagen
zurückgeschoben und ein anderer Weg versucht werden. Nicht
besser erging es dem vorausfahrenden Automobil, das weiter vorn in
einem Graben saß und nicht weiter konnte. Wir luden das Gepäck
ab, aber der Wagen rührte sich nicht vom Fleck, und wir mußten
warten, bis die ganze übrige Kolonne nachgekommen war. Darüber
wurde es dunkel, und im Westen erhob sich drohend eine
Wolkenwand, die den Mond verdeckte. Nach langem Warten kamen
die andern, und mit vereinten Kräften machten wir erst das Auto
wieder flott, das nunmehr jeden einzelnen Wagen über die
schwierige Stelle hinüberziehen mußte; die müden Tiere allein
hätten das nicht fertiggebracht. Drei Stunden kostete uns dieser
Graben — eine schöne Etappenstraße!
Dann ging es weiter, Stunde auf Stunde in stockfinsterer Nacht;
die Lampen des Autos wiesen den Weg. Endlich leuchtete vor uns
der Schein eines Feuers auf: es war Schura, aber noch in weiter
Ferne. Ein neuer Graben hielt die Wagen auf; unsere Droschke kam
glücklich hinüber, und endlich tauchte die hohe Mauer des
Stationsgebäudes aus dem Dunkel hervor. Hastig aßen wir auf dem