基于人工免疫系统的恶意代码检测技术研究
|
摘要
随着互联网的高速发展,尤其是移动互联网的出现以及智能手机用户的快速增长,网络已经渗透到人们日常生活的方方面面。互联网的开放和共享特性,在给我们带来便捷的同时,也带来了各类安全问题。作为信息安全的首要威胁,恶意代码的广泛传播,给用户造成了巨大的经济损失,浪费用户的宝贵时间,干扰用户的正常生活和工作。
恶意代码主要包括病毒、木马、蠕虫、后门及恶意脚本等程序。目前恶意代码的防护依赖于杀毒软件,防病毒网关等产品。这些产品主要基于恶意代码特征码匹配技术,对于已知恶意代码具有较高的检测率,但对于新出现的未知恶意代码检测率较低。并且面对加速增长的恶意代码数目,特征码的提取需要投入更多的人力。随着特征库的增加,杀毒软件会消耗更多的计算资源和存储资源,其检测效率受到极大的制约。
为了更加有效地检测恶意代码,尤其是对未知恶意代码的准确识别,近年来一些基于智能算法的恶意代码检测技术被提出,包括数据挖掘算法、神经网络及人工免疫系统等。由于恶意代码检测与生物免疫系统具有天然的相似性,即它们都需要准确地识别入侵到自身系统的外来物质,所以基于人工免疫系统的恶意代码检测技术受到国内外学者的广泛关注,并且成为了当前信息安全领域的研究热点。
本文通过对人工免疫系统的基本理论和主要算法的研究,包括阴性选择算法、克隆选择算法、危险理论等,解决了阴性选择算法的黑洞覆盖优化问题,以及基于人工免疫系统的计算机恶意代码检测和手机恶意代码检测等问题。本文主要创新工作如下:
1.当前国内外提出的基于人工免疫系统的恶意代码检测模型种类较多,每种检测模型采用的免疫算法、适用的场合及检测效果各有不同。本文重点对这些检测模型使用的关键技术进行了分析,包括:恶意代码特征提取、数据编码形式、抗原与抗体匹配规则、检测器生成策略及应用的免疫算法等,并对近些年具有代表性的相关研究成果进行了总结。
2.针对阴性选择算法中存在大量无法检测的黑洞的问题,提出了一种基于黑洞集合和自我集合定向生成匹配阈值可变的r块黑洞检测器的算法。并对阴性选择算法进行了改进,提出了采用双层检测器的阴性选择算法,该算法在保证较快的检测速度的前提下,通过提高黑洞元素检测率,实现更大范围的非我空间覆盖。仿真结果表明,该算法与r可变阴性选择算法相比,具有更高的非我空间覆盖率,尤其是在黑洞覆盖方面效果更好。
3.为了提高恶意代码检测系统对于不断变化的恶意代码环境的动态适应能力,受生物免疫系统的启发,通过提取恶意代码文件的二进制片段特征,提出了一种基于动态克隆选择算法的恶意代码检测模型。相比已有的基于人工免疫系统的恶意代码检测模型,本文通过引入动态克隆选择算法并对其改进,解决了训练过程中自我空间静态固定的问题。实验结果表明,该模型拥有更强的自适应能力,可有效地检测未知恶意代码程序,并且具有较低的误报率。
4.针对恶意代码变种及加密保护等技术带来的基于特征码的检测准确率较低的问题,提出了一种采用实值编码的基于行为特征克隆变异的计算机恶意代码检测模型。在虚拟机环境中收集恶意代码运行过程中的行为特征,经实值编码后生成抗原,并作为未成熟检测器的来源之一。利用阴性选择算法对未成熟检测器进行免疫耐受,生成成熟检测器。利用克隆选择算法对高亲和度的检测器进行繁殖和变异,增加检测器的多样性和提高亲和度。实验结果表明,通过延长克隆的代数可达到更高的检测率和更低的误报率。相比于主流杀毒软件,对于经过模糊变换和加密处理的恶意代码程序,所提出的模型具有更高的检测率。
5.针对手机恶意代码的传播和破坏特征,提出了一种基于危险理论的手机恶意代码检测模型。模型包含4个阶段:危险捕获、抗原提呈、抗体生成和抗体分发。提取和分析手机本地信息以发现由恶意代码入侵引起的危险特征,超过阈值后发出危险信号。根据危险信号强度建立危险域,抗原提成细胞从危险域中的手机中提取抗原。决策中心在确认感染恶意代码后,生成抗体并分发到指定的手机,用于防御和清除恶意代码。基于人工免疫系统的分布式和协作的策略,模型降低了手机的计算和存储资源的消耗。在检测模型的基础上,提出了手机恶意代码免疫策略,经验证对于手机恶意代码传播具有较好的抑制效果。
With the rapid development of the Internet, especially the emergence of the mobile Internet and the rapid growth of smartphone users, the network has penetrated into every aspect of people's daily lives. Due to the openness and sharing characteristics of the Internet, it brings us convenience, but at the same time we are facing all kinds of security problems. As the primary threat, the widespread dissemination of malcode has caused huge economic loss, the wasted of the user's valuable time, and interfer with the user's normal life and work.
The malcode includes viruses, Trojan horses, worms, backdoors, malicious scripts, etc. At present, the defense of the malcode relies on security products like anti-virus software and anti-virus gateway. These products are mainly based on signature matching techniques, so high detection rate for the known malcode can be achieved, but for the newly appeared unknown malcode the detection rate is low. In the face of accelerating growing malcode, signature extraction needs more manpower. With the increase of signature database, the anti-virus software will consume more computing resources and storage resources, and the malcode detect efficiency is greatly constrained.
In order to detect the malcode more effectively, especially to recognize the unknown malcode more accurately, in recent years some malcode detection technology based on intelligent algorithm is put forward, including data mining algorithm, neural network, artificial immune system, etc. Due to the natural similarity between malcode detection and biological immune system, that is they both need to accurately recognize the foreigners that invade to their systems. So the malcode detection technology based on artificial immune system has drawn the wide attention of scholars both at home and abroad, and currently it has become research hotspots in the field of information security.
The basic principles and mainstream algorithms of artificial immune system are studied, including the negative selection algorithm, the clonal selection algorithms and the danger theory. This paper solves the issue of holes coverage optimization in negative selection algorithm, the detection technology based on artificial immune system both for computer malcode and mobile phone malcode. The main innovations of the present thesis are as follows:
1. There are many kinds of immune-based malcode detection models which are different in immune algorithms, application occasions and detection performance. The key technology of these models are analyzed, including feature extraction, data encoding, matching rules of antigens and antibodies, generation strategies of detectors and immune algorithms adopted. Also the representative research achievements in recent years are summarized.
2. With the problem that a large number of undetectable holes existed in negative selection algorithm, an algorithm of directional generating holes' detectors using r-chunk matching rule with variable matching threshold based on hole-set and self-set is proposed. Improvement is made to negative selection algorithm that NSA with double layers detectors is proposed. With the precondition of ensuring fast detection speed, this algorithm achieves a wider range of non-self space coverage by increasing the detection rate of holes. Simulation result shows that comparing with r-adjustable NSA, higher non-self space coverage is achieved especially better performance in holes' space coverage.
3. In order to improve the adaptability of malcode detection systems to the continuously changing environment, inspired by biological immune system, by extracting the malcode binary string segments, a computer malcode detection model is proposed based on the dynamic clonal selection algorithm. Compared with the existing malcode detection models that based on the artificial immune system, the dynamic clonal selection algorithm is introduced and improved, solving the problem that the self-space is static during the training process. Experiment results show that the proposed model has stronger adaptability. It can effectively detect unknown malcode and has a lower false positive rate.
4. According to the problem that the detection rate of signature-base malcode detection is low due to the variants and encryption protection techniques, a computer malcode detection model based on real-value encoded behavioral signature cloning and variation is proposed. Behavioral signatures are collected when the malcode is running in the virtual machine environment. Antigens are generated by real-value encoding the behavioral signatures, and these antigens are also one of the sources of immature detectors. Matured detectors are generated by tolerating immature detectors using the negative selection algorithm. In order to increase the diversity and affinity of detectors, detectors with high affinity are selected to proliferate and mutate using the clonal selection algorithm. The experimental result shows that higher detection rate and lower false positive rate can be achieved by increasing the clonal generation. Comparing with mainstream anti-virus software, it has higher detection rate for obfuscated and encrypted malcode programs.
5. According to the propagation and destruction characteristics of mobile phone malcode, a malcode detection model based on the danger theory is proposed. This model includes four phases:danger capture, antigen presentation, antibody generation and antibody distribution. Local information of mobile phones is extracted and analyzed to discover danger caused by malcode, and a danger signal is sent out when the danger exceeds the threshold. A danger zone is built according to the strength of danger signal, and the antigen presenting cells (APCs) present the antigen from mobile phones in the danger zone. After the decision center confirms the infection of malcode, the antibody is generated and distributed to mobile phones. Due to the distributed and cooperative mechanism of artificial immune system, the proposed model lowers the computing and storage consumption of mobile phones. Base on the detection model, a mobile phone malcode immunization strategy is proposed which is proved to have good inhibition effect to the propagation of malcode.
