基于分布智能代理的自保护系统研究
|
摘要
随着信息技术的发展,网络安全日益成为全社会关注的重大问题。本文对网络安全模型、分布式拒绝服务攻击防御技术、聚类算法在异常检测中的应用、信息加密技术及自动响应技术等网络安全中的关键问题进行了系统、深入和较为全面的研究。
本文的主要创新之处在于:
在现有环境下,融合当前网络安全技术,提出了基于智能代理技术的自保护系统模型,并对自保护系统的构成和工作模式进行了详细的描述。
分布式拒绝服务攻击是Internet所面临的最严峻的挑战之一,目前提出的防御方法在DDoS攻击特征随机变化时无法有效区分正常流量和攻击流,本文提出了一种动态分流选择通过的DDoS防御方法,在检测到DDoS攻击时动态变更路由信息,将发送到受害主机的正常业务流和攻击流转移到分流器,然后利用攻击数据包IP和端口的随机性阻挡攻击流,保证正常网络业务的顺利进行。
借助数据挖掘技术对网络中海量数据进行分析发现入侵行为是异常检测研究的重点,本文提出了一种改进的围绕中心点的分割算法IPAM(ImprovedPartitioning Around Medoids),并通过实验证明了IPAM算法能够有效的检测真实网络数据中的入侵行为。
加密技术是最基本的网络安全技术,被誉为信息安全的核心,本文运用序列密码和分组密码相互融合和渗透的思想,提出了一种基于传统分组加密算法的伪序列密码加密算法,即以分组加密算法为核心,通过S盒和反馈等方式变换分组加密模块每次加密时所使用的明文和密钥,生成随机密钥流,从而提高了信息传输的安全性。
自动响应是保障网络安全的重要环节,本文提出了基于可信度的成本敏感模型;提出了基于多源数据关联的自动响应技术,将动态检测与静态防御技术相结合,提高了系统的主动防御能力。
With the development of Information technology, Network security is gettingmore and more important. Several key technologies of network security are studiedand analyzed systematically in this dissertation. They are network security model, themechanism of Distributed Denial of Service (DDoS) Attack defending, clusteringalgorithms for network intrusion detection, information encryption algorithm, andautonomic intrusion response.
Some innovations have been achieved and presented in this dissertation:
Having studied the currently network security and agent technology, thisdissertation presents a self-protection model based on multi-agent and describes thecomponents and property of this model in detail.
DDoS is one of the greatest menaces to Internet. The existed mechanism fordefending DDoS can't distinguish normal network packets and attack network packetswhen the contents of network packets of DDoS are randomized. This dissertationpresents a mechanism for defending distributed denial of service attack which candetect the presence of a potential DDoS attack and divert attack traffic destined for thenetwork being monitored without affecting the flow of legitimate traffic. Emulationshows that this mechanism for defending DDoS is effective and feasible.
Data mining has unique advantages in acquiring unknown knowledge. So,intrusion detection based on data mining becomes a hot issue. This dissertationpresents an Improved Partitioning Around Medoids (IPAM) algorithm and evaluated itperformance on the network connection data sets. Experiment studies show that thisalgorithm is feasible and effective for unknown intrusion detection.
In this dissertation a new word-oriented stream cipher which based onconventional encryption algorithm is presented. A complete description of thealgorithm, an evaluation of its security properties, performance and implementationaspects are given. The cryptanalysis of this algorithm does not reveal an attack betterthan exhaustive key search. The Speed of this algorithm is as fast as commonly blockciphers.
At last, a cost-sensitive model based on reliability degree is proposed. Then anautomated intrusion response technique that is based on multi-source Eventscorrelation is introduced and a prototype of automated intrusion response has beenimplemented.
本文的主要创新之处在于:
在现有环境下,融合当前网络安全技术,提出了基于智能代理技术的自保护系统模型,并对自保护系统的构成和工作模式进行了详细的描述。
分布式拒绝服务攻击是Internet所面临的最严峻的挑战之一,目前提出的防御方法在DDoS攻击特征随机变化时无法有效区分正常流量和攻击流,本文提出了一种动态分流选择通过的DDoS防御方法,在检测到DDoS攻击时动态变更路由信息,将发送到受害主机的正常业务流和攻击流转移到分流器,然后利用攻击数据包IP和端口的随机性阻挡攻击流,保证正常网络业务的顺利进行。
借助数据挖掘技术对网络中海量数据进行分析发现入侵行为是异常检测研究的重点,本文提出了一种改进的围绕中心点的分割算法IPAM(ImprovedPartitioning Around Medoids),并通过实验证明了IPAM算法能够有效的检测真实网络数据中的入侵行为。
加密技术是最基本的网络安全技术,被誉为信息安全的核心,本文运用序列密码和分组密码相互融合和渗透的思想,提出了一种基于传统分组加密算法的伪序列密码加密算法,即以分组加密算法为核心,通过S盒和反馈等方式变换分组加密模块每次加密时所使用的明文和密钥,生成随机密钥流,从而提高了信息传输的安全性。
自动响应是保障网络安全的重要环节,本文提出了基于可信度的成本敏感模型;提出了基于多源数据关联的自动响应技术,将动态检测与静态防御技术相结合,提高了系统的主动防御能力。
With the development of Information technology, Network security is gettingmore and more important. Several key technologies of network security are studiedand analyzed systematically in this dissertation. They are network security model, themechanism of Distributed Denial of Service (DDoS) Attack defending, clusteringalgorithms for network intrusion detection, information encryption algorithm, andautonomic intrusion response.