恶意代码主要包括病毒、木马、蠕虫、后门及恶意脚本等程序。目前恶意代码的防护依赖于杀毒软件,防病毒网关等产品。这些产品主要基于恶意代码特征码匹配技术,对于已知恶意代码具有较高的检测率,但对于新出现的未知恶意代码检测率较低。并且面对加速增长的恶意代码数目,特征码的提取需要投入更多的人力。随着特征库的增加,杀毒软件会消耗更多的计算资源和存储资源,其检测效率受到极大的制约。
为了更加有效地检测恶意代码,尤其是对未知恶意代码的准确识别,近年来一些基于智能算法的恶意代码检测技术被提出,包括数据挖掘算法、神经网络及人工免疫系统等。由于恶意代码检测与生物免疫系统具有天然的相似性,即它们都需要准确地识别入侵到自身系统的外来物质,所以基于人工免疫系统的恶意代码检测技术受到国内外学者的广泛关注,并且成为了当前信息安全领域的研究热点。
本文通过对人工免疫系统的基本理论和主要算法的研究,包括阴性选择算法、克隆选择算法、危险理论等,解决了阴性选择算法的黑洞覆盖优化问题,以及基于人工免疫系统的计算机恶意代码检测和手机恶意代码检测等问题。本文主要创新工作如下:
1.当前国内外提出的基于人工免疫系统的恶意代码检测模型种类较多,每种检测模型采用的免疫算法、适用的场合及检测效果各有不同。本文重点对这些检测模型使用的关键技术进行了分析,包括:恶意代码特征提取、数据编码形式、抗原与抗体匹配规则、检测器生成策略及应用的免疫算法等,并对近些年具有代表性的相关研究成果进行了总结。
2.针对阴性选择算法中存在大量无法检测的黑洞的问题,提出了一种基于黑洞集合和自我集合定向生成匹配阈值可变的r块黑洞检测器的算法。并对阴性选择算法进行了改进,提出了采用双层检测器的阴性选择算法,该算法在保证较快的检测速度的前提下,通过提高黑洞元素检测率,实现更大范围的非我空间覆盖。仿真结果表明,该算法与r可变阴性选择算法相比,具有更高的非我空间覆盖率,尤其是在黑洞覆盖方面效果更好。
3.为了提高恶意代码检测系统对于不断变化的恶意代码环境的动态适应能力,受生物免疫系统的启发,通过提取恶意代码文件的二进制片段特征,提出了一种基于动态克隆选择算法的恶意代码检测模型。相比已有的基于人工免疫系统的恶意代码检测模型,本文通过引入动态克隆选择算法并对其改进,解决了训练过程中自我空间静态固定的问题。实验结果表明,该模型拥有更强的自适应能力,可有效地检测未知恶意代码程序,并且具有较低的误报率。
4.针对恶意代码变种及加密保护等技术带来的基于特征码的检测准确率较低的问题,提出了一种采用实值编码的基于行为特征克隆变异的计算机恶意代码检测模型。在虚拟机环境中收集恶意代码运行过程中的行为特征,经实值编码后生成抗原,并作为未成熟检测器的来源之一。利用阴性选择算法对未成熟检测器进行免疫耐受,生成成熟检测器。利用克隆选择算法对高亲和度的检测器进行繁殖和变异,增加检测器的多样性和提高亲和度。实验结果表明,通过延长克隆的代数可达到更高的检测率和更低的误报率。相比于主流杀毒软件,对于经过模糊变换和加密处理的恶意代码程序,所提出的模型具有更高的检测率。
5.针对手机恶意代码的传播和破坏特征,提出了一种基于危险理论的手机恶意代码检测模型。模型包含4个阶段:危险捕获、抗原提呈、抗体生成和抗体分发。提取和分析手机本地信息以发现由恶意代码入侵引起的危险特征,超过阈值后发出危险信号。根据危险信号强度建立危险域,抗原提成细胞从危险域中的手机中提取抗原。决策中心在确认感染恶意代码后,生成抗体并分发到指定的手机,用于防御和清除恶意代码。基于人工免疫系统的分布式和协作的策略,模型降低了手机的计算和存储资源的消耗。在检测模型的基础上,提出了手机恶意代码免疫策略,经验证对于手机恶意代码传播具有较好的抑制效果。
With the rapid development of the Internet, especially the emergence of the mobile Internet and the rapid growth of smartphone users, the network has penetrated into every aspect of people's daily lives. Due to the openness and sharing characteristics of the Internet, it brings us convenience, but at the same time we are facing all kinds of security problems. As the primary threat, the widespread dissemination of malcode has caused huge economic loss, the wasted of the user's valuable time, and interfer with the user's normal life and work.
The malcode includes viruses, Trojan horses, worms, backdoors, malicious scripts, etc. At present, the defense of the malcode relies on security products like anti-virus software and anti-virus gateway. These products are mainly based on signature matching techniques, so high detection rate for the known malcode can be achieved, but for the newly appeared unknown malcode the detection rate is low. In the face of accelerating growing malcode, signature extraction needs more manpower. With the increase of signature database, the anti-virus software will consume more computing resources and storage resources, and the malcode detect efficiency is greatly constrained.
In order to detect the malcode more effectively, especially to recognize the unknown malcode more accurately, in recent years some malcode detection technology based on intelligent algorithm is put forward, including data mining algorithm, neural network, artificial immune system, etc. Due to the natural similarity between malcode detection and biological immune system, that is they both need to accurately recognize the foreigners that invade to their systems. So the malcode detection technology based on artificial immune system has drawn the wide attention of scholars both at home and abroad, and currently it has become research hotspots in the field of information security.
The basic principles and mainstream algorithms of artificial immune system are studied, including the negative selection algorithm, the clonal selection algorithms and the danger theory. This paper solves the issue of holes coverage optimization in negative selection algorithm, the detection technology based on artificial immune system both for computer malcode and mobile phone malcode. The main innovations of the present thesis are as follows:
1. There are many kinds of immune-based malcode detection models which are different in immune algorithms, application occasions and detection performance. The key technology of these models are analyzed, including feature extraction, data encoding, matching rules of antigens and antibodies, generation strategies of detectors and immune algorithms adopted. Also the representative research achievements in recent years are summarized.
2. With the problem that a large number of undetectable holes existed in negative selection algorithm, an algorithm of directional generating holes' detectors using r-chunk matching rule with variable matching threshold based on hole-set and self-set is proposed. Improvement is made to negative selection algorithm that NSA with double layers detectors is proposed. With the precondition of ensuring fast detection speed, this algorithm achieves a wider range of non-self space coverage by increasing the detection rate of holes. Simulation result shows that comparing with r-adjustable NSA, higher non-self space coverage is achieved especially better performance in holes' space coverage.
3. In order to improve the adaptability of malcode detection systems to the continuously changing environment, inspired by biological immune system, by extracting the malcode binary string segments, a computer malcode detection model is proposed based on the dynamic clonal selection algorithm. Compared with the existing malcode detection models that based on the artificial immune system, the dynamic clonal selection algorithm is introduced and improved, solving the problem that the self-space is static during the training process. Experiment results show that the proposed model has stronger adaptability. It can effectively detect unknown malcode and has a lower false positive rate.
4. According to the problem that the detection rate of signature-base malcode detection is low due to the variants and encryption protection techniques, a computer malcode detection model based on real-value encoded behavioral signature cloning and variation is proposed. Behavioral signatures are collected when the malcode is running in the virtual machine environment. Antigens are generated by real-value encoding the behavioral signatures, and these antigens are also one of the sources of immature detectors. Matured detectors are generated by tolerating immature detectors using the negative selection algorithm. In order to increase the diversity and affinity of detectors, detectors with high affinity are selected to proliferate and mutate using the clonal selection algorithm. The experimental result shows that higher detection rate and lower false positive rate can be achieved by increasing the clonal generation. Comparing with mainstream anti-virus software, it has higher detection rate for obfuscated and encrypted malcode programs.
5. According to the propagation and destruction characteristics of mobile phone malcode, a malcode detection model based on the danger theory is proposed. This model includes four phases:danger capture, antigen presentation, antibody generation and antibody distribution. Local information of mobile phones is extracted and analyzed to discover danger caused by malcode, and a danger signal is sent out when the danger exceeds the threshold. A danger zone is built according to the strength of danger signal, and the antigen presenting cells (APCs) present the antigen from mobile phones in the danger zone. After the decision center confirms the infection of malcode, the antibody is generated and distributed to mobile phones. Due to the distributed and cooperative mechanism of artificial immune system, the proposed model lowers the computing and storage consumption of mobile phones. Base on the detection model, a mobile phone malcode immunization strategy is proposed which is proved to have good inhibition effect to the propagation of malcode.
引文
[1]中国互联网络信息中心CNNIC,第31次中国互联网络发展状况统计报告[EB/OL],2013-01-15.
[2]国家互联网应急中心CNCERT/CC,2011年中国互联网网络安全报告[EB/OL], 2012-05-23.
[3]中华人民共和国计算机信息系统安全保护条例[EB/OL],国务院令第147号发布,1994-02, http://www.gov.cn/flfg/2005-08/06/content_20928.htm.
[4]Spafford E H. The internet worm program:An analysis [J]. ACM SIGCOMM Computer Communication Review,19(1),1989, pp.17-57.
[5]郑辉Internet蠕虫研究[博士学位论文].天津,南开大学,2003.