Some innovations have been achieved and presented in this dissertation:
Having studied the currently network security and agent technology, thisdissertation presents a self-protection model based on multi-agent and describes thecomponents and property of this model in detail.
DDoS is one of the greatest menaces to Internet. The existed mechanism fordefending DDoS can't distinguish normal network packets and attack network packetswhen the contents of network packets of DDoS are randomized. This dissertationpresents a mechanism for defending distributed denial of service attack which candetect the presence of a potential DDoS attack and divert attack traffic destined for thenetwork being monitored without affecting the flow of legitimate traffic. Emulationshows that this mechanism for defending DDoS is effective and feasible.
Data mining has unique advantages in acquiring unknown knowledge. So,intrusion detection based on data mining becomes a hot issue. This dissertationpresents an Improved Partitioning Around Medoids (IPAM) algorithm and evaluated itperformance on the network connection data sets. Experiment studies show that thisalgorithm is feasible and effective for unknown intrusion detection.
In this dissertation a new word-oriented stream cipher which based onconventional encryption algorithm is presented. A complete description of thealgorithm, an evaluation of its security properties, performance and implementationaspects are given. The cryptanalysis of this algorithm does not reveal an attack betterthan exhaustive key search. The Speed of this algorithm is as fast as commonly blockciphers.
At last, a cost-sensitive model based on reliability degree is proposed. Then anautomated intrusion response technique that is based on multi-source Eventscorrelation is introduced and a prototype of automated intrusion response has beenimplemented.
引文
[1] Lawrence A. Gordon,Martin P. Loeb,William Lucyshyn,2004 CSI/FBI Computer Crime and Security Survey,United States San Francisco:Computer Security Institute,2005,2~5
[2] 杨义先,钮心忻,李名选,网络信息安全与保密(修订版),北京:北京邮电出版社,2003,12~15
[3] 刘启原,刘怡,数据库与信息系统的安全,北京:科学出版社,2000,2~8
[4] 张千里,陈光英,网络安全新技术,北京:人们邮电出版社,2003,56~60
[5] 胡华平,陈海涛,黄辰林等,入侵检测系统研究现状及发展趋势,计算机工程与科学,2001,23(2):23~27
[6] Northcut S,网络入侵检测分析员手册(余青霓译),北京:人民邮电出版社,2000,12~35
[7] 蒋建春,冯登国,网络入侵检测原理与技术,北京:国防工业出版社,2001,10~21
[8] Debar H,Dacier M,Wespi A,Towards a taxonomy of intrusion-detection systems,Computer Networks,1999,31(8):805~822
[9] Lindqvist U,Porras A,Detecting computer and network misuse through the production-based expert system toolset(P-BEST),Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy,Washington D.C:IEEE Computer Society Press,1999,146~161
[10] Ilgun K, Kemmerer R A, Porras P A,State transition analysis:a rule-based intrusion detection approach , IEEE Transactions on Software Engineering,1995,21(3):181~199
[11] 梁毅,周建国,晏蒲柳,基于有色 Petri 网和移动 Agent 的网络入侵检测系统,计算机工程,2003,29(16):106~108
[12] Klaus J, Marc D,Mining Intrusion Detection Alarms for Actionable Knowledge , Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining,New York:ACM Press, 2002,366~375
[13] Stolfo S J,Lee W, Chan P K,Data Mining-based intrusion detectors:an overview of the Columbia IDS project, SIGMOD Record,2001,30(4):5~14
[14] 陈建国,杨英杰,马范援,DMIDS:应用数据挖掘技术的网络入侵检测系统实现,计算机工程,2003,29(14):120~121
[15] 谭小彬,王卫平,奚宏生,计算机系统入侵检测的隐马尔可夫模型,计算机研究与发展,2003,40(2):245~250
[16] 饶鲜,董春曦,杨绍全,基于支持向量机的入侵检测系统,软件学报,2003,14(4):798~803
[17] Balthrop J,Esponda F,Forrest S,et al,Coverage and Generalization in an Artificial Immune System,Proceedings of the Genetic and Evolutionary Computation Conference(GECCO 2002),New York:Morgan Kaufmann,2002,3~10
[18] Dennis L Chao,Stephanie Forrest,Information Immune Systems, Proceedings of the First International Conference on Artificial Immune Systems (ICARIS), England:University of Kent at Canterbury Printing Unit,2002,132~140
[19] Chris Hare,Karanjit,Internet 防火墙与网络安全,北京:机械工业出版社,1998,10~12
[20] 段海新,吴建平,计算机网络的一种实体安全体系结构,计算机学报,2001,24(8):854~859
[21] Spaford E H,Zamboni D,Intrusion detection using autonomous agents, Computer Networks,2000,34(4):547~570
[22] 马恒太,蒋建春,陈伟锋等,基于 Agent 的分布式入侵检测系统模型,软件学报,2000,11(10):1312~1319
[23] A. G. Ganek,T. A. Corbi,The Dawning of the Autonomic Computing Era, IBM Systems Journal,2003,42(1):5~18
[24] D.M.Chess,C.C.Palmer,S.R.White,Security in an autonomic computing environment,IBM Systems Journal,2003,42(1):41~50
[25] 吴虎,刘云超,陈挺,对 DDoS 攻击防范策略的研究及若干实现,计算机应用研究,2002,19(8):34~36
[26] Steven J. Templeton,Karl E. Levit,Detecting Spoofed Packets,Proceedings of The Third DARPA Information Survivability Conference and Exposition (DISCEX III), Washington D.C.:Institute of Electrical and Electronics Engineers Inc,2003,164~175
[27] 陈波,于泠,SYN flooding 攻击对策研究,计算机工程,2001,27(7):34~41
[28] 陈波,于泠,DoS 攻击原理与对策的进一步研究,计算机工程与应用,2001,37(10):30~33
[29] 林原,基于网络自相似性的 DDOS 攻击检测,硕士学位论文,电子科技大学,2002
[30] 吕铭,基于网络对称性的 DDoS 动态防御技术的研究与实现,硕士学位论文,北京航空航天大学,2004
[31] 程光,龚俭,丁伟,基于抽样测量的高速网络实时异常检测模型,软件学报,2003,14(3):594~599
[32] 李小勇,刘东喜,谷大武,DDoS 防御与反应技术研究,计算机工程与应用,2003,39(12):59~62
[33] Wang HN,Shin KG,Transport Aware IP Routers:A Built In Protection Mechanism to Counter DDoS Attacks,IEEE Trans Parallel Distributed Systems,2003,14(9):873~884
[34] 房至一,张美文,魏华,防御和控制 DOS/DDOS 攻击新方法的研究,北京航空航天大学学报,2004,30(11):1033~1037
[35] Belenky A,Ansari N,On IP traceback,IEEE Communications Magazine, 2003,41(7):142~153
[36] Savage S,Wetherall D,Karlin A,Practical network support for IP traceback,Proceedings of ACM SIGCOMM'2000,New York:ACM Press, 2000,295~306
[37] S. Floyd,S. Bellovin, J.Ioannidis,Pushback Messages for Controlling aggregates in the Network , Internet draft , Work in progress ,http://search.ietf.org/internet-drafts/draft-floyd-pushbackmessages-00.txt, July 2001
[38] Mahajan R,Bellovin S M,Floyd S,Controlling high bandwidth aggregates in the network,Computer Communications Review,2002,32 (3):62-73
[39] Ioannidis J, Bellovin S M , Implementing pushback:Router-based defense against DDoS attacks , Proceedings of the Network and Distributed System Security Symposium(NDSS),Reston,United States:The Internet Society Press,2002,112-123
[40] Darmohray T,Oliver R,Hot Spares for DoS Atacks,Login,2000,25(7):21~29
[41] 陈波,SYN Flood 攻击的原理、实现与防范,计算机应用研究,2003,20(12):80~83
[42] David K.Yau,John C.S.Lui,F.Liang,Defending Against Distributed Denial of Service Attacks with Max-min Fair Server-centric Router Throttles,Proceedings of IEEE International Workshop on Quality of Service (IWQoS),Miami Beach,United States: Institute of Electrical and Electronics Engineers Inc,2002,35~44
[43] Jiawei Han,Micheline Kamber,数据挖掘:概念与技术,北京:机械工业出版社,2001
[44] 陈京民,数据仓库与数据挖掘技术,北京:电子工业出版社,2002
[45] R.Agrawal, T.Imielinski, A.Swami, Mining association rules between sets of items in large database, Proceedings of the ACM SIGMOD Conference on Management of Data,Washington D.C. United States: ACM Press,1993,207~216