[6]de Castro L N, Timmis J. Artificial immune systems:a new computational intelligence approach [M]. Springer, Berlin,2002.
[7]王易,免疫学导论[M],上海中医药大学出版社,2007.09.
[8]Jerne N K. Towards a network theory of the immune system [J]. Annals of Immunology,125C(1974),1974, pp.373-389.
[9]Farmer J D, Packard N H, Perelson A S. The immune system, adaptation, and machine learning [J]. Physica D,2(1-3),1986, pp.187-204.
[10]Varela F J, Stewart J. Dynamics of a class of immune networks. I) Global behavior [J]. Journal of Theoretical Biology,144(1),1990, pp.93-101.
[11]Stewart J, Varela F J. Dynamics of a class of immune networks. II) Oscillatory activity of cellular and humoral component [J]. Journal of Theoretical Biology, 144(1),1990, pp.103-115.
[12]Bersini H, Varela F J. Hints for adaptive problem solving gleaned from immune networks [J]. Lecture Notes in Computer Science, vol.496,1991, pp.343-354.
[13]Forrest S, Perelson A S, Allen L, et al. Self-nonself discrimination in a computer[C]. Proceedings of IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, USA,1994, pp.202-212.
[14]Kephart J O. A biologically inspired immune system for computers [C]. Proceedings of the 4th International Workshop on Synthesis and Simulatoin of Living Systems, MIT Press, Cambridge,1994, pp.130-139.
[15]Dasgupta D, Artificial immune systems and their applications [M], Springer,1999.
[16]莫宏伟,人工免疫系统原理与应用[M],哈尔滨:哈尔滨工业大学出版社,2002.11.
[17]李涛,计算机免疫学[M],北京:电子工业出版社,2004.07.
[18]焦李成,杜海峰,刘芳,等,免疫优化计算、学习与识别[M],北京:科学出版社,2006.06.
[19]肖人彬,曹鹏林,刘勇,工程免疫计算[M],北京:科学出版社,2007.08.
[20]龚涛,蔡自兴,基于正常模型的人工免疫系统及其应用[M],北京:清华大学出版社,2011.05.
[21]Timmis J, Andrews P. A beginners guide to artificial immune systems (In Silico Immunology [M]). Springer,2007, pp.47-62.
[22]Timmis J, Knight T, de Castro L N, et al. An overview of artificial immune systems (In Computation in Cells and Tissues [M]-Natural Computeing Series). Springer, 2004, pp.51-91.
[23]Dasgupta D, Yu S, Nino F. Recent advances in artificial immune systems:models and applications [J]. Applied Soft Computing,11(2),2011, pp.1574-1587.
[24]Yu S, Dasgupta D. Conserved Self Pattern Recognition Algorithm [C]. Proceedings of the 7th International Conference on Artificial Immune Systems, Phuket, Thailand, 2008, pp.279-290.
[25]Aickelin U, Greensmith J. Sensing Danger:Innate Immunology for Intrusion Detection [J]. Information Security Technical Report,12(4),2007, pp.218-227.
[26]Twycross J P. Integrated innate and adaptive artificial immune systems applied to process anomaly detection [Dissertation]. School of Computer Science, University of Nottingham, UK, Nottingham,2007.
[27]Wang Wei, Gao Shangce, Tang Zheng. A complex artificial immune system [C]. Proceedings of the 4th International Conference on Natural Computation, Jinan, China,2008, pp.597-601.
[28]D'Haeseleer P, Forrest S, Helman P. An immunological approach to change detection:algorithms, analysis, and implications [C]. Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, Washington DC, USA,1996, pp.110-120.
[29]Wierzchon S T. Generating optimal repertoire of antibody strings in an artificial immune system [C]. Intelligent Information Systems, New York, USA,2000, pp.119-133.
[30]Ayra M, Timmis J, de Castro L N, et al. Negative selection:how to generate detectors [C]. Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS 2002), Canterbury, UK,2002, pp.89-98.
[31]Zhou J, Dasgupta D. Revisiting negative selection algorithms [J]. Evolutionary Computation,15(2),2007, pp.223-251.
[32]金章赞,廖明宏,肖刚.否定选择算法综述[J].通信学报,34(1),2013,pp.159-170.
[33]Ishida Y. Fully distributed diagnosis by PDP learning algorithm:towards immune network PDP model [C]. Proceedings of the IEEE International Joint Conference on Neural Networks, San Diego, USA,1990, pp.777-782.
[34]Bersini H, Varela F J. The immune learning mechanisms:reinforcement, recruitment and their applications. In R. Paton (ed) Computing with Biological Metaphors,1994, pp.166-192.
[35]Hunt J, Cooke D. An adaptative, distributed learning system, based on immune system [C]. Proceedings of the IEEE International Conference on System, Man and Cybernetics, Vancouver, Canada,1995, pp.2494-2499.
[36]Timmis J, Neal M. A resource limited artificial immune system for data analysis [J]. Knowledge Based Systems,14(3-4),2001, pp.121-130.
[37]de Castro L N, Von Zuben F J. An evolutionary immune network for data clustering[C]. Proceedings of the IEEE SBRN (Brazilian Symposium on Artificial Neural Networks), Brazil,2000, pp.84-89.
[38]de Castro L N, Von Zuben F J. aiNet:an artificial immune networks for data analysis. in Data Mining:A Heuristic Approach-Chapter XII, Idea Group Publishing, USA, 2001, pp.231-259.
[39]Burnet F M. A modification of Jerne's theory of antibody production using the concept of clonal selection [J]. CA:A Cancer Journal for Clinicians,26(2),1976, pp.119-121.
[40]de Castro L N, Von Zuben F J. The clonal selection algorithm with engineering applications [C]. Proceedings of the Genetic and Evolutionary Computation Conference (GECCO'00), Las Vegas, Nevada, USA,2000, pp.36-42.
[41]de Castro L N, Von Zuben F J. Learning and optimization using the clonal selection principle [J]. IEEE Transactions on Evolutionary Computation,6(3),2002, pp.239-251.
[42]Matzinger P. Tolerance, danger, and the extended family [J]. Annual Review of Immunology,12(1),1994, pp.991-1045.
[43]Matzinger P. The danger model:a renewed sense of self [J]. Science,296(5566), 2002, pp.301-305.
[44]Aickelin U, Cayzer S. The danger theory and its application to artificial immune systems [C]. Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS 2002), Canterbury, England,2002, pp.141-148.
[45]Greensmith J, Aickelin U, Twycross J. Detecting danger:applying a novel immunological concept to intrusion detection systems [C]. Proceedings of the 6th International Conference in Adaptive Computing in Design and Manufacture (ACDM 2004 Poster), Bristol, UK,2004.
[46]Laurentys C A, Palhares R M, Caminhas W M. Design of an artificial immune system based on Danger Model for fault detection [J]. Expert Systems with Applications,37(7),2010, pp.5145-5152.
[47]Greensmith J, Aickelin U, Cayzer S. Introducing Dendritic Cells as a Novel Immune-inspired Algorithm for Anomaly Detection [C]. Proceedings of the 4th Internetional Conference on Artificial Immune Systems (ICARIS-05),2005, pp.153-167.
[48]Greensmith J, Aickelin U. Dendritic Cells for SYN Scan Detection [C]. Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), ACM Press, UK,2007,pp.49-56.
[49]Greensmith J, Aickelin U, Twycross J. Articulation and clarification of the dendritic cell algorithm [C]. Proceedings of International Conference on Artificial Immune Systems (ICARIS), Oeiras, Portugal,2006, pp.404-417.
[50]Greensmith J, Aickelin U. The Deterministic Dendritic Cell Algorithm [C]. Proceedings of the International Conference on Artificial Immune Systems (ICARIS), Springer, Thailand,2008, pp.291-303.
[51]ESET, White Paper:Heuristic Analysis-Detecting Unknown Viruses [EB/OL], 2008. http://go.eset.com/us/resources/white-papers/Heuristic_Analysis.pdf.
[52]Jacob G, Debar H, Fillol E. Behavioral detection of malware:from a survey towards an established taxonomy [J]. Journal in Computer Virology,4(3),2008, pp.251-266.
[53]Mircrosoft, Sysinternals Suite, http://technet.microsoft.com/en-us/sysinternals, 2013.
[54]Wang Xiaobin, Yang Guangyuan, Li Yichao, et al. Review on Application of Artificial Intelligence in Antivirus Detection System [C]. Proceedings of 2008 IEEE International Conference on Cybernetics and Intelligent Systems, Chengdu, China,2008, pp.506-509.
[55]梁循,数据挖掘算法与应用[M],北京:北京大学出版社,2006.04.
[56]Schultz M G, Eskin E, Zadok E, et al. Data Mining Methods for Detection of New Malicious Executables [C]. Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA,2001, pp.38-49.
[57]Wang J H, Deng P S, Fan Y S, et al. Virus detection using data mining techniques[C]. Proceedings of the IEEE Annual International Carnahan Conference on Security Technology,2003, pp.71-76.
[58]Tesauro G J, Kephart J O, Sorkin G B. Neural networks for computer virus recognition [J]. IEEE Expert,11(4),1996, pp.5-6.
[59]Arnold W, Tesauro G. Automatically generated Win32 heuristic virus detection [C]. Proceedings of the 2000 International Virus Bulletin Conference,2000, pp.51-60.