[46] 韩君,张焕国,罗敏,一种基于数据挖掘的分布式入侵检测系统,计算机工程与应用,2004,40(8):126~128
[47] 盛思源,战守义,石耀斌,基于数据挖掘的入侵检测系统,计算机工程,2003,29(1):156~157
[48] R.Agrawal, R.Srikant, Mining Sequential Pattern, Proceedings of the International Conference on Data Engineering,Taipei,Taiwan: IEEE Computer Society,1995,3~14
[49] Barbara D, ADAM: Detecting Intrusions by Data Mining,Proceedings of IEEE Workshop on Information Assurance and Security,West Point United States:IEEE Computer Society,2001,127~133
[50] 卢勇,曹阳,凌军等,基于数据挖掘的入侵检测系统框架,武汉大学学报(理学版),2002,148(1):63~66
[51] 杨莘,刘恒,吕述望,一个基于数据挖掘的入侵检测系统模型,计算机科学,2003,30(1):124~127
[52] 宁玉杰,郭小淳,基于数据挖掘技术的网络入侵检测系统,计算机测量与控制,2002,10(3):189~190
[53] 徐管,刘宝旭,许榕生,基于数据挖掘技术的入侵检测系统设计与实现,计算机工程,2002,28(6):9~11
[54] 邹仕宏,阙喜戎,龚向阳等,基于数据挖掘与 CIDF 的自适应入侵检测系统,计算机工程与应用,2002,32(11):184~186
[55] 詹瑾瑜,熊光泽,孙明,基于 DM 的入侵检测系统结构方案,电子科技大学学报,2002,31(5):504~508
[56] 向继,高能,荆继武,聚类算法在网络入侵检测中的应用,计算机工程,2003,29(16):48~49
[57] Z.Huang,Extensions to k-means algorithm for clustering large data sets with categorical values,Data Mining and Knowledge Discovery,1998,21(2):283~304
[58] T.Zhang,R.Ramakrishnan,M.Livny,BIRCH: An efficient data clustering method for very large databases,Proceedings of the ACM SIGMOD Conference on Management of Data,Montreal Canada:ACM Press,1996,103~144
[59] Ester M,Kriegel H,Sander J,Xu XW,A density-based algorithm for discovering clusters in large spatial databases with noise ,Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining,Portland: AAAI Press,1996,226~231
[60] Wang J,STING: A statistical information grid approach to spatial data mining, Proceedings of the International Conference Very Large Databases, Athens Greece: Morgan Kaufmann Publishers,1997,186~195
[61] 杨向荣,宋擒豹,沈钧毅,基于数据挖掘的智能化入侵检测系统,计算机工程,2001,27(9):17~18
[62] 邵峰晶,于忠清,数据挖掘原理与算法,北京:中国水利出版社,2003,219~221
[63] 刘同明,数据挖掘技术及其应用,北京:国防工业出版社,2001
[64] L.Kaufman,P.J. Rousseeuw,Finding Groups in Data: an Introduction to Cluster Analysis,New York United States:John Wiley & Sons, 1990
[65] R.T.Ng,J.Han,Efficient and Effective Clustering Methods for Spatial Data Mining,Proceedings of the 20th VLDB Conference,Santiago, Chile:Morgan Kaufmann Publishers,1994,144~155
[66] 周映,并行程序性能分析系统关键技术的研究,硕士学位论文,西安交通大学,1999.
[67] Rajkumar Buyya,高性能集群计算:编程与应用(第二卷),北京:电子工业出版社,2001
[68] 李晓梅,面向结构的并行算法-设计与分析,长沙:国防科技大学出版社,1996
[69] 黄凯,高等计算机系统结构:并行性 可扩展性 可编程性,北京:清华大学出版社,1995
[70] Leonid Portnoy,Eleazar Eskin,Salvatore J. Stolfo,Intrusion detection with unlabeled data using clustering,Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001) , Philadelphia United States:ACM Press,2001,142~167
[71] 冯登国,吴文玲,分组密码的设计与分析,北京:清华大学出版社,2000,21~50
[72] 刘木兰,周展飞,陈小明,密钥共享体制,科学通报,2000,45 (9):897~907
[73] 卢开澄,计算机密码学通信中的保密与安全,密码与信息,1990,15(4):36~45
[74] Schneier B,Applied Cryptography,New York United States: John Wiley&Sons,1996
[75] Lai.X.,On the Design and Security of Block Ciphers,Konstanz Germany:Hartung-Gorre,1992,189~219
[76] Schneier R.,The Blowfish Encryption Algorithm,Dr.Dobb's Journal,1994: 19(4): 38~40
[77] Adams C.,Constructing Symmetric Ciphers Using the CAST Design Procedure,Designs, Codes, and Cryptography, 1997,12(3):283~316
[78] Rivest R.A.,Description of RC2(r) Encryption Algorithm,Internet Draft-rivest-rc2desc-00.txt,June 1997
[79] 陈鲁生,沈世镒,现代密码学,北京:科学出版社,2002
[80] 胡予濮,张玉清,肖国镇,对称密码学,北京:机械工业出版社,2002
[81] 杨义先,林须端,编码密码学,北京:人民邮电出版社,1992, 519~520
[82] 孙淑琴,林君,张秉仁等,伪随机序列发生器的研究与实现,吉林大学学报(信息科学版),2004,22(3),185~188