[60]郭晨,梁家荣,梁美莲.基于BP神经网络的病毒检测方法[J].计算机工程,31(2),2005,pp.152-156.
[61]Zhang Boyun, Yin Jianping, Hao Jingbo, et al. Malicious codes detection based on ensemble learning [C]. Proceedings of the 4th International Conference on Autonomic and Trusted Computing, Hong Kong, China,2007, pp.468-477.
[62]Liu Gang, Chen Wei, Hu Fen. A Neural Network Ensemble based Method for Detecting Computer Virus [C]. Proceedings of the 2010 International Conference on Computer, Mechatronics, Control and Electronic Engineering (CMCE), Changchun, China,2010, pp.391-393.
[63]Harmer P K, Williams P D., Gunsch G H, et al. An Artificial Immune System Architecture of Computer Security Applications [J]. IEEE Transactions on Euolutionary Computation,6(3),2002, pp.252-280.
[64]Al-Enezi J R, Abbod M F, Alsharhan S. Artificial immune systems-models, algorithms and applications [J]. International Journal of Research and Reviews in Applied Sciences (1JRRAS),3(2),2010, pp.118-131.
[65]Priddy K L, Keller P E. Artificial Neural Networks:an Introduction [M], Washington, USA, Published by SPIE-The International Society for Optical Engineering,2005.
[66]Timmis J. Artfificial immune systems:today and tomorrow [J]. Natural Computing, 6(1),2007, pp.1-18.
[67]Hart E, Timmis J. Application areas of AIS:the past, the present and the future [J]. Applied Soft Computing,8(1),2008, pp.191-201.
[68]Freitas A A, Timmis J. Revisiting the foundations of artificial immune systems for data mining [J]. IEEE Transactions on Evolutionary Computation,30(5),2007, pp.540-551.
[69]Woolley N C, Milanovic J V. An immune system inspired clustering and classification method to detect critical areas in electrical power networks [J]. Natural Computing,10(1),2011, pp.305-333.
[70]Yan C, Venayagamoorthy G K, Corzine K. AIS-Based Coordinated and Adaptive Control of Generator Excitation Systems for an Electric Ship [J]. IEEE Transactions on Industrial Electronics,59(8),2012, pp.3102-3112.
[71]Findik O, Babaoglu I, Ulker E. A color image watermarking scheme based on artificial immune recognition system [J]. Expert Systems with Applications,38(3), 2011,pp.1942-1946.
[72]Silva G C, Palhares R M, Caminhas W M. Immune inspired fault detection and diagnosis:a fuzzy-based approach of the negative selection algorithm and participatory clustering [J]. Expert Systems with Applications,39(16),2012, pp.12474-12486.
[73]Harmer P K, Williams P D. An artificial immune system architecture for computer security applications [J]. IEEE Transactions on Evolutionary Computation,6(3), 2002, pp.252-280.
[74]D'haeseleer P, Gonzalez F. An immunity-based technique to characterize intrusion in computer networks [J]. IEEE Transactions on Evolutionary Computation,6(3),2002, pp.1081-1088.
[75]Peng L X, Xie D Q, Gao Y, et al. An Immune-inspired Adaptive Automated Intrusion Response System Model [J]. International Journal of Computational Intelligence Systems,5(5),2012, pp.808-815.
[76]Afaneh S, Zitar R A, Al-Hamami A. Virus detection using clonal selection algorithm with Genetic Algorithm (VDC algorithm) [J]. Applied Soft Computing,13(1),2013, pp.239-246.
[77]Wang W, Zhang P T, Tan Y, et al. An immune local concentration based virus detection approach [J]. Jorunal of ZheJiang University-Science C:Computers & Electronics,12(6),2011, pp.443-454.
[78]Abu Zitar R, Mohammad A H. Spam Detection Using Gentic Assisted Artificial Immune System [J]. International Journal of Pattern Recognition and Artificial Intelligence,25(8),2011, pp.1275-1295.
[79]Weckman G, Bondal A A, Rinder M M, et al. Applying a hybrid artificial immune systems to the job shop scheduling problem [J]. Neural Computing & Applications, 21(7),2012, pp.1465-1475.
[80]Yap David F W, Koh S P, Tiong S K. A hybrid artificial immune systems for multimodal function optimization and its application in engineering problem [J]. Artificial Intelligence Review,38(4),2012, pp.291-301.
[81]Zinflou A, Gagne C, Gravel M. GISMOO:A new hybrid genetic/immune strategy for multiple-objective optimization [J]. Computers & Operations Research,39(9), 2012, pp.1951-1968.
[82]Kephart J O, Arnold W C. Automatic Extraction of Computer Virus Signatures [C]. Proceedings of the 4th Virus Bulletin International Conference,1994, pp.179-194.
[83]Henchiri O, Japkowicz N. A feature selection and evaluation scheme for computer virus detection [C]. Proceedings of the 6th International Conference on Data Mining (ICDM'06), Hong Kong, China,2006, pp.891-895.
[84]王维,张鹏涛,谭营等.一种基于人工免疫和代码相关性的计算机病毒特征提取方法[J].计算机学报,34(2),2011,pp.204-215.
[85]Shankarapani M K, Ramamoorthy S, Movva R S, et al. Malware detection using assembly and API call sequences [J]. Journal in Computer Virology,7(2),2011, pp.107-119.
[86]Sami A, Yadegari B, Rahimi H, et al. Malware Detection Based on Mining API Calls [C]. Proceedings of the ACM Symposium on Applied Computing,2010, pp.1020-1025.
[87]Ye Yanfang, Wang Dingding, Li Tao et al. IMDS:Intelligent malware detection system [C]. Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD'07), San Jose, CA, United states, 2007,pp.1043-1047.
[88]Ye Yanfang, Li Tao, Jiang Qingshan, et al. CIMDS:Adapting postprocessing techniques of associative classification for malware detection [J]. IEEE Transactions on Systems, Man and Cybernetics Part C:Applications and Reviews,40(3),2010, pp.298-307.
[89]Ravi C, Manoharan R. Malware detection using windows api sequence and machine learning [J]. International Journal of Computer Applications,43(17),2012, pp.12-16.
[90]Cohen F. Computer viruses:theory and experiments [J]. Journal of Computers and Security,6(1),1987, pp.22-35.
[91]Anubis [EB/OL]. http://anubis.iseclab.org/index.php.
[92]CIMA:Comodo Instant Malware Analysis [EB/OL]. http://camas.comodo.com/.
[93]Threat Expert [EB/OL]. http://www.threatexpert.com/submit.aspx.
[94]ThreatTrack [EB/OL]. http://www.threattrack.com/resources/sandbox-malware-analysis.aspx.
[95]金山火眼[EB/OL]. https://fireeye.ijinshan.com.
[96]Beaucamps P, Gnaedig I, Marion J Y. Behavior abstraction in malware analysis [C]. Lecture Notes in Computer Science, St. Julians, Malta,2010, pp.168-182.
[97]Kasama T, Yoshioka K, Inoue D, et al. Catching the Behavioral Differences between Multiple Executions for Malware Detection [J]. IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, E96A(1), 2013,pp.225-232.
[98]Zhang Fuyong, Qi Deyu. Run-time malware detection based on positive selection [J]. Journal in Computer Virology,7(4),2011, pp.267-277.
[99]病毒过滤网关TopFilter[EB/OL]. http://www.topsec.com.cn/aqcp/bjaq/bdglwgtop filter/index.htm.
[100]SonicWALL:Enforced Anti-Virus & Anti-Spyware [EB/OL]. http://www. sonicwall. com/us/en/products/Enforc ed_Anti-Virus_Anti-Spyware.html.
[101]Madhusudan B, Lockwood JW. A hardware-accelerated system for real-time worm detection [J].12th Annual IEEE Symposium on High Performance Interconnects, IEEE MICRO,25(1),2005, pp.60-69.
[102]Yen Tingfang, Reiter M K. Traffic Aggregation for Malware Detection [C]. Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer Berlin Heidelberg,2008, pp.207-227.
[103]Zhang Yu, Wu Lihua, Xia Feng, et al. Immunity-based model for malicious code detection [C]. Proceedings of the 6th International Conference on Intelligent Computing (ICIC 2010), Changsha China,2010, pp.399-406.
[104]Li Zhou, Liang Yiwen, Wu Zejun, et al. Immunity based virus detection with process call arguments and user feedback [C]. Proceedings of the Bio-Inspired Models of Network, Information, and Computing Systems, Bionetics 2007, Budapest, Hungary,2007, pp.57-64.
[105]Percus J K, Percus O, Perelson A S. Predicting the size of the antibody combining region from consideration of efficient self/nonself discrimination [C]. Proceedings of the National Acadeny of Science,1993, pp.1691-1695.
[106]Balthrop J, Esponda F, Forrest S, et al. Coverage and generalization in an aritificial immune system [C]. Proceedings of the Genetic and Evolutionary Computation Conference, New York, USA,2002, pp.3-10.
[107]Levenshtein V I. Binary codes capable of correcting deletions, insertions and reversals [J]. Soviet Physics Doklady,10(8),1966, pp.707-710.
[108]Gonzalez F, Dasgupta D, Gomez J. The effect of binary matching rules in negative selection [C]. Proceedings of Genetic and Evolutionary Computation Conference,2003, pp.195-206.