[83] 李超,谢端强,钟控序列的研究,密码与信息,1992,40(2):1~8
[84] 刘传东,吕述望,范修斌,密码学控选逻辑控制序列与输出序列的互信息,电子与信息学报,2003,25(10):1398~1402
[85] Stinson D.R.,Cryptography:Theory and Practice,Folorida United States:CRC Press Inc,1995,99~112
[86] O.Goldreich,H.Krawczyk,M.Luby,On the existence of pseudorandom generators , Proceedings of the IEEE 29th Annual Symposium on Foundations of Computer Science,Seattle United States:Institute of Electrical and Electronics Engineers Inc.,1988,12~24
[87] 丁存生,肖国镇,流密码学及其应用,北京:国防工业出版社,1994
[88] 李献刚,流密码体制的研究与分析,博士学位论文,西安电子科技大学,1995
[89] 肖国镇,梁传甲,王育民,伪随机序列及其应用,北京:国防工业出版社,1985
[90] 阙喜戎,孙悦,龚向阳,信息安全原理及应用,北京:清华大学出版社,2003,140~141
[91] Douglas R. Stinson(冯登国译),密码学原理与应用(第二版),北京:电子工业出版社,2003
[92] William Stallings, Cryptography and Network Security: Principles and Practice, 北京:清华大学出版社,2002,356~362
[93] Kailiski B.,Robshaw M.,Multiple Encryption: Weighing Security and Performance,Dr.Dobb's Journal,1996,23(1),123~127
[94] Rivest R.,Shamir A.,Adleman L.,A Method for Obtaining Digital Signatures and Public Key Cryptosystems,Communications of the ACM, 1978,21(2):120~126
[95] 王林,Rijndael 加密算法中 S-盒的分析,西安邮电学院学报,2000,5(3),1~3
[96] 刘晓晨,冯登国,满足若干密码学性质的 S-盒的构造,软件学报,2000, 11(10):1299~1302
[97] 王衍波,AES 的结构及其 S-box 分析,解放军理工大学学报(自然科学版),2002,3(3):13~17
[98] National Institute of Standard and Technology and Communication Security Establishment, Derived Test Requirement (DTR) for FIPS PUB 140-2, Security Requirements for Cryptographic Modules, available at URL: http//www.nist.gov/cmvp
[99] F.B.Cohen, Simulating Cyber Attacks, Defenses, and Consequences, http://all.net/journal/ntb/simulate/simulate.html, 1999
[100] Dan Schnackenberg,Kelly Djahandari,Dan Sterne,Infrastructure for Intrusion Detection and Response,Proceedings of the DARPA Information Survivability Conference and Exposition,South Carolina:Institute of Electrical and Electronics Engineers Inc.,2000,132~137
[101] 张运凯,张玉清,王长广,自动入侵响应系统的研究,计算机工程,2004,30(11):1~3
[102] 马欣,张玉清,顾涛,自动入侵响应技术研究,计算机应用研究,2004,21(4):91~94
[103] Lee Wenke,Fan Wei,Miller Matthew,Stolfo Sal,Toward Cost-Sensitive Modeling for Intrusion Detection and Response,Journal of Computer Security,2002,10(1):318~336
[104] Ulf Lindqvist, Erland Jonsson,How to systematically classify computer security intrusions,IEEE Symposium on Security and Privacy, Oakland California United States: Institute of Electrical and Electronics Engineers Inc.,1997,154~163
[105] 杨义先,钮心忻,网络安全理论与技术,北京:人民邮电出版社,2003,212~214
[106] Clifford Kahn,Phillip A. Porras,A Common Intrusion Detection Framework,1998 http://seclab.cs.ucdavis.edu/cidf/papers/jcs-draft/cidf-paper.ps
[107] D. Curry, H. Debar,Internet-Draft: Intrusion Detection Exchange Format,June,2002
[108] World Wide Web Consortium (W3C),Extensible Markup Language (XML) 1.0 (Second Edition),W3C Recommendation,October 2000
[109] M. Wood , M. Erlinger , Intrusion Detection Message Exchange Requirements, IETF-draft:draft-ietf-idwg-requirements-07,June,2002
[110] Curtis A. Carver,John M.D. Hill,John R. Surdu,A Methodology for Using Intelligent Agents to provide Automated Intrusion Response, Proceedings of the 2000 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point United States:IEEE Computer Society,2000,1125~1132
[111] 罗守山,入侵检测,北京:北京邮电大学出版社,2004,192~195
[2] 杨义先,钮心忻,李名选,网络信息安全与保密(修订版),北京:北京邮电出版社,2003,12~15
[3] 刘启原,刘怡,数据库与信息系统的安全,北京:科学出版社,2000,2~8
[4] 张千里,陈光英,网络安全新技术,北京:人们邮电出版社,2003,56~60
[5] 胡华平,陈海涛,黄辰林等,入侵检测系统研究现状及发展趋势,计算机工程与科学,2001,23(2):23~27