[109]Gonzalez F, Dasgupta D. Anomaly detection using real-valued negative selection[J]. Genetic Programming and Evolvable Machines, Kluwer Academic Publishers,4(4),2003, pp.383-403.
[110]Wang Wei, Zhang Pengtao, Tan Ying, et al. A hierarchical artificial immune model for virus detection [C]. Proceedings of the International Conference on Computational Intelligence and Security, CIS 2009, Beijing, China,2009, pp.1-5.
[111]Chao Rui, Tan Ying. A Virus Detection System Based on Artificial Immune System[C]. Proceedings of International Conference on Computational Intelligence and Security, CIS 2009, Beijing, China,2009, pp.6-10.
[112]Kim J, Bentley P. Immune Memory and Gene Library Evolution in the Dynamic Clonal Selection Algorithm [J]. Genetic Programming and Evolvable Machines,5(4), 2004, pp.361-391.
[113]Esponda F, Forrest S, Helman P. Enhancing Privacy through Negative Representations of Data [TR]. Univerity of New Mexico,2004.
[114]Esponda F, Ackley E S, Forrest S, et al. Online negative databases[C]. Proceedings of Third International Conference on Artificial Immune Systems (ICARIS 2004),2004, pp.175-188.
[115]张衡,吴礼发,张毓森等.一种r可变负选择算法及其仿真分析[J].计算机学报,28(10),2005,pp.1614-1619.
[116]张楠.人工免疫系统的混沌机制及在网络入侵检测中的应用[博士学位论文],四川大学,四川成都,2006.
[117]Gonzalez F, Dasgupta D, Nino L F. A randomized real-value negative selection algorithm[C]. Proceedings of Second International Conference on Artificial Immune System (ICARIS 2003), Edinburgh, UK,2003, pp.261-272.
[118]Zhou J, Dasgupta D. Real-valued negative selection algorithm with variable-sized detectors [C]. Proceedings of GECCO,2004, pp.287-298.
[119]Khaled A, Abdul-Kader H M, Ismail N A. Artificial Immune Clonal Selection Classification Algorithms for Classifying Malware and Benign Processes Using API Call Sequences[J]. International Journal of Computer Science and Network Security, 10(4),2010, pp.31-39.
[120]Swimmer M. Using the danger model of immune systems for distributed defense in modern data networks [J]. Computer Networks,51(5),2007, pp.1315-1333.
[121]Manzoor S, Shafiq M Z, Tabish S M, et al. A sense of'danger'for windows processes [C]. Proceedings of the 8th International Conference on Artificial Immune Systems,2009, pp.220-233.
[122]Li Tao, Liu Xiaojie, Li Hongbin. An Immune-Based Model for Computer Virus Detection [C], Proceedings of the 4th International Conference on Cryptology and Network Security,2005, pp.59-71.
[123]de Oliveira I L, Abed Gregio A R, Cansian A M. A Malware Detection System Inspired on the Human Immune System [C]. Proceedings of the 12th International Conference on Computational Science and Its Applications,2012, pp.286-301.
[124]Vural I, Venter H S. Combating Mobile Spam through Botnet Detection using Artificial Immune Systems [J]. Journal of Universal Computer Science,18(6),2012, pp.750-744.
[125]Zhao Min, Zhang Tao, Wang Jinshuang, et al. A smartphone malware detection framework based on artificial immunology [J]. Journal of Networks,8(2),2013, pp.469-476.
[126]D'haeseleer P. An immunological approach to change detection:Theoretical results [C]. Proceedings of the 9th IEEE Computer Security Foundations Workshop, Kenmare, Ireland,1996, pp.132-143.
[127]D'haeseleer P. Further Efficient Algorithms for Generating Antibody Strings [TR]. Technical Report CS95-6, Dept. of Computer Science, University of New Mexico.
[128]Hofmeyr S A. An immunological model of distributed detection and its application to computer security [Dissertation], Albuquerque:Department of Computer Sciences, University of New Mexico,1999.
[129]Li G Y, Li T, Zeng J et al. An improved V-detector algorithm of identifying boundary self [C]. Proceedings of the 2009 International Conference on Machine Learning and Cybernetics, Baoding, China,2009, pp.3209-3214.
[130]Stibor T, Mohr P, Timmis J. Is negative selection appropriate for anomaly detection [C]. Proceedings of Genetic and Evolutionary Computation Conference, New York, NY, USA,2005, pp.321-328.
[131]刘星宝,蔡自兴.异常检测系统的漏洞分析[J].中南大学学报,40(4),2009,pp.986-992.
[132]Esponda F, Forrest S, Helman P. A formal framework for positive and negative detection schemes [J]. IEEE Transactions on Systems Man and Cybernetics,34(1), 2004, pp.357-373.
[133]Malicious Software Datasets. CSMing Group. The International Cybersecurity Data Mining Competition (CSDMC 2010) associated with ICONIP 2010, http://csmining.org/index.php/malicious-software-datasets-.html.
[134]卡巴斯基2012年度安全报告:http://www.securelist.com/en/analysis/204792255/ Kaspersky_Security_Bulletin_2012_The_overall_statistics_for_2012.
[135]Kim J, Bentley P J. Towards an artificial immune system for network intrusion detection:an investigation of dynamic clonal selection [C]. Proceeding of the Congress on Evolutionary Computation, Honolulu,2002, pp.1015-1020.
[136]Arnold W and Tesauro G. Automatically Generated Win32 Heuristic Virus Detection [C]. Proceedings of the 2000 International Virus Bulletin Conference, 2000, pp.51-60.
[137]Wang Wei, Zhang Pengtao, Tan Ying, et al. An immune local concentration-based virus detection approach [J]. Journal of Zhejiang University-Science C (Computers & Electronics),12(6),2011, pp.1-13.
[138]VX Heavens [EB/OL].http://vx.netlux.org/vl.php,2012-3-10.
[139]Perdisci R, Lanzi A, Lee W. Classification of packed executables for accurate computer virus detection [J]. Pattern Recognition Letters,29(14),2008, pp.1941-1946.
[140]Murad K, Shirazi S N, Zikria Y B, et al. Evading virus detection using code obfuscation[C]. The Second International Conference on Future Generation Information Technology,2010, pp.394-401.
[141]项国富,金海,邹德清等.基于虚拟化的安全监控[J].软件学报,23(8),2012,pp.2173-2187.
[142]Moser A, Kruegel C, Kirda E. Exploring multiple execution paths for malware analysis [C]. Proceedings of the 28th IEEE Symposium on Security and Privacy, 2007, pp.231-245.
[143]Crandall J R, Wassermann G, Oliveira D A, et al. Temporal search:Detecting hidden malware timebombs with virtual machines [C]. Proceedings of the 12th international conference on Architectural support for programming languages and operating systems, New York:ACM Press,2006, pp.25-36.
[144]Issa A. Anti-virtual machines and emulations [J]. Journal of Computer Virology, 8(4),2012, pp.141-149.
[145]Zhao Xinchao, Liu Guoli, Liu Huqiu, et al. A New Clonal Selection Immune Algorithm with Perturbation Guiding Search and Non-uniform Hypermutation [J]. International Journal of Computational Intelligence Systems,3(1),2010, pp.1-17.
[146]Schmidt A D, Bye R, Schmidt H G, et al. Static Analysis of Executables for Collaborative Malware Detection on Android[C]. Proceedings of the 2009 IEEE International Conference on Communications, Dresden, Germany,2009, pp.1-5.
[147]Blasing T, Batyuk L, Schmidt A D, et al. An android application sandbox system for suspicious software detection [C]. Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware, Nancy, Lorraine,2010, pp.55-62.
[148]Kim H, Smith J, Shin K G. Detecting energy-greedy anomalies and mobile malware variants [C]. Proceedings of the 6th international conference on Mobile systems, applications, and services,2008, pp.239-252.
[149]Burguera I, Zurutuza U, Tehrani S N. Crowdroid:behavior-based malware detection system for Android [C]. Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, ACM New York, USA,'2011, pp.15-26.
[150]Shabtai A, Kanonov U, Elovici Y, et al. "Andromaly":a behavioral malware detection framework for android devices [J]. Journal of Intelligent Information Systems,38(1),2012, pp.161-190.
[151]Ali M A M, Maarof M A. Malware detection techniques using artificial immune system [C]. Proceedings of the International Conference on IT Convergence and Security, Berlin:Springer-Verlag,2012, pp.575-587.
[152]Kim J, Bentley P J, Aickelin U, et al. Immune system approaches to intrusion detection-a review [J]. Natural Computing,6(4),2007, pp.413-466.
[153]Swimmer M. Using the danger model of immune systems for distributed defense in modern data networks [J]. Computer Networks,51(5),2007, pp.1315-1333.
[154]Williamson M and Leveile J. An epidemiological model of virus spreading and cleanup. HPL-2003-39,2003.
[155]A.-L. Barabasi and R. Albert. Emergence of scaling in random networks [J]. Science,286(5439),1999, pp.509-512.
[2]国家互联网应急中心CNCERT/CC,2011年中国互联网网络安全报告[EB/OL], 2012-05-23.
[3]中华人民共和国计算机信息系统安全保护条例[EB/OL],国务院令第147号发布,1994-02, http://www.gov.cn/flfg/2005-08/06/content_20928.htm.