[6] Northcut S,网络入侵检测分析员手册(余青霓译),北京:人民邮电出版社,2000,12~35
[7] 蒋建春,冯登国,网络入侵检测原理与技术,北京:国防工业出版社,2001,10~21
[8] Debar H,Dacier M,Wespi A,Towards a taxonomy of intrusion-detection systems,Computer Networks,1999,31(8):805~822
[9] Lindqvist U,Porras A,Detecting computer and network misuse through the production-based expert system toolset(P-BEST),Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy,Washington D.C:IEEE Computer Society Press,1999,146~161
[10] Ilgun K, Kemmerer R A, Porras P A,State transition analysis:a rule-based intrusion detection approach , IEEE Transactions on Software Engineering,1995,21(3):181~199
[11] 梁毅,周建国,晏蒲柳,基于有色 Petri 网和移动 Agent 的网络入侵检测系统,计算机工程,2003,29(16):106~108
[12] Klaus J, Marc D,Mining Intrusion Detection Alarms for Actionable Knowledge , Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining,New York:ACM Press, 2002,366~375
[13] Stolfo S J,Lee W, Chan P K,Data Mining-based intrusion detectors:an overview of the Columbia IDS project, SIGMOD Record,2001,30(4):5~14
[14] 陈建国,杨英杰,马范援,DMIDS:应用数据挖掘技术的网络入侵检测系统实现,计算机工程,2003,29(14):120~121
[15] 谭小彬,王卫平,奚宏生,计算机系统入侵检测的隐马尔可夫模型,计算机研究与发展,2003,40(2):245~250
[16] 饶鲜,董春曦,杨绍全,基于支持向量机的入侵检测系统,软件学报,2003,14(4):798~803
[17] Balthrop J,Esponda F,Forrest S,et al,Coverage and Generalization in an Artificial Immune System,Proceedings of the Genetic and Evolutionary Computation Conference(GECCO 2002),New York:Morgan Kaufmann,2002,3~10
[18] Dennis L Chao,Stephanie Forrest,Information Immune Systems, Proceedings of the First International Conference on Artificial Immune Systems (ICARIS), England:University of Kent at Canterbury Printing Unit,2002,132~140
[19] Chris Hare,Karanjit,Internet 防火墙与网络安全,北京:机械工业出版社,1998,10~12
[20] 段海新,吴建平,计算机网络的一种实体安全体系结构,计算机学报,2001,24(8):854~859
[21] Spaford E H,Zamboni D,Intrusion detection using autonomous agents, Computer Networks,2000,34(4):547~570
[22] 马恒太,蒋建春,陈伟锋等,基于 Agent 的分布式入侵检测系统模型,软件学报,2000,11(10):1312~1319
[23] A. G. Ganek,T. A. Corbi,The Dawning of the Autonomic Computing Era, IBM Systems Journal,2003,42(1):5~18
[24] D.M.Chess,C.C.Palmer,S.R.White,Security in an autonomic computing environment,IBM Systems Journal,2003,42(1):41~50
[25] 吴虎,刘云超,陈挺,对 DDoS 攻击防范策略的研究及若干实现,计算机应用研究,2002,19(8):34~36
[26] Steven J. Templeton,Karl E. Levit,Detecting Spoofed Packets,Proceedings of The Third DARPA Information Survivability Conference and Exposition (DISCEX III), Washington D.C.:Institute of Electrical and Electronics Engineers Inc,2003,164~175
[27] 陈波,于泠,SYN flooding 攻击对策研究,计算机工程,2001,27(7):34~41
[28] 陈波,于泠,DoS 攻击原理与对策的进一步研究,计算机工程与应用,2001,37(10):30~33
[29] 林原,基于网络自相似性的 DDOS 攻击检测,硕士学位论文,电子科技大学,2002
[30] 吕铭,基于网络对称性的 DDoS 动态防御技术的研究与实现,硕士学位论文,北京航空航天大学,2004
[31] 程光,龚俭,丁伟,基于抽样测量的高速网络实时异常检测模型,软件学报,2003,14(3):594~599
[32] 李小勇,刘东喜,谷大武,DDoS 防御与反应技术研究,计算机工程与应用,2003,39(12):59~62
[33] Wang HN,Shin KG,Transport Aware IP Routers:A Built In Protection Mechanism to Counter DDoS Attacks,IEEE Trans Parallel Distributed Systems,2003,14(9):873~884
[34] 房至一,张美文,魏华,防御和控制 DOS/DDOS 攻击新方法的研究,北京航空航天大学学报,2004,30(11):1033~1037
[35] Belenky A,Ansari N,On IP traceback,IEEE Communications Magazine, 2003,41(7):142~153
[36] Savage S,Wetherall D,Karlin A,Practical network support for IP traceback,Proceedings of ACM SIGCOMM'2000,New York:ACM Press, 2000,295~306
[37] S. Floyd,S. Bellovin, J.Ioannidis,Pushback Messages for Controlling aggregates in the Network , Internet draft , Work in progress ,http://search.ietf.org/internet-drafts/draft-floyd-pushbackmessages-00.txt, July 2001