[4]Spafford E H. The internet worm program:An analysis [J]. ACM SIGCOMM Computer Communication Review,19(1),1989, pp.17-57.
[5]郑辉Internet蠕虫研究[博士学位论文].天津,南开大学,2003.
[6]de Castro L N, Timmis J. Artificial immune systems:a new computational intelligence approach [M]. Springer, Berlin,2002.
[7]王易,免疫学导论[M],上海中医药大学出版社,2007.09.
[8]Jerne N K. Towards a network theory of the immune system [J]. Annals of Immunology,125C(1974),1974, pp.373-389.
[9]Farmer J D, Packard N H, Perelson A S. The immune system, adaptation, and machine learning [J]. Physica D,2(1-3),1986, pp.187-204.
[10]Varela F J, Stewart J. Dynamics of a class of immune networks. I) Global behavior [J]. Journal of Theoretical Biology,144(1),1990, pp.93-101.
[11]Stewart J, Varela F J. Dynamics of a class of immune networks. II) Oscillatory activity of cellular and humoral component [J]. Journal of Theoretical Biology, 144(1),1990, pp.103-115.
[12]Bersini H, Varela F J. Hints for adaptive problem solving gleaned from immune networks [J]. Lecture Notes in Computer Science, vol.496,1991, pp.343-354.
[13]Forrest S, Perelson A S, Allen L, et al. Self-nonself discrimination in a computer[C]. Proceedings of IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, USA,1994, pp.202-212.
[14]Kephart J O. A biologically inspired immune system for computers [C]. Proceedings of the 4th International Workshop on Synthesis and Simulatoin of Living Systems, MIT Press, Cambridge,1994, pp.130-139.
[15]Dasgupta D, Artificial immune systems and their applications [M], Springer,1999.
[16]莫宏伟,人工免疫系统原理与应用[M],哈尔滨:哈尔滨工业大学出版社,2002.11.
[17]李涛,计算机免疫学[M],北京:电子工业出版社,2004.07.
[18]焦李成,杜海峰,刘芳,等,免疫优化计算、学习与识别[M],北京:科学出版社,2006.06.
[19]肖人彬,曹鹏林,刘勇,工程免疫计算[M],北京:科学出版社,2007.08.
[20]龚涛,蔡自兴,基于正常模型的人工免疫系统及其应用[M],北京:清华大学出版社,2011.05.
[21]Timmis J, Andrews P. A beginners guide to artificial immune systems (In Silico Immunology [M]). Springer,2007, pp.47-62.
[22]Timmis J, Knight T, de Castro L N, et al. An overview of artificial immune systems (In Computation in Cells and Tissues [M]-Natural Computeing Series). Springer, 2004, pp.51-91.
[23]Dasgupta D, Yu S, Nino F. Recent advances in artificial immune systems:models and applications [J]. Applied Soft Computing,11(2),2011, pp.1574-1587.
[24]Yu S, Dasgupta D. Conserved Self Pattern Recognition Algorithm [C]. Proceedings of the 7th International Conference on Artificial Immune Systems, Phuket, Thailand, 2008, pp.279-290.
[25]Aickelin U, Greensmith J. Sensing Danger:Innate Immunology for Intrusion Detection [J]. Information Security Technical Report,12(4),2007, pp.218-227.
[26]Twycross J P. Integrated innate and adaptive artificial immune systems applied to process anomaly detection [Dissertation]. School of Computer Science, University of Nottingham, UK, Nottingham,2007.
[27]Wang Wei, Gao Shangce, Tang Zheng. A complex artificial immune system [C]. Proceedings of the 4th International Conference on Natural Computation, Jinan, China,2008, pp.597-601.
[28]D'Haeseleer P, Forrest S, Helman P. An immunological approach to change detection:algorithms, analysis, and implications [C]. Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, Washington DC, USA,1996, pp.110-120.
[29]Wierzchon S T. Generating optimal repertoire of antibody strings in an artificial immune system [C]. Intelligent Information Systems, New York, USA,2000, pp.119-133.
[30]Ayra M, Timmis J, de Castro L N, et al. Negative selection:how to generate detectors [C]. Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS 2002), Canterbury, UK,2002, pp.89-98.
[31]Zhou J, Dasgupta D. Revisiting negative selection algorithms [J]. Evolutionary Computation,15(2),2007, pp.223-251.
[32]金章赞,廖明宏,肖刚.否定选择算法综述[J].通信学报,34(1),2013,pp.159-170.
[33]Ishida Y. Fully distributed diagnosis by PDP learning algorithm:towards immune network PDP model [C]. Proceedings of the IEEE International Joint Conference on Neural Networks, San Diego, USA,1990, pp.777-782.
[34]Bersini H, Varela F J. The immune learning mechanisms:reinforcement, recruitment and their applications. In R. Paton (ed) Computing with Biological Metaphors,1994, pp.166-192.
[35]Hunt J, Cooke D. An adaptative, distributed learning system, based on immune system [C]. Proceedings of the IEEE International Conference on System, Man and Cybernetics, Vancouver, Canada,1995, pp.2494-2499.
[36]Timmis J, Neal M. A resource limited artificial immune system for data analysis [J]. Knowledge Based Systems,14(3-4),2001, pp.121-130.
[37]de Castro L N, Von Zuben F J. An evolutionary immune network for data clustering[C]. Proceedings of the IEEE SBRN (Brazilian Symposium on Artificial Neural Networks), Brazil,2000, pp.84-89.
[38]de Castro L N, Von Zuben F J. aiNet:an artificial immune networks for data analysis. in Data Mining:A Heuristic Approach-Chapter XII, Idea Group Publishing, USA, 2001, pp.231-259.
[39]Burnet F M. A modification of Jerne's theory of antibody production using the concept of clonal selection [J]. CA:A Cancer Journal for Clinicians,26(2),1976, pp.119-121.
[40]de Castro L N, Von Zuben F J. The clonal selection algorithm with engineering applications [C]. Proceedings of the Genetic and Evolutionary Computation Conference (GECCO'00), Las Vegas, Nevada, USA,2000, pp.36-42.
[41]de Castro L N, Von Zuben F J. Learning and optimization using the clonal selection principle [J]. IEEE Transactions on Evolutionary Computation,6(3),2002, pp.239-251.
[42]Matzinger P. Tolerance, danger, and the extended family [J]. Annual Review of Immunology,12(1),1994, pp.991-1045.
[43]Matzinger P. The danger model:a renewed sense of self [J]. Science,296(5566), 2002, pp.301-305.
[44]Aickelin U, Cayzer S. The danger theory and its application to artificial immune systems [C]. Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS 2002), Canterbury, England,2002, pp.141-148.
[45]Greensmith J, Aickelin U, Twycross J. Detecting danger:applying a novel immunological concept to intrusion detection systems [C]. Proceedings of the 6th International Conference in Adaptive Computing in Design and Manufacture (ACDM 2004 Poster), Bristol, UK,2004.
[46]Laurentys C A, Palhares R M, Caminhas W M. Design of an artificial immune system based on Danger Model for fault detection [J]. Expert Systems with Applications,37(7),2010, pp.5145-5152.
[47]Greensmith J, Aickelin U, Cayzer S. Introducing Dendritic Cells as a Novel Immune-inspired Algorithm for Anomaly Detection [C]. Proceedings of the 4th Internetional Conference on Artificial Immune Systems (ICARIS-05),2005, pp.153-167.
[48]Greensmith J, Aickelin U. Dendritic Cells for SYN Scan Detection [C]. Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), ACM Press, UK,2007,pp.49-56.
[49]Greensmith J, Aickelin U, Twycross J. Articulation and clarification of the dendritic cell algorithm [C]. Proceedings of International Conference on Artificial Immune Systems (ICARIS), Oeiras, Portugal,2006, pp.404-417.
[50]Greensmith J, Aickelin U. The Deterministic Dendritic Cell Algorithm [C]. Proceedings of the International Conference on Artificial Immune Systems (ICARIS), Springer, Thailand,2008, pp.291-303.
[51]ESET, White Paper:Heuristic Analysis-Detecting Unknown Viruses [EB/OL], 2008. http://go.eset.com/us/resources/white-papers/Heuristic_Analysis.pdf.
[52]Jacob G, Debar H, Fillol E. Behavioral detection of malware:from a survey towards an established taxonomy [J]. Journal in Computer Virology,4(3),2008, pp.251-266.
[53]Mircrosoft, Sysinternals Suite, http://technet.microsoft.com/en-us/sysinternals, 2013.
[54]Wang Xiaobin, Yang Guangyuan, Li Yichao, et al. Review on Application of Artificial Intelligence in Antivirus Detection System [C]. Proceedings of 2008 IEEE International Conference on Cybernetics and Intelligent Systems, Chengdu, China,2008, pp.506-509.
[55]梁循,数据挖掘算法与应用[M],北京:北京大学出版社,2006.04.
[56]Schultz M G, Eskin E, Zadok E, et al. Data Mining Methods for Detection of New Malicious Executables [C]. Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA,2001, pp.38-49.
[57]Wang J H, Deng P S, Fan Y S, et al. Virus detection using data mining techniques[C]. Proceedings of the IEEE Annual International Carnahan Conference on Security Technology,2003, pp.71-76.
[58]Tesauro G J, Kephart J O, Sorkin G B. Neural networks for computer virus recognition [J]. IEEE Expert,11(4),1996, pp.5-6.
[59]Arnold W, Tesauro G. Automatically generated Win32 heuristic virus detection [C]. Proceedings of the 2000 International Virus Bulletin Conference,2000, pp.51-60.
[60]郭晨,梁家荣,梁美莲.基于BP神经网络的病毒检测方法[J].计算机工程,31(2),2005,pp.152-156.
[61]Zhang Boyun, Yin Jianping, Hao Jingbo, et al. Malicious codes detection based on ensemble learning [C]. Proceedings of the 4th International Conference on Autonomic and Trusted Computing, Hong Kong, China,2007, pp.468-477.
[62]Liu Gang, Chen Wei, Hu Fen. A Neural Network Ensemble based Method for Detecting Computer Virus [C]. Proceedings of the 2010 International Conference on Computer, Mechatronics, Control and Electronic Engineering (CMCE), Changchun, China,2010, pp.391-393.
[63]Harmer P K, Williams P D., Gunsch G H, et al. An Artificial Immune System Architecture of Computer Security Applications [J]. IEEE Transactions on Euolutionary Computation,6(3),2002, pp.252-280.
[64]Al-Enezi J R, Abbod M F, Alsharhan S. Artificial immune systems-models, algorithms and applications [J]. International Journal of Research and Reviews in Applied Sciences (1JRRAS),3(2),2010, pp.118-131.
[65]Priddy K L, Keller P E. Artificial Neural Networks:an Introduction [M], Washington, USA, Published by SPIE-The International Society for Optical Engineering,2005.
[66]Timmis J. Artfificial immune systems:today and tomorrow [J]. Natural Computing, 6(1),2007, pp.1-18.
[67]Hart E, Timmis J. Application areas of AIS:the past, the present and the future [J]. Applied Soft Computing,8(1),2008, pp.191-201.
[68]Freitas A A, Timmis J. Revisiting the foundations of artificial immune systems for data mining [J]. IEEE Transactions on Evolutionary Computation,30(5),2007, pp.540-551.
[69]Woolley N C, Milanovic J V. An immune system inspired clustering and classification method to detect critical areas in electrical power networks [J]. Natural Computing,10(1),2011, pp.305-333.
[70]Yan C, Venayagamoorthy G K, Corzine K. AIS-Based Coordinated and Adaptive Control of Generator Excitation Systems for an Electric Ship [J]. IEEE Transactions on Industrial Electronics,59(8),2012, pp.3102-3112.
[71]Findik O, Babaoglu I, Ulker E. A color image watermarking scheme based on artificial immune recognition system [J]. Expert Systems with Applications,38(3), 2011,pp.1942-1946.
[72]Silva G C, Palhares R M, Caminhas W M. Immune inspired fault detection and diagnosis:a fuzzy-based approach of the negative selection algorithm and participatory clustering [J]. Expert Systems with Applications,39(16),2012, pp.12474-12486.
[73]Harmer P K, Williams P D. An artificial immune system architecture for computer security applications [J]. IEEE Transactions on Evolutionary Computation,6(3), 2002, pp.252-280.
[74]D'haeseleer P, Gonzalez F. An immunity-based technique to characterize intrusion in computer networks [J]. IEEE Transactions on Evolutionary Computation,6(3),2002, pp.1081-1088.
[75]Peng L X, Xie D Q, Gao Y, et al. An Immune-inspired Adaptive Automated Intrusion Response System Model [J]. International Journal of Computational Intelligence Systems,5(5),2012, pp.808-815.
[76]Afaneh S, Zitar R A, Al-Hamami A. Virus detection using clonal selection algorithm with Genetic Algorithm (VDC algorithm) [J]. Applied Soft Computing,13(1),2013, pp.239-246.
[77]Wang W, Zhang P T, Tan Y, et al. An immune local concentration based virus detection approach [J]. Jorunal of ZheJiang University-Science C:Computers & Electronics,12(6),2011, pp.443-454.
[78]Abu Zitar R, Mohammad A H. Spam Detection Using Gentic Assisted Artificial Immune System [J]. International Journal of Pattern Recognition and Artificial Intelligence,25(8),2011, pp.1275-1295.
[79]Weckman G, Bondal A A, Rinder M M, et al. Applying a hybrid artificial immune systems to the job shop scheduling problem [J]. Neural Computing & Applications, 21(7),2012, pp.1465-1475.
[80]Yap David F W, Koh S P, Tiong S K. A hybrid artificial immune systems for multimodal function optimization and its application in engineering problem [J]. Artificial Intelligence Review,38(4),2012, pp.291-301.
[81]Zinflou A, Gagne C, Gravel M. GISMOO:A new hybrid genetic/immune strategy for multiple-objective optimization [J]. Computers & Operations Research,39(9), 2012, pp.1951-1968.
[82]Kephart J O, Arnold W C. Automatic Extraction of Computer Virus Signatures [C]. Proceedings of the 4th Virus Bulletin International Conference,1994, pp.179-194.
[83]Henchiri O, Japkowicz N. A feature selection and evaluation scheme for computer virus detection [C]. Proceedings of the 6th International Conference on Data Mining (ICDM'06), Hong Kong, China,2006, pp.891-895.
[84]王维,张鹏涛,谭营等.一种基于人工免疫和代码相关性的计算机病毒特征提取方法[J].计算机学报,34(2),2011,pp.204-215.
[85]Shankarapani M K, Ramamoorthy S, Movva R S, et al. Malware detection using assembly and API call sequences [J]. Journal in Computer Virology,7(2),2011, pp.107-119.
[86]Sami A, Yadegari B, Rahimi H, et al. Malware Detection Based on Mining API Calls [C]. Proceedings of the ACM Symposium on Applied Computing,2010, pp.1020-1025.
[87]Ye Yanfang, Wang Dingding, Li Tao et al. IMDS:Intelligent malware detection system [C]. Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD'07), San Jose, CA, United states, 2007,pp.1043-1047.
[88]Ye Yanfang, Li Tao, Jiang Qingshan, et al. CIMDS:Adapting postprocessing techniques of associative classification for malware detection [J]. IEEE Transactions on Systems, Man and Cybernetics Part C:Applications and Reviews,40(3),2010, pp.298-307.
[89]Ravi C, Manoharan R. Malware detection using windows api sequence and machine learning [J]. International Journal of Computer Applications,43(17),2012, pp.12-16.
[90]Cohen F. Computer viruses:theory and experiments [J]. Journal of Computers and Security,6(1),1987, pp.22-35.
[91]Anubis [EB/OL]. http://anubis.iseclab.org/index.php.
[92]CIMA:Comodo Instant Malware Analysis [EB/OL]. http://camas.comodo.com/.
[93]Threat Expert [EB/OL]. http://www.threatexpert.com/submit.aspx.
[94]ThreatTrack [EB/OL]. http://www.threattrack.com/resources/sandbox-malware-analysis.aspx.
[95]金山火眼[EB/OL]. https://fireeye.ijinshan.com.
[96]Beaucamps P, Gnaedig I, Marion J Y. Behavior abstraction in malware analysis [C]. Lecture Notes in Computer Science, St. Julians, Malta,2010, pp.168-182.
[97]Kasama T, Yoshioka K, Inoue D, et al. Catching the Behavioral Differences between Multiple Executions for Malware Detection [J]. IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, E96A(1), 2013,pp.225-232.
[98]Zhang Fuyong, Qi Deyu. Run-time malware detection based on positive selection [J]. Journal in Computer Virology,7(4),2011, pp.267-277.
[99]病毒过滤网关TopFilter[EB/OL]. http://www.topsec.com.cn/aqcp/bjaq/bdglwgtop filter/index.htm.
[100]SonicWALL:Enforced Anti-Virus & Anti-Spyware [EB/OL]. http://www. sonicwall. com/us/en/products/Enforc ed_Anti-Virus_Anti-Spyware.html.
[101]Madhusudan B, Lockwood JW. A hardware-accelerated system for real-time worm detection [J].12th Annual IEEE Symposium on High Performance Interconnects, IEEE MICRO,25(1),2005, pp.60-69.
[102]Yen Tingfang, Reiter M K. Traffic Aggregation for Malware Detection [C]. Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer Berlin Heidelberg,2008, pp.207-227.
[103]Zhang Yu, Wu Lihua, Xia Feng, et al. Immunity-based model for malicious code detection [C]. Proceedings of the 6th International Conference on Intelligent Computing (ICIC 2010), Changsha China,2010, pp.399-406.
[104]Li Zhou, Liang Yiwen, Wu Zejun, et al. Immunity based virus detection with process call arguments and user feedback [C]. Proceedings of the Bio-Inspired Models of Network, Information, and Computing Systems, Bionetics 2007, Budapest, Hungary,2007, pp.57-64.
[105]Percus J K, Percus O, Perelson A S. Predicting the size of the antibody combining region from consideration of efficient self/nonself discrimination [C]. Proceedings of the National Acadeny of Science,1993, pp.1691-1695.
[106]Balthrop J, Esponda F, Forrest S, et al. Coverage and generalization in an aritificial immune system [C]. Proceedings of the Genetic and Evolutionary Computation Conference, New York, USA,2002, pp.3-10.