[38] Mahajan R,Bellovin S M,Floyd S,Controlling high bandwidth aggregates in the network,Computer Communications Review,2002,32 (3):62-73
[39] Ioannidis J, Bellovin S M , Implementing pushback:Router-based defense against DDoS attacks , Proceedings of the Network and Distributed System Security Symposium(NDSS),Reston,United States:The Internet Society Press,2002,112-123
[40] Darmohray T,Oliver R,Hot Spares for DoS Atacks,Login,2000,25(7):21~29
[41] 陈波,SYN Flood 攻击的原理、实现与防范,计算机应用研究,2003,20(12):80~83
[42] David K.Yau,John C.S.Lui,F.Liang,Defending Against Distributed Denial of Service Attacks with Max-min Fair Server-centric Router Throttles,Proceedings of IEEE International Workshop on Quality of Service (IWQoS),Miami Beach,United States: Institute of Electrical and Electronics Engineers Inc,2002,35~44
[43] Jiawei Han,Micheline Kamber,数据挖掘:概念与技术,北京:机械工业出版社,2001
[44] 陈京民,数据仓库与数据挖掘技术,北京:电子工业出版社,2002
[45] R.Agrawal, T.Imielinski, A.Swami, Mining association rules between sets of items in large database, Proceedings of the ACM SIGMOD Conference on Management of Data,Washington D.C. United States: ACM Press,1993,207~216
[46] 韩君,张焕国,罗敏,一种基于数据挖掘的分布式入侵检测系统,计算机工程与应用,2004,40(8):126~128
[47] 盛思源,战守义,石耀斌,基于数据挖掘的入侵检测系统,计算机工程,2003,29(1):156~157
[48] R.Agrawal, R.Srikant, Mining Sequential Pattern, Proceedings of the International Conference on Data Engineering,Taipei,Taiwan: IEEE Computer Society,1995,3~14
[49] Barbara D, ADAM: Detecting Intrusions by Data Mining,Proceedings of IEEE Workshop on Information Assurance and Security,West Point United States:IEEE Computer Society,2001,127~133
[50] 卢勇,曹阳,凌军等,基于数据挖掘的入侵检测系统框架,武汉大学学报(理学版),2002,148(1):63~66
[51] 杨莘,刘恒,吕述望,一个基于数据挖掘的入侵检测系统模型,计算机科学,2003,30(1):124~127
[52] 宁玉杰,郭小淳,基于数据挖掘技术的网络入侵检测系统,计算机测量与控制,2002,10(3):189~190
[53] 徐管,刘宝旭,许榕生,基于数据挖掘技术的入侵检测系统设计与实现,计算机工程,2002,28(6):9~11
[54] 邹仕宏,阙喜戎,龚向阳等,基于数据挖掘与 CIDF 的自适应入侵检测系统,计算机工程与应用,2002,32(11):184~186
[55] 詹瑾瑜,熊光泽,孙明,基于 DM 的入侵检测系统结构方案,电子科技大学学报,2002,31(5):504~508
[56] 向继,高能,荆继武,聚类算法在网络入侵检测中的应用,计算机工程,2003,29(16):48~49
[57] Z.Huang,Extensions to k-means algorithm for clustering large data sets with categorical values,Data Mining and Knowledge Discovery,1998,21(2):283~304
[58] T.Zhang,R.Ramakrishnan,M.Livny,BIRCH: An efficient data clustering method for very large databases,Proceedings of the ACM SIGMOD Conference on Management of Data,Montreal Canada:ACM Press,1996,103~144
[59] Ester M,Kriegel H,Sander J,Xu XW,A density-based algorithm for discovering clusters in large spatial databases with noise ,Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining,Portland: AAAI Press,1996,226~231
[60] Wang J,STING: A statistical information grid approach to spatial data mining, Proceedings of the International Conference Very Large Databases, Athens Greece: Morgan Kaufmann Publishers,1997,186~195
[61] 杨向荣,宋擒豹,沈钧毅,基于数据挖掘的智能化入侵检测系统,计算机工程,2001,27(9):17~18
[62] 邵峰晶,于忠清,数据挖掘原理与算法,北京:中国水利出版社,2003,219~221
[63] 刘同明,数据挖掘技术及其应用,北京:国防工业出版社,2001
[64] L.Kaufman,P.J. Rousseeuw,Finding Groups in Data: an Introduction to Cluster Analysis,New York United States:John Wiley & Sons, 1990
[65] R.T.Ng,J.Han,Efficient and Effective Clustering Methods for Spatial Data Mining,Proceedings of the 20th VLDB Conference,Santiago, Chile:Morgan Kaufmann Publishers,1994,144~155
[66] 周映,并行程序性能分析系统关键技术的研究,硕士学位论文,西安交通大学,1999.
[67] Rajkumar Buyya,高性能集群计算:编程与应用(第二卷),北京:电子工业出版社,2001
[68] 李晓梅,面向结构的并行算法-设计与分析,长沙:国防科技大学出版社,1996
[69] 黄凯,高等计算机系统结构:并行性 可扩展性 可编程性,北京:清华大学出版社,1995
[70] Leonid Portnoy,Eleazar Eskin,Salvatore J. Stolfo,Intrusion detection with unlabeled data using clustering,Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001) , Philadelphia United States:ACM Press,2001,142~167
[71] 冯登国,吴文玲,分组密码的设计与分析,北京:清华大学出版社,2000,21~50
[72] 刘木兰,周展飞,陈小明,密钥共享体制,科学通报,2000,45 (9):897~907
[73] 卢开澄,计算机密码学通信中的保密与安全,密码与信息,1990,15(4):36~45
[74] Schneier B,Applied Cryptography,New York United States: John Wiley&Sons,1996
[75] Lai.X.,On the Design and Security of Block Ciphers,Konstanz Germany:Hartung-Gorre,1992,189~219
[76] Schneier R.,The Blowfish Encryption Algorithm,Dr.Dobb's Journal,1994: 19(4): 38~40
[77] Adams C.,Constructing Symmetric Ciphers Using the CAST Design Procedure,Designs, Codes, and Cryptography, 1997,12(3):283~316
[78] Rivest R.A.,Description of RC2(r) Encryption Algorithm,Internet Draft-rivest-rc2desc-00.txt,June 1997
[79] 陈鲁生,沈世镒,现代密码学,北京:科学出版社,2002
[80] 胡予濮,张玉清,肖国镇,对称密码学,北京:机械工业出版社,2002
[81] 杨义先,林须端,编码密码学,北京:人民邮电出版社,1992, 519~520
[82] 孙淑琴,林君,张秉仁等,伪随机序列发生器的研究与实现,吉林大学学报(信息科学版),2004,22(3),185~188
[83] 李超,谢端强,钟控序列的研究,密码与信息,1992,40(2):1~8
[84] 刘传东,吕述望,范修斌,密码学控选逻辑控制序列与输出序列的互信息,电子与信息学报,2003,25(10):1398~1402
[85] Stinson D.R.,Cryptography:Theory and Practice,Folorida United States:CRC Press Inc,1995,99~112
[86] O.Goldreich,H.Krawczyk,M.Luby,On the existence of pseudorandom generators , Proceedings of the IEEE 29th Annual Symposium on Foundations of Computer Science,Seattle United States:Institute of Electrical and Electronics Engineers Inc.,1988,12~24
[87] 丁存生,肖国镇,流密码学及其应用,北京:国防工业出版社,1994
[88] 李献刚,流密码体制的研究与分析,博士学位论文,西安电子科技大学,1995
[89] 肖国镇,梁传甲,王育民,伪随机序列及其应用,北京:国防工业出版社,1985
[90] 阙喜戎,孙悦,龚向阳,信息安全原理及应用,北京:清华大学出版社,2003,140~141
[91] Douglas R. Stinson(冯登国译),密码学原理与应用(第二版),北京:电子工业出版社,2003
[92] William Stallings, Cryptography and Network Security: Principles and Practice, 北京:清华大学出版社,2002,356~362
[93] Kailiski B.,Robshaw M.,Multiple Encryption: Weighing Security and Performance,Dr.Dobb's Journal,1996,23(1),123~127
[94] Rivest R.,Shamir A.,Adleman L.,A Method for Obtaining Digital Signatures and Public Key Cryptosystems,Communications of the ACM, 1978,21(2):120~126
[95] 王林,Rijndael 加密算法中 S-盒的分析,西安邮电学院学报,2000,5(3),1~3
[96] 刘晓晨,冯登国,满足若干密码学性质的 S-盒的构造,软件学报,2000, 11(10):1299~1302
[97] 王衍波,AES 的结构及其 S-box 分析,解放军理工大学学报(自然科学版),2002,3(3):13~17
[98] National Institute of Standard and Technology and Communication Security Establishment, Derived Test Requirement (DTR) for FIPS PUB 140-2, Security Requirements for Cryptographic Modules, available at URL: http//www.nist.gov/cmvp
[99] F.B.Cohen, Simulating Cyber Attacks, Defenses, and Consequences, http://all.net/journal/ntb/simulate/simulate.html, 1999
[100] Dan Schnackenberg,Kelly Djahandari,Dan Sterne,Infrastructure for Intrusion Detection and Response,Proceedings of the DARPA Information Survivability Conference and Exposition,South Carolina:Institute of Electrical and Electronics Engineers Inc.,2000,132~137
[101] 张运凯,张玉清,王长广,自动入侵响应系统的研究,计算机工程,2004,30(11):1~3
[102] 马欣,张玉清,顾涛,自动入侵响应技术研究,计算机应用研究,2004,21(4):91~94
[103] Lee Wenke,Fan Wei,Miller Matthew,Stolfo Sal,Toward Cost-Sensitive Modeling for Intrusion Detection and Response,Journal of Computer Security,2002,10(1):318~336
[104] Ulf Lindqvist, Erland Jonsson,How to systematically classify computer security intrusions,IEEE Symposium on Security and Privacy, Oakland California United States: Institute of Electrical and Electronics Engineers Inc.,1997,154~163
[105] 杨义先,钮心忻,网络安全理论与技术,北京:人民邮电出版社,2003,212~214
[106] Clifford Kahn,Phillip A. Porras,A Common Intrusion Detection Framework,1998 http://seclab.cs.ucdavis.edu/cidf/papers/jcs-draft/cidf-paper.ps
[107] D. Curry, H. Debar,Internet-Draft: Intrusion Detection Exchange Format,June,2002
[108] World Wide Web Consortium (W3C),Extensible Markup Language (XML) 1.0 (Second Edition),W3C Recommendation,October 2000
[109] M. Wood , M. Erlinger , Intrusion Detection Message Exchange Requirements, IETF-draft:draft-ietf-idwg-requirements-07,June,2002
[110] Curtis A. Carver,John M.D. Hill,John R. Surdu,A Methodology for Using Intelligent Agents to provide Automated Intrusion Response, Proceedings of the 2000 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point United States:IEEE Computer Society,2000,1125~1132
[111] 罗守山,入侵检测,北京:北京邮电大学出版社,2004,192~195