[107]Levenshtein V I. Binary codes capable of correcting deletions, insertions and reversals [J]. Soviet Physics Doklady,10(8),1966, pp.707-710.
[108]Gonzalez F, Dasgupta D, Gomez J. The effect of binary matching rules in negative selection [C]. Proceedings of Genetic and Evolutionary Computation Conference,2003, pp.195-206.
[109]Gonzalez F, Dasgupta D. Anomaly detection using real-valued negative selection[J]. Genetic Programming and Evolvable Machines, Kluwer Academic Publishers,4(4),2003, pp.383-403.
[110]Wang Wei, Zhang Pengtao, Tan Ying, et al. A hierarchical artificial immune model for virus detection [C]. Proceedings of the International Conference on Computational Intelligence and Security, CIS 2009, Beijing, China,2009, pp.1-5.
[111]Chao Rui, Tan Ying. A Virus Detection System Based on Artificial Immune System[C]. Proceedings of International Conference on Computational Intelligence and Security, CIS 2009, Beijing, China,2009, pp.6-10.
[112]Kim J, Bentley P. Immune Memory and Gene Library Evolution in the Dynamic Clonal Selection Algorithm [J]. Genetic Programming and Evolvable Machines,5(4), 2004, pp.361-391.
[113]Esponda F, Forrest S, Helman P. Enhancing Privacy through Negative Representations of Data [TR]. Univerity of New Mexico,2004.
[114]Esponda F, Ackley E S, Forrest S, et al. Online negative databases[C]. Proceedings of Third International Conference on Artificial Immune Systems (ICARIS 2004),2004, pp.175-188.
[115]张衡,吴礼发,张毓森等.一种r可变负选择算法及其仿真分析[J].计算机学报,28(10),2005,pp.1614-1619.
[116]张楠.人工免疫系统的混沌机制及在网络入侵检测中的应用[博士学位论文],四川大学,四川成都,2006.
[117]Gonzalez F, Dasgupta D, Nino L F. A randomized real-value negative selection algorithm[C]. Proceedings of Second International Conference on Artificial Immune System (ICARIS 2003), Edinburgh, UK,2003, pp.261-272.
[118]Zhou J, Dasgupta D. Real-valued negative selection algorithm with variable-sized detectors [C]. Proceedings of GECCO,2004, pp.287-298.
[119]Khaled A, Abdul-Kader H M, Ismail N A. Artificial Immune Clonal Selection Classification Algorithms for Classifying Malware and Benign Processes Using API Call Sequences[J]. International Journal of Computer Science and Network Security, 10(4),2010, pp.31-39.
[120]Swimmer M. Using the danger model of immune systems for distributed defense in modern data networks [J]. Computer Networks,51(5),2007, pp.1315-1333.
[121]Manzoor S, Shafiq M Z, Tabish S M, et al. A sense of'danger'for windows processes [C]. Proceedings of the 8th International Conference on Artificial Immune Systems,2009, pp.220-233.
[122]Li Tao, Liu Xiaojie, Li Hongbin. An Immune-Based Model for Computer Virus Detection [C], Proceedings of the 4th International Conference on Cryptology and Network Security,2005, pp.59-71.
[123]de Oliveira I L, Abed Gregio A R, Cansian A M. A Malware Detection System Inspired on the Human Immune System [C]. Proceedings of the 12th International Conference on Computational Science and Its Applications,2012, pp.286-301.
[124]Vural I, Venter H S. Combating Mobile Spam through Botnet Detection using Artificial Immune Systems [J]. Journal of Universal Computer Science,18(6),2012, pp.750-744.
[125]Zhao Min, Zhang Tao, Wang Jinshuang, et al. A smartphone malware detection framework based on artificial immunology [J]. Journal of Networks,8(2),2013, pp.469-476.
[126]D'haeseleer P. An immunological approach to change detection:Theoretical results [C]. Proceedings of the 9th IEEE Computer Security Foundations Workshop, Kenmare, Ireland,1996, pp.132-143.
[127]D'haeseleer P. Further Efficient Algorithms for Generating Antibody Strings [TR]. Technical Report CS95-6, Dept. of Computer Science, University of New Mexico.
[128]Hofmeyr S A. An immunological model of distributed detection and its application to computer security [Dissertation], Albuquerque:Department of Computer Sciences, University of New Mexico,1999.
[129]Li G Y, Li T, Zeng J et al. An improved V-detector algorithm of identifying boundary self [C]. Proceedings of the 2009 International Conference on Machine Learning and Cybernetics, Baoding, China,2009, pp.3209-3214.
[130]Stibor T, Mohr P, Timmis J. Is negative selection appropriate for anomaly detection [C]. Proceedings of Genetic and Evolutionary Computation Conference, New York, NY, USA,2005, pp.321-328.
[131]刘星宝,蔡自兴.异常检测系统的漏洞分析[J].中南大学学报,40(4),2009,pp.986-992.
[132]Esponda F, Forrest S, Helman P. A formal framework for positive and negative detection schemes [J]. IEEE Transactions on Systems Man and Cybernetics,34(1), 2004, pp.357-373.
[133]Malicious Software Datasets. CSMing Group. The International Cybersecurity Data Mining Competition (CSDMC 2010) associated with ICONIP 2010, http://csmining.org/index.php/malicious-software-datasets-.html.
[134]卡巴斯基2012年度安全报告:http://www.securelist.com/en/analysis/204792255/ Kaspersky_Security_Bulletin_2012_The_overall_statistics_for_2012.
[135]Kim J, Bentley P J. Towards an artificial immune system for network intrusion detection:an investigation of dynamic clonal selection [C]. Proceeding of the Congress on Evolutionary Computation, Honolulu,2002, pp.1015-1020.
[136]Arnold W and Tesauro G. Automatically Generated Win32 Heuristic Virus Detection [C]. Proceedings of the 2000 International Virus Bulletin Conference, 2000, pp.51-60.
[137]Wang Wei, Zhang Pengtao, Tan Ying, et al. An immune local concentration-based virus detection approach [J]. Journal of Zhejiang University-Science C (Computers & Electronics),12(6),2011, pp.1-13.
[138]VX Heavens [EB/OL].http://vx.netlux.org/vl.php,2012-3-10.
[139]Perdisci R, Lanzi A, Lee W. Classification of packed executables for accurate computer virus detection [J]. Pattern Recognition Letters,29(14),2008, pp.1941-1946.
[140]Murad K, Shirazi S N, Zikria Y B, et al. Evading virus detection using code obfuscation[C]. The Second International Conference on Future Generation Information Technology,2010, pp.394-401.
[141]项国富,金海,邹德清等.基于虚拟化的安全监控[J].软件学报,23(8),2012,pp.2173-2187.
[142]Moser A, Kruegel C, Kirda E. Exploring multiple execution paths for malware analysis [C]. Proceedings of the 28th IEEE Symposium on Security and Privacy, 2007, pp.231-245.
[143]Crandall J R, Wassermann G, Oliveira D A, et al. Temporal search:Detecting hidden malware timebombs with virtual machines [C]. Proceedings of the 12th international conference on Architectural support for programming languages and operating systems, New York:ACM Press,2006, pp.25-36.
[144]Issa A. Anti-virtual machines and emulations [J]. Journal of Computer Virology, 8(4),2012, pp.141-149.
[145]Zhao Xinchao, Liu Guoli, Liu Huqiu, et al. A New Clonal Selection Immune Algorithm with Perturbation Guiding Search and Non-uniform Hypermutation [J]. International Journal of Computational Intelligence Systems,3(1),2010, pp.1-17.
[146]Schmidt A D, Bye R, Schmidt H G, et al. Static Analysis of Executables for Collaborative Malware Detection on Android[C]. Proceedings of the 2009 IEEE International Conference on Communications, Dresden, Germany,2009, pp.1-5.
[147]Blasing T, Batyuk L, Schmidt A D, et al. An android application sandbox system for suspicious software detection [C]. Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware, Nancy, Lorraine,2010, pp.55-62.
[148]Kim H, Smith J, Shin K G. Detecting energy-greedy anomalies and mobile malware variants [C]. Proceedings of the 6th international conference on Mobile systems, applications, and services,2008, pp.239-252.
[149]Burguera I, Zurutuza U, Tehrani S N. Crowdroid:behavior-based malware detection system for Android [C]. Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, ACM New York, USA,'2011, pp.15-26.
[150]Shabtai A, Kanonov U, Elovici Y, et al. "Andromaly":a behavioral malware detection framework for android devices [J]. Journal of Intelligent Information Systems,38(1),2012, pp.161-190.
[151]Ali M A M, Maarof M A. Malware detection techniques using artificial immune system [C]. Proceedings of the International Conference on IT Convergence and Security, Berlin:Springer-Verlag,2012, pp.575-587.
[152]Kim J, Bentley P J, Aickelin U, et al. Immune system approaches to intrusion detection-a review [J]. Natural Computing,6(4),2007, pp.413-466.
[153]Swimmer M. Using the danger model of immune systems for distributed defense in modern data networks [J]. Computer Networks,51(5),2007, pp.1315-1333.
[154]Williamson M and Leveile J. An epidemiological model of virus spreading and cleanup. HPL-2003-39,2003.
[155]A.-L. Barabasi and R. Albert. Emergence of scaling in random networks [J]. Science,286(5439),1999, pp.509-512.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |