基于免疫的入侵检测系统中检测器性能研究
摘要
随着网络技术的迅猛发展,网络环境越来越复杂、黑客的攻击手段层出不穷,传统的入侵检测方法已无法适应这种不断变化的网络环境。人工免疫系统理论是从生物学中提取的一套智能化计算理论。免疫系统所具有的天然的分布性、鲁棒性和自组织性等优良特性,使得基于免疫的入侵检测技术成为网络安全领域的一个研究热点。本文以基于免疫的入侵检测系统中的检测器为研究对象,围绕检测器的性能,深入研究检测器性能提升方法。
借鉴生物免疫系统的自体耐受机理,从提升实值检测器覆盖性能的角度出发,提出基于自体区域的实值检测器生成算法。该算法借助自体区域提供的信息进行局部训练,提升检测器训练效率;使用具有侵略性的解释描述检测器,提升了检测器在边界处的覆盖性能;采用混合搜索方式搜索非自体空间,该搜索方式结合了随机搜索和进化搜索的优点,能够提升检测器的覆盖性能,生成最少的检测器覆盖非自体空间。在多个数据集上的实验结果表明,该算法不仅可以有效改善检测器的覆盖性能,还能够显著提升检测器训练效率。
借鉴生物免疫系统对抗体细胞自身性能提升的机理,从提升实值检测器的识别和分布性能角度出发,提出基于主成分加权的实值否定选择算法。该算法使用主成分分析法提取特征向量的主成分,构造主成分空间,可以提升检测器的识别性能;通过在主成分空间上利用加权欧氏距离作为匹配规则训练检测器,可以提升检测器的分布性能。通过在维数不同的数据集上的测试以及与原始的实值否定选择算法的比较表明,该算法弥补了实值检测器生成算法在高维形态空间中的缺陷,能够提升检测器在高维形态空间中的检测性能。
受到生物免疫系统为了适应复杂环境而改变抗原决定基现象的启发,针对实值检测器在知识利用和处理混合型数据方面的局限,提出一种检测器的邻域表示方法,并依此提出了邻域否定选择算法。该算法利用数据的集合特性,以空间中相邻却不相交的邻域表示自体样本/检测器,采用了一种类似于Hamming距离的匹配规则,从数据的相似性角度出发,训练检测器。邻域否定选择算法生成的检测器能够克服空间维数的影响并很好地处理混合型数据,但其属性邻域划分方法却无法适应不断变化的网络环境,使算法的搜索范围无法确定。在此基础上提出的自适应邻域否定选择算法,利用基于熵的离散化方法,根据实际检测环境,对连续型属性进行划分。通过实验比较邻域表示法和实值表示法,证明邻域表示法更具优越性。
为了向检测器提供更加丰富可靠的知识,提出了一种检测器处理对象的提取方法。该方法以网络流为基础,采用现金登记模型存储网络流的概要信息,提取多种网络流特征组成特征向量,最后将网络流特征向量作为检测器的检测对象进行检测。通过对比实值否定选择算法在不同特征向量集合中的检测结果,证明网络流特征向量能够向检测器提供丰富的知识,进而提高检测器的检测性能。
本文对基于免疫的入侵检测系统中检测器性能的研究,不但可以有效提升入侵检测系统的综合检测性能,还使得入侵检测系统更具实用化。
Along with the rapid development of network technology, the network environment and attack methods of hackers become more and more complex. The traditional intrusion detection system can not adapt to this ever-changing network. The Artificial Immune System (AIS) is a new computation theory inspired by biological immune system. The good characteristic of AIS with distributivity, robustness and self-organization makes the Intrusion Detection System (IDS) based on AIS been a hot spot in the research of network security. This dissertation takes detector in intrusion detection system based on immune as research object, focuses on the theme of detector performance, and discuesses the methods of improving performance of detector.
From the perspective of improving the coverage performance of detector, a self region based real-valued detector generation algorithm is proposed inspired by self-tolerance mechanism of biological immune system. This algorithm uses information of self region to train the detectors for improving the detector training efficiency; constructs detectors with an aggressive interpretation which can improve the coverage performance of detector on the boundary of self and nonself region; employs a mixed search method which combines the advantage of random search and evolutionary search. This search method can improve the coverage performance of detector in nonself region, which can cover nonself region completely using the fewest detectors. The experimental results on several datasets show that this algorithm can improve not only the coverage performance of detector but also the training efficiency.
From the perspective of improving the recognition and distribution performance of detector, a principal component weighted real-valued negative selection algorithm is proposed inspired by performance improving mechanism of antibody cell in biological immune system. This algorithm uses principal components extracted by principal component analysis to construct the low dimensional shape space for improving the recognition ability of detector, and employs weighted Euclidean distance as the matching rule to training detectors in principal component shape space for improving the distribution ability. The experiments compare this algorithm with traditional real-valued negative selection algorithm on several datasets with different dimension. Experimental results show that this algorithm can supply the deficiency of real-valued detector generation algorithm in high dimensional space, and improve the detection performance of detector in high dimensional space.
Aiming at the limitations of real-valued detector in knowledge utilization and mixed data processing, a neighborhood representation is proposed inspired by the phenomenon that biological immune system can change antigenic determinant for adapting to complex environment. This algorithm which takes advantage of the aggregation property of data uses fully adjacent but mutually disjoint neighborhoods in shape space to present self/detector, and trains detectors using a special matching rule similar as Hamming distance from a view of similarity between self samples and candidates. The neighborhood detectors generated by neighborhood negative selection can overcome the negative effect of dimension of shape space, and have a good ability of processing mixed data. However, the continuous attribute division method of neighborhood negative selection cannot adapt to the ever-changing network environment, and furthermore would result in the undeterminable search scope. To solve this problem, a self adaptive neighborhood negative selection algorithm is proposed. This algorithm employs entropy-based discretization to split the continuous attributes according to the network environment. In this case, neighborhood detector can adapt to the ever-changing network environment. Experiments are carried out to compare neighborhood representation and real-valued representation with the purpose of proving the advantage of neighborhood representation.
To provide rich and reliable knowledge to detector, an extraction method of processing object of detector is proposed. Based on netflow, this method uses Cash Register Model to store sketch of netflow firstly, and then extracts feature vectors, finally the feature vector set is taken as the processing object for detector to detect anomaly. At last of this part, real-valued negative selection algorithm is run on different feature vector sets to testify that this extraction method can improve the performance of detector via providing more rich knowledge.
The research on the performance of detector in intrusion detection system based on immune mechanism and its improving methods can not only promote the overall performance of intrusion detection system, but also make the intrusion detection system more practicable.
借鉴生物免疫系统的自体耐受机理,从提升实值检测器覆盖性能的角度出发,提出基于自体区域的实值检测器生成算法。该算法借助自体区域提供的信息进行局部训练,提升检测器训练效率;使用具有侵略性的解释描述检测器,提升了检测器在边界处的覆盖性能;采用混合搜索方式搜索非自体空间,该搜索方式结合了随机搜索和进化搜索的优点,能够提升检测器的覆盖性能,生成最少的检测器覆盖非自体空间。在多个数据集上的实验结果表明,该算法不仅可以有效改善检测器的覆盖性能,还能够显著提升检测器训练效率。
借鉴生物免疫系统对抗体细胞自身性能提升的机理,从提升实值检测器的识别和分布性能角度出发,提出基于主成分加权的实值否定选择算法。该算法使用主成分分析法提取特征向量的主成分,构造主成分空间,可以提升检测器的识别性能;通过在主成分空间上利用加权欧氏距离作为匹配规则训练检测器,可以提升检测器的分布性能。通过在维数不同的数据集上的测试以及与原始的实值否定选择算法的比较表明,该算法弥补了实值检测器生成算法在高维形态空间中的缺陷,能够提升检测器在高维形态空间中的检测性能。
受到生物免疫系统为了适应复杂环境而改变抗原决定基现象的启发,针对实值检测器在知识利用和处理混合型数据方面的局限,提出一种检测器的邻域表示方法,并依此提出了邻域否定选择算法。该算法利用数据的集合特性,以空间中相邻却不相交的邻域表示自体样本/检测器,采用了一种类似于Hamming距离的匹配规则,从数据的相似性角度出发,训练检测器。邻域否定选择算法生成的检测器能够克服空间维数的影响并很好地处理混合型数据,但其属性邻域划分方法却无法适应不断变化的网络环境,使算法的搜索范围无法确定。在此基础上提出的自适应邻域否定选择算法,利用基于熵的离散化方法,根据实际检测环境,对连续型属性进行划分。通过实验比较邻域表示法和实值表示法,证明邻域表示法更具优越性。
为了向检测器提供更加丰富可靠的知识,提出了一种检测器处理对象的提取方法。该方法以网络流为基础,采用现金登记模型存储网络流的概要信息,提取多种网络流特征组成特征向量,最后将网络流特征向量作为检测器的检测对象进行检测。通过对比实值否定选择算法在不同特征向量集合中的检测结果,证明网络流特征向量能够向检测器提供丰富的知识,进而提高检测器的检测性能。
本文对基于免疫的入侵检测系统中检测器性能的研究,不但可以有效提升入侵检测系统的综合检测性能,还使得入侵检测系统更具实用化。
Along with the rapid development of network technology, the network environment and attack methods of hackers become more and more complex. The traditional intrusion detection system can not adapt to this ever-changing network. The Artificial Immune System (AIS) is a new computation theory inspired by biological immune system. The good characteristic of AIS with distributivity, robustness and self-organization makes the Intrusion Detection System (IDS) based on AIS been a hot spot in the research of network security. This dissertation takes detector in intrusion detection system based on immune as research object, focuses on the theme of detector performance, and discuesses the methods of improving performance of detector.
From the perspective of improving the coverage performance of detector, a self region based real-valued detector generation algorithm is proposed inspired by self-tolerance mechanism of biological immune system. This algorithm uses information of self region to train the detectors for improving the detector training efficiency; constructs detectors with an aggressive interpretation which can improve the coverage performance of detector on the boundary of self and nonself region; employs a mixed search method which combines the advantage of random search and evolutionary search. This search method can improve the coverage performance of detector in nonself region, which can cover nonself region completely using the fewest detectors. The experimental results on several datasets show that this algorithm can improve not only the coverage performance of detector but also the training efficiency.
From the perspective of improving the recognition and distribution performance of detector, a principal component weighted real-valued negative selection algorithm is proposed inspired by performance improving mechanism of antibody cell in biological immune system. This algorithm uses principal components extracted by principal component analysis to construct the low dimensional shape space for improving the recognition ability of detector, and employs weighted Euclidean distance as the matching rule to training detectors in principal component shape space for improving the distribution ability. The experiments compare this algorithm with traditional real-valued negative selection algorithm on several datasets with different dimension. Experimental results show that this algorithm can supply the deficiency of real-valued detector generation algorithm in high dimensional space, and improve the detection performance of detector in high dimensional space.
Aiming at the limitations of real-valued detector in knowledge utilization and mixed data processing, a neighborhood representation is proposed inspired by the phenomenon that biological immune system can change antigenic determinant for adapting to complex environment. This algorithm which takes advantage of the aggregation property of data uses fully adjacent but mutually disjoint neighborhoods in shape space to present self/detector, and trains detectors using a special matching rule similar as Hamming distance from a view of similarity between self samples and candidates. The neighborhood detectors generated by neighborhood negative selection can overcome the negative effect of dimension of shape space, and have a good ability of processing mixed data. However, the continuous attribute division method of neighborhood negative selection cannot adapt to the ever-changing network environment, and furthermore would result in the undeterminable search scope. To solve this problem, a self adaptive neighborhood negative selection algorithm is proposed. This algorithm employs entropy-based discretization to split the continuous attributes according to the network environment. In this case, neighborhood detector can adapt to the ever-changing network environment. Experiments are carried out to compare neighborhood representation and real-valued representation with the purpose of proving the advantage of neighborhood representation.
To provide rich and reliable knowledge to detector, an extraction method of processing object of detector is proposed. Based on netflow, this method uses Cash Register Model to store sketch of netflow firstly, and then extracts feature vectors, finally the feature vector set is taken as the processing object for detector to detect anomaly. At last of this part, real-valued negative selection algorithm is run on different feature vector sets to testify that this extraction method can improve the performance of detector via providing more rich knowledge.
The research on the performance of detector in intrusion detection system based on immune mechanism and its improving methods can not only promote the overall performance of intrusion detection system, but also make the intrusion detection system more practicable.
引文
[1]卿斯汉,蒋建春,马恒太等.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29.
[2]穆成坡,黄厚宽,田盛丰等.自动入侵响应决策技术的研究综述[J].计算机研究与发展,2008,45(8):1290-1298.
[3]岳兵,傅红娟,刘伯莹等.完善入侵检测系统审计信息的方法[J].计算机学报,2003,25(7):772-777.
[4]HART E, TIMMIS J. Application areas of AIS:the past, the present and the future [J]. Applied Soft Computing,2005,8(1):191-201.
[5]BRANCO P J C, DENTE J A. Using immunology principle for fault detection [J]. Industrial Electronics.2003,50(2):362-373.
[6]BOUKERCHE A, MACHADO R B, JUCA R L. An agent based and biological inspired real-Time intrusion detection and security model for computer network operations [J]. Computer Communications,2007,30(13):2649-2660.
[7]杨海松,李津生,洪佩林.分布开放式的入侵检测与相应架构—IDRA[J].计算机学报,2004,26(9):1176-1182.
[8]陈行,陶军.无线网络中基于贝叶斯博弈模型的入侵检测算法研究[J].通信学报,2010,31(2):107-119.
[9]朱文涛,李津生,冯登国.基于路由器代理的分布式湮没检测系统[J].计算机学报,2006,26(11):1585-1590.
[10]李涛.基于免疫的网络监控模型[J]。计算机学报,2006,2(9):1515-1522.
[11]严宣辉.应用疫苗接种策略的免疫入侵检测模型[J].电子学报,2009,37(4):780-789.
[12]肖人彬,王磊.人工免疫系统:原理,模型,分析及展望[J].计算机学报,2002,25(12):1281-1293.
[13]PERELSON A S, WEISVUCH D. Immunology for physicists [J]. Rev. of Modern Physics,1997,69(4):1219-1267.
[14]DASGUPTA D, GONZALEZ F. An Immunogenetic approach to intrusion detection[R]. The University of Memphis, Tech Rep:CS-01-001,2001: 336-349.
[15]DASGUPTA D, KRISHNAKUMAR K. Negative selection algorithm for aircraft fault detection[C]. In Proceedings of Third International Conference on Artificial Immune Systems (ICARIS), Sicily, Italy,2004:1-13.
[16]DASGUPTA D, GONZALEZ F. CIDS:An agent-based intrusion detection system[J]. Commuters&Security,2005,1(24):387-398.
[17]'CASTRO N, TIMMIS J. Artificial Immune System:A new computational intelligence approach [M]. Berlin:Springer,2002:23-50.
[18]ESPONDA F, ACKLEY E S, FORREST S and et al. Online negative databases [C]. In Proceedings of 3rd International Conference on Artificial Immune System. Catania,Italy,2004:175-188.
[19]焦李成,杜海峰.人工免疫系统进展与展望[J].电子学报,2003,31(10): 1540-1547.
[20]FORREST S, PERELSON A S, ALLEN L. Self-nonself discrimination in a computer [C]. In Proceedings of IEEE Society Symposium on Research in Security and Privacy and Privacy 1994, Massachusetts, USA,1994:202-212.
[21]CHAO D L, DAVENPORT M P, FORREST S and et al. Modelling the impact of antigen kinetics on T-cell activation and response [J]. Immunology and Cell Biology.2004,82(1):55-61.
[22]D'HAESELEER P. An immunological approach to change detection: theoretical results [C]. In Proceedins of Computer Security Foundation Workshop 1996, Kenmare, Ireland,1996:18-26.
[23]D'HAESELEER P, FORREST S, HELMAN P. An immunological approach to change detection:algorithm, analysis and implications [C]. In Proceedings of IEEE Symposium of Security and Privacy 1996, Oakland, CA, USA,1996: 110-119.
[24]HAMFEYR S A, FORREST S. Immunity by design:an artificial immune system[C]. In proceedings of Genetic and Evolutionary Computation Conference 1999, San Francisco, USA,1999:1289-1296.
[25]BALTHROP J, FORREST S, CLICKMAN M. Revisiting lisys:parameters and normal behaviour [C]. In proceedings of Congress on Evolutionary computation 2002, Honolulu, HI, USA,2002:1045-1050.
[26]BALTHROP J, ESPONDA F, FORREST S and et al. Coverage and generalization in an artificial immune system [C]. In Proceedings of first International Conference on Artificial Immune System 2002, Canterbury, UK, 2002:3-10.
[27]HARMER P K, WILLIAMS P 0, GUNSCH G H. An artificial immune system architecture for. computer security applications [J]. IEEE Transactions on Evolutionary Computation.2002,6(3):252-280.
[28]STIBOR T, TIMMIS J, ECKET C. On permutation masks in hamming negative selection [C]. In Proceedings of International Conference on Artificial Immune System 2006, Oeiras, Portugal,2006:122-135.
[29]HOFMERY S A. An immunological model of distributed detection and its application to computer security [D]. PhD thesis, University of New Mexico, 1999:31-34.
[30]KIM J, BENTLEY P J. An Evaluating Negative Selection in an Artificial Immune System for Network Intrusion Detection [C]. In Proceedings of Genetic and Evolutionary Computation Conference 2001, San Francisco,2001: 1330-1337.
[31]STIBOR T, TIMMIS J, ECKET C. On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system [C]. In Proceedings of IEEE Congress on Evolutionary Computation 2005, Edinburgh, UK,2005:995-1002.
[32]STIBOR T, TIMMIS J, ECKET C. The link between r-contiguous detectors and k-cnf satisfactory [C]. In Proceedings of IEEE Congress on Evolutionary Computation 2006. Vancouver, BC, Canada,2006:16-21.
[33]STIBOR T, TIMMIS J, ECKET C. Generalization regions in hamming negative selection [C]. In Proceedings of Intelligent Information and Web Mining 2006. Ustron, Poland,2006:447-456.
[34]KAERS J, WHEELER R, VERRELST H. The effect of antibody morphology on non-self detection [C]. In Proceedings of Second International Conference on Artificial Immune Systems 2003. Edinburgh, UK,2003:285-295.
[35]SINGH S. Anomaly detection using negative selection based on the r-contiguous matching rule [C]. In Proceedings of the Conference on Genetic and Evolutionary Computation 2002. Canterbury, UK,2002:299-307.
[36]STIBOR T, BAYAROU K M, ECKET C. An investigation of r-chunk detector generation on higher alphabets [C]. In Proceedings of the Conference on Genetic and Evolutionary Computation 2004, Seattle, New York, USA,2004: 299-307.
[37]LUO WENJIAN, ZHANG ZEMING, WANG XUFA. A heuristic detector generation algorithm for negative selection algorithm with hamming distance partial matching rule [C]. In Proceedings of International Conference on Artificial Immune System 2006, Oeiras, Portugal,2006:229-243.
[38]杨东勇,陈晋因.基于多种群遗传算法的检测器生成算法研究[J].自动化学报,2009,35(4):425-432.
[39]何申,罗文坚,王煦法.一种检测器长度可变的非选择算法[J].软件学报,2007,18(6):1361-1368.
[40]罗文坚,曹先彬,王煦法.检测器自适应生成算法研究[J].自动化学报,2005,35(6):907-916.
[41]程永新,许家贻,陈科.一种新型入侵检测模型及其检测器生成算法[J].电子科技大学学报,2006,35(2):235-238.
[42]刘星宝,蔡自星.种子检测器刺激-应答变异算法研究[J].高技术通讯,2009,19(3):273-278.
[43]张楠,李志蜀,张建华.基于混沌理论的否定选择算法[J].四川大学学报(工程科学版),2006,38(1):124-127.
[44]晏义威,张凤斌,杨晓君.改进的混沌否定选择算法[J].计算机工程,2009,35(11):158-160.
[45]李涛.Idid:一种基于免疫的动态入侵检测模型[J].科学通报,2005,50(17):1912-1919.
[46]李涛.基于免疫的网络安全风险监测[J].中国科学E辑,2005,35(8):798-816.
[47]GONZALEZ F, DASGUPTA D, GOMEZ J. The effect of binary matching rules in negative selection [C]. In Proceedings of Genetic and Evolutionary Computation Conference 2003. Chicago, IL,2003:195-206.
[48]DASGUPTA D, ZHOU JI, GONZALEZ F. Artificial immune system (AIS) research in the last five years [C]. In Proceedings of Evolutionary Computation 2003. Chicago, IL, USA,2003:123-130.
[49]GONZALEZ F, DASGUPTA D, KOZMA R. Combining negative selection and classification technique for anomaly detection [C]. In proceedings of Congress on Evolutionary computation 2002, Honolulu, HI, USA,2002:705-710.
[50]GONZALEZ F, DASGUPTA D. An immunity-based technique to characterize intrusions in computer networks [J]. IEEE Transactions on Evolutionary Computation,2002,6(3):281-291.
[51]GONZALEZ F, DASGUPTA D. Anomaly detection using real-valued negative selection [J]. Journal of Genetic Programming and Evolvable Machines.2003, 4(4):383-403.
[52]GONZALEZ F, DASGUPTA D, Nino L F. A randomized real-valued negative selection algorithm [C]. In Proceedings of Second International Conference on Artificial Immune Systems 2003. Edinburgh, UK,2003:261-272.
[53]ZHOU JI, DASGUPTA D. Real-valued negative selection algorithm with variable-sized detectors. In Proceedings of the Conference on Genetic and Evolutionary Computation 2004. Seattle, New York, USA,2004:287-298.
[54]ZHOU JI, DASGUPTA D. Estimating the detector coverage in a negative selection algorithm. In Proceedings of the Conference on Genetic and Evolutionary Computation 2005. Washington DC, USA,2005:281-288.
[55]ZHOU JI. A boundary-aware negative selection algorithm [C]. In Proceedings of Artificial Intelligence and Soft Computation 2005. Benidom, Spain,2005: 12-19.
[56]ZHOU JI, DASGUPTA D. V-Detector:An efficient negative selection algorithm with "probably adequate" detector coverage [J]. Information Science. 2009,179(10):1390-1406.
[57]TAYLOR D W, CORNE D W. An investigation of the negative selection algorithm for fault detection in refrigeration system [C]. In Proceedings of Second International Conference on Artificial Immune System 2003. Edinburgh, UK,2003:34-45.
[58]DASGUPTA D, KRISHNAKUMAR K, WONG D and et al. Negative selection algorithm for aircraft fault detection [C]. In Proceedings of Third International Conference on Artificial Immune System 2004. Catania, Italy, 2004:1-13.
[59]HAMAKER J S, BOGGESS L. Non-Euclidean distance measures in AIRS, and artificial immune classification system [C]. In Proceedings of Congress on Evolutionary Computation 2004. Poland,OR,2004:1067-1073.
[60]DASGUPTA D, YU SENHUA, MAJUMDAR N S. MILA—multilevel immune learning algorithm [C]. In Proceedings of Genetic and Evolutionary .Computation Conference 2003. Chicago, IL,2003:201-214.
[61]HART E, ROSS P. Studies on the implications of shape-space models for idiotypic networks [C]. In Proceedings of 3rd International Conference on Artificial Immune System 2004. Catania, Italy,2004:413-426.
[62]HART E. Not all balls are around:an investigation of alternative recognition-region shapes [C]. In Proceedings of International Conference on Artificial Immune System 2005. Banff, Alberta, Canada,2005:29-42.
[63]SHAPIRO J M, LAMONT G B, PETERSON G L. An evolutionary algorithm to generate hyper-ellipsoid detector for negative selection [C]. In Proceedings of the Conference on Genetic and Evolutionary Computation 2005. Washington DC, USA,2005:337-344.
[64]BALACHANDRAN S, DASGUPTA D, NINO F and et al. A framework for evolving multi-shaped detectors in negative selection [C]. In Proceedings of IEEE Symposium on Foundations of Computational Intelligence 2007. Honolulu, Hawaii, USA,2007:401-408.
[65]DASGUPTA D, MCGREGOR D R. sGA:a structured genetic algorithm [R]. Research Report IKBS-11-93,1993:24-41.
[66]GUI M, DAS S, PAHWA A. Procreating V-Detectors for nonself recognition:an application to anomaly detection in power systems [C]. In Proceedings of the 9th Annual Conference on Genetic and Evolutionary Computation 2007. London, England,2007:261-268.
[67]XU BIN, ZHUANG YI. Hybrid detector based negative selection algorithm[C]. In Proceedings of 5th International Conference on Wireless Communications Networking and Mobile Computing. Beijing, China,2009:1-4.
[68]GAO X Z, OVASKA S J, WANG X. Genetic algorithm based detector generation in negative selection algorithm [C]. In Proceedings of Adaptive and Learning Systems 2006. Logan, USA,2006:133-137.
[69]AMARAL J L M, AMARAL J F M, MORIN D and et al. An immune fault detection system with automatic detector generation by genetic algorithm [C]. In Proceedings of the Seventh International Conference on Intelligence Systems Design and Applications 2007. Rio de Janeiro, Brazil,2007:283-288.
[70]HU ZHENGBIN, ZHOU JI, MA PING A novel anomaly detection algorithm based on real-valued negative selection [C]. In Proceedings of First International Workshop on Knowledge Discovery and Data Mining 2008. Adelaide, Australia,2008:499-502.
[71]GONZALEZ L J, CANNADY J. A self-adaptive negative selection approach for anomaly detection [C]. In Proceedings of Evolutionary Computation 2004. In Proceedings of Congress on Evolutionary Computation 2004. Poland, OR, 2004:19-23.
[72]AMARAL J L M, AMARAL J F M, Tanscheit R. Real-valued negative selection algorithm with a quasi-monte carlo genetic detector generation [C]. In Proceedings of 6th International Conference on Artificial Immune System 2007. Santos, Brazil,2007:156-167.
[73]LEE H M, MAO C H. A self-adaptive evolutionary negative selection approach for home anomaly events detection [C]. In Proceedings of Knowledge-Based Intelligent Information and Engineering Systems 2007. Vietri sul Mare, Italy, 2007:325-332.
[74]蔡涛,鞠时光,仲魏等.基于切割的检测器生成算法[J].电子学报,2009,37(4A):131-134.
[75]朱思峰,刘芳,柴争义.基于检测器覆盖率评估的否定选择算法[J].华中科技大学学报(自然科学版),2010,37(1):36-40.
[76]刘星宝,蔡自兴.负选择算法中检测器快速生成策略[J].小型微型计算机系统,2009,30(7):1263-1267.
[77]KIM MISUN, KIM MINSOO, SEO JH. Network anomaly behavior detection using an adapitive multiplex detector[C]. In Proceedings of International Conference on Computatinoal Science and its Applications, Glasgow, UK, 2006:154-162.
[78]CHMIELEWSKI A, WIERZCHON S T. Simple method of increasing the coverage of nonself region for negative selection algorithms [C]. In Proceedings of the 6th International Conference on Computation Information Systems and Industrial Management Applications 2007. Elk Poland,2007: 155-160.
[79]CHMIELEWSKI A, WIERZCHON S T. V-Detector algorithm with tree-based structures [C]. In Proceedings of the International Multiconference on Computer Science and Information Technology 2006. Wisla Poland,2006:11- 16.
[80]CHMIELEWSKI A, WIERZCHON S T. Experiments with the V-detector algorithm[J]. Systems Science,2006,32(4):55-63.
[81]CHMIELEWSKI A, WIERZCHON S T. Minimizing overlapping regions for double detectors approach[C]. In Proceedings of the 2009 International Multiconference on Computer Science and Information Technology, Mragowo, Poland,2009:25-30.
[82]CHMIELEWSKI A, WIERZCHON S T. Dual representation of samples for negative selection issues [J]. Computer Assisted Mechanics and Engineering Sciences,2007,14(4):579-590.
[83]蔡涛,鞠时光,牛德姣.快速否定选择算法的研究与分析[J].小型微型计算机系统,2009,30(6):1171-1174.
[84]YI ZHAOXIANG, MU XIAODONG, ZHANG LI and et al. A matrix negative selection algorithm for anomaly detection [C]. In Proceedings of Evolutionary Computation 2008. Hong Kong, China,2008:978-983.
[85]MA WANLI, TRAN D, SHARMA D. Negative selection with antigen feedback in intrusion detection [C]. In Proceedings of 7th International Conference on Artificial Immune System 2008. Phuket, Thailand,2008:200-209.
[86]ZENG JINQUAN, LI TAO, LIU XIAOJIE and et al. A feedback negative selection algorithm to anomaly detection [C]. In Proceedings of the 3rd International Conference on Natural Computation 2007. Haikou, China,2007: 604-608.
[87]ZHANG FENGBIN, WANG DAWEI, WANG SHENGWEN. A self region based real-valued negative selection algorithm [J]. Journal of Harbin Institute of Technology (New Series),2008,15(6):851-855.
[88]URSZULA M K, BARTOSZ K. Multi-class iteratively refined negative selection classifier[J]. Applied Soft Computing Journal,2008,8(2):972-984.
[89]IQAWA K, OHASHI H. A negative selection algorithm for classification and reduction of the noise effect[J]. Applied Soft Computing Journal,2009,9(1): 431-438.
[90]XI LIANG, ZHANG FENGBIN, WANG DAWEI. Optimization of real-valued self set for anomaly detection using Gaussion distribution[C]. In Proceedings of International Conference on Artificial Interlligence and computational Intelligence, Shanghai, China,2009:112-120.
[91]ZHANG QINGHUA, FU YUZHEN, XU BUQONG. A new model of self-adaptive network intrusion detection[C]. In Proceedings of 2008 IEEE Congress on Evolutionary Computation, Hong Kong, China,2008:436-439.
[92]FU HAIDONG, QI XIE. A constructional algorithm of principal and subordinate structure self-set based on decision tree[C]. In Proceedings of 2008 International Conference on Wireless Communications, Networking and Mobile Computing, Dalian, China,2008:1-5.
[93]ADADEH M S, HABIBI J, DANESHI M and et al. Intrusion detection using a hybridization of evolutionary fuzzy systems and artificial immune systems [C]. In Proceedings of Evolutionary Computation 2007. Singapore,2007:3547-3553.
[94]DAL D, ABRAHAM S, ABRAHAM A and et al. Evolutionary induced secondary immunity:an artificial immune systems based intrusion detection systems [C]. In Proceedings of 7th Computer Information Systems and Industrial Management Applications 2008. Ostrava Czech Republic,2008:65-70.
[95]POWERS S T, HE JIE. A hybrid artificial immune system and self organizing map for network intrusion detection [J]. Information Science,2008,178(5): 3024-3042.
[96]FANELLI R L. A hybrid model for immune inspired network intrusion detection [C]. In Proceedings of the 7th International Conference on Artificial Immune Systems 2008. Phuket, Thailand,2008:107-118.
[97]KATJA L, RAINER B, Tansu A and et al. A cooperative AIS framework for intrusion detection [C]. In Proceedings of IEEE International Conference on Communications 2007. Glasgow, Scotland,2007:1409-1416.
[98]HAAG C R, LAMONT G B, WILLIAMS P D and et al. An artificial immune system-inspired multiobjective evolutionary algorithm with application to the detection of distributed computer network intrusions [C]. In Proceedings of the 6th International Conference on Artificial Immune Systems 2007. Santos, Brazil, 2007:2717-2724.
[99]ILHAN A, MEHMET K, ERHAN A. Chaotic-based hybride negative selection algorithm and its applications infault and anomaly detection[J]. Expert Systems with Applications,37(7):5285-5294.
[100]ZHU TIEYING, MA ZHIXING, LIU SHAOJUN and et al. Improved negative selection algorithm based on bloom filter [C]. In Proceedings of 2009 International Conference on E-Business and Information System Security, Wuhan, China,2009:31-35.
[101]FANG XIANJIN, LI LONGSHU. An artificial immune model with vaciine operator for network intrusion detection[C]. In Proceedings of 2008 Pacific-Asia Workshop on Computational Intelligence and Industrial Application, Wuhan, China,2008:488-491.
[102]LUO WENJIAN, GUO PENG, WANG XUFA. On convergence of evolutionary negative selection algorithms for anomaly detection[C]. In Proceedings of 2008 IEEE Congress on Evolutionary Computation, Hong Kong, China:2933-2939.
[103]AKYAZI U SIMAUYAR A. Detection of DDoS attackts via an artificial immune system inspired multiobjective evolutionary algorithm[J]. In Proceedings of EvoApplication 2010, Istanbul, Turkey,2010:1-10.
[104]FU HAIDONG, HU FAN. Intrusion detection algorithm of artificial immune based on decision tree and genetic algorithm[C]. In Proceedings of 4th International Conference on Wireless Communications, Neworking and Mobile Computing, Dalian, China,2008:5-10.
[105]LAURENTYS C A, RONACHE G, PALHARES R M and et al. Design of aritificial immune for fault detection:a negative selection approach [J]. Expert Systems with Application,2010,37(7):5507-5513.
[106]CECILIA S, KEITH W. Novelty detection in a changing environment:a negative selection approach[J]. Mechnical Systems and Signal Processing, 2010,24(4):1114-1128.
[107]PLETT E, DAS S. A new algorithm based on negative selection and idiotypic networks for generating parsimonious detector sets for industrial fault detection applications[C]. In Proceedings of 8th International Conference on Artificial Immune Systems. York, UK,2009:288-300.
[108]BERETA M, BURCZYNSKI T. Immune k-means and negative selection algorithms for data analysis[J]. Information Science,2009,179(10):1407-1425.
[109]唐骏.基于否定选择算法的身份认证技术[J].计算机应用,2009,29(9): 3191-3193.
[110]陈云芳,王如传.基于免疫算法的分类器设计[J].计算机科学,2008,35(2):133-136.
[111]XU BAOLIANG, LUO WENJIAN, WANG XUFA. A preliminary study on why using the nonself detector set for anomaly detection in artificial immune systems[C]. In Proceedings of 2009 International Conference on Computational Intelligence and Security, Beijing, China,2009:559-564.
[112]ZHOU JI, DASGUPTA D. Augmented negative selection algorithm with variable-coverage detectors [C]. In Proceedings of Evolutionary Computation 2004. Portland, OR, USA,2004:1081-1088.
[113]STIBOR T, TIMMIS J, ECKERT C. A. comparative study of real-valued negative selection to statistical anomaly detection techniques [C]. In Proceedings of 4th International Conference on Artificial Immune Systems 2005. Banff, Alta, Canada,2005:262-275.
[114]STIBOR T, TIMMIS J. Commnets on real-valed negative selection vs. real-valued positive selection and one-Class SVM [C]. In Proceedings of Evolutionary Computation 2007. Singapore,2007:3727-3734.
[115]STIBOR T, TIMMIS J, ECKERT C. On the use of hyperspheres in artificial immune systems as antibody recognition regions [C]. In Proceedings of 5th International Conference on Artificial Immune Systems 2006. Oeiras, Portugal, 2006:215-228.
[116]ZHOU JI, DASGUPTA D. Applicability issues of the real-valued negative selection algorithms [C]. In Proceedings of Genetic and Evolutionary Computation Conference 2006. Seattle, WA, USA,2006:111-118.
[117]郑军,胡铭曾,云晓春等。基于数据流方法的大规模网络异常发现[J].通信学报,2006,27(2):1-8.
[118]冯文峰,郭巧,王利等.基于多维数据模型的网络流量分析系统[J].计算机工程,2006,32(3):122-124.
[119]ESTAN C, KEYS K, MOORE D and et al. Building a better netflow [C]. In Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. Portland, Oregon, USA,2004:245-256.
[120]MUTHUKRISHMAN S. Data streams:algorithms and applications [J]. Foundations and Trends in Theoretical Computer Science,2005,1(2):117-136.
[2]穆成坡,黄厚宽,田盛丰等.自动入侵响应决策技术的研究综述[J].计算机研究与发展,2008,45(8):1290-1298.
[3]岳兵,傅红娟,刘伯莹等.完善入侵检测系统审计信息的方法[J].计算机学报,2003,25(7):772-777.
[4]HART E, TIMMIS J. Application areas of AIS:the past, the present and the future [J]. Applied Soft Computing,2005,8(1):191-201.
[5]BRANCO P J C, DENTE J A. Using immunology principle for fault detection [J]. Industrial Electronics.2003,50(2):362-373.
[6]BOUKERCHE A, MACHADO R B, JUCA R L. An agent based and biological inspired real-Time intrusion detection and security model for computer network operations [J]. Computer Communications,2007,30(13):2649-2660.
[7]杨海松,李津生,洪佩林.分布开放式的入侵检测与相应架构—IDRA[J].计算机学报,2004,26(9):1176-1182.
[8]陈行,陶军.无线网络中基于贝叶斯博弈模型的入侵检测算法研究[J].通信学报,2010,31(2):107-119.
[9]朱文涛,李津生,冯登国.基于路由器代理的分布式湮没检测系统[J].计算机学报,2006,26(11):1585-1590.
[10]李涛.基于免疫的网络监控模型[J]。计算机学报,2006,2(9):1515-1522.
[11]严宣辉.应用疫苗接种策略的免疫入侵检测模型[J].电子学报,2009,37(4):780-789.
[12]肖人彬,王磊.人工免疫系统:原理,模型,分析及展望[J].计算机学报,2002,25(12):1281-1293.
[13]PERELSON A S, WEISVUCH D. Immunology for physicists [J]. Rev. of Modern Physics,1997,69(4):1219-1267.
[14]DASGUPTA D, GONZALEZ F. An Immunogenetic approach to intrusion detection[R]. The University of Memphis, Tech Rep:CS-01-001,2001: 336-349.
[15]DASGUPTA D, KRISHNAKUMAR K. Negative selection algorithm for aircraft fault detection[C]. In Proceedings of Third International Conference on Artificial Immune Systems (ICARIS), Sicily, Italy,2004:1-13.
[16]DASGUPTA D, GONZALEZ F. CIDS:An agent-based intrusion detection system[J]. Commuters&Security,2005,1(24):387-398.
[17]'CASTRO N, TIMMIS J. Artificial Immune System:A new computational intelligence approach [M]. Berlin:Springer,2002:23-50.
[18]ESPONDA F, ACKLEY E S, FORREST S and et al. Online negative databases [C]. In Proceedings of 3rd International Conference on Artificial Immune System. Catania,Italy,2004:175-188.
[19]焦李成,杜海峰.人工免疫系统进展与展望[J].电子学报,2003,31(10): 1540-1547.
[20]FORREST S, PERELSON A S, ALLEN L. Self-nonself discrimination in a computer [C]. In Proceedings of IEEE Society Symposium on Research in Security and Privacy and Privacy 1994, Massachusetts, USA,1994:202-212.
[21]CHAO D L, DAVENPORT M P, FORREST S and et al. Modelling the impact of antigen kinetics on T-cell activation and response [J]. Immunology and Cell Biology.2004,82(1):55-61.
[22]D'HAESELEER P. An immunological approach to change detection: theoretical results [C]. In Proceedins of Computer Security Foundation Workshop 1996, Kenmare, Ireland,1996:18-26.
[23]D'HAESELEER P, FORREST S, HELMAN P. An immunological approach to change detection:algorithm, analysis and implications [C]. In Proceedings of IEEE Symposium of Security and Privacy 1996, Oakland, CA, USA,1996: 110-119.
[24]HAMFEYR S A, FORREST S. Immunity by design:an artificial immune system[C]. In proceedings of Genetic and Evolutionary Computation Conference 1999, San Francisco, USA,1999:1289-1296.
[25]BALTHROP J, FORREST S, CLICKMAN M. Revisiting lisys:parameters and normal behaviour [C]. In proceedings of Congress on Evolutionary computation 2002, Honolulu, HI, USA,2002:1045-1050.
[26]BALTHROP J, ESPONDA F, FORREST S and et al. Coverage and generalization in an artificial immune system [C]. In Proceedings of first International Conference on Artificial Immune System 2002, Canterbury, UK, 2002:3-10.
[27]HARMER P K, WILLIAMS P 0, GUNSCH G H. An artificial immune system architecture for. computer security applications [J]. IEEE Transactions on Evolutionary Computation.2002,6(3):252-280.
[28]STIBOR T, TIMMIS J, ECKET C. On permutation masks in hamming negative selection [C]. In Proceedings of International Conference on Artificial Immune System 2006, Oeiras, Portugal,2006:122-135.
[29]HOFMERY S A. An immunological model of distributed detection and its application to computer security [D]. PhD thesis, University of New Mexico, 1999:31-34.
[30]KIM J, BENTLEY P J. An Evaluating Negative Selection in an Artificial Immune System for Network Intrusion Detection [C]. In Proceedings of Genetic and Evolutionary Computation Conference 2001, San Francisco,2001: 1330-1337.
[31]STIBOR T, TIMMIS J, ECKET C. On the appropriateness of negative selection defined over hamming shape-space as a network intrusion detection system [C]. In Proceedings of IEEE Congress on Evolutionary Computation 2005, Edinburgh, UK,2005:995-1002.
[32]STIBOR T, TIMMIS J, ECKET C. The link between r-contiguous detectors and k-cnf satisfactory [C]. In Proceedings of IEEE Congress on Evolutionary Computation 2006. Vancouver, BC, Canada,2006:16-21.
[33]STIBOR T, TIMMIS J, ECKET C. Generalization regions in hamming negative selection [C]. In Proceedings of Intelligent Information and Web Mining 2006. Ustron, Poland,2006:447-456.
[34]KAERS J, WHEELER R, VERRELST H. The effect of antibody morphology on non-self detection [C]. In Proceedings of Second International Conference on Artificial Immune Systems 2003. Edinburgh, UK,2003:285-295.
[35]SINGH S. Anomaly detection using negative selection based on the r-contiguous matching rule [C]. In Proceedings of the Conference on Genetic and Evolutionary Computation 2002. Canterbury, UK,2002:299-307.
[36]STIBOR T, BAYAROU K M, ECKET C. An investigation of r-chunk detector generation on higher alphabets [C]. In Proceedings of the Conference on Genetic and Evolutionary Computation 2004, Seattle, New York, USA,2004: 299-307.
[37]LUO WENJIAN, ZHANG ZEMING, WANG XUFA. A heuristic detector generation algorithm for negative selection algorithm with hamming distance partial matching rule [C]. In Proceedings of International Conference on Artificial Immune System 2006, Oeiras, Portugal,2006:229-243.
[38]杨东勇,陈晋因.基于多种群遗传算法的检测器生成算法研究[J].自动化学报,2009,35(4):425-432.
[39]何申,罗文坚,王煦法.一种检测器长度可变的非选择算法[J].软件学报,2007,18(6):1361-1368.
[40]罗文坚,曹先彬,王煦法.检测器自适应生成算法研究[J].自动化学报,2005,35(6):907-916.
[41]程永新,许家贻,陈科.一种新型入侵检测模型及其检测器生成算法[J].电子科技大学学报,2006,35(2):235-238.
[42]刘星宝,蔡自星.种子检测器刺激-应答变异算法研究[J].高技术通讯,2009,19(3):273-278.
[43]张楠,李志蜀,张建华.基于混沌理论的否定选择算法[J].四川大学学报(工程科学版),2006,38(1):124-127.
[44]晏义威,张凤斌,杨晓君.改进的混沌否定选择算法[J].计算机工程,2009,35(11):158-160.
[45]李涛.Idid:一种基于免疫的动态入侵检测模型[J].科学通报,2005,50(17):1912-1919.
[46]李涛.基于免疫的网络安全风险监测[J].中国科学E辑,2005,35(8):798-816.
[47]GONZALEZ F, DASGUPTA D, GOMEZ J. The effect of binary matching rules in negative selection [C]. In Proceedings of Genetic and Evolutionary Computation Conference 2003. Chicago, IL,2003:195-206.
[48]DASGUPTA D, ZHOU JI, GONZALEZ F. Artificial immune system (AIS) research in the last five years [C]. In Proceedings of Evolutionary Computation 2003. Chicago, IL, USA,2003:123-130.
[49]GONZALEZ F, DASGUPTA D, KOZMA R. Combining negative selection and classification technique for anomaly detection [C]. In proceedings of Congress on Evolutionary computation 2002, Honolulu, HI, USA,2002:705-710.
[50]GONZALEZ F, DASGUPTA D. An immunity-based technique to characterize intrusions in computer networks [J]. IEEE Transactions on Evolutionary Computation,2002,6(3):281-291.
[51]GONZALEZ F, DASGUPTA D. Anomaly detection using real-valued negative selection [J]. Journal of Genetic Programming and Evolvable Machines.2003, 4(4):383-403.
[52]GONZALEZ F, DASGUPTA D, Nino L F. A randomized real-valued negative selection algorithm [C]. In Proceedings of Second International Conference on Artificial Immune Systems 2003. Edinburgh, UK,2003:261-272.
[53]ZHOU JI, DASGUPTA D. Real-valued negative selection algorithm with variable-sized detectors. In Proceedings of the Conference on Genetic and Evolutionary Computation 2004. Seattle, New York, USA,2004:287-298.
[54]ZHOU JI, DASGUPTA D. Estimating the detector coverage in a negative selection algorithm. In Proceedings of the Conference on Genetic and Evolutionary Computation 2005. Washington DC, USA,2005:281-288.
[55]ZHOU JI. A boundary-aware negative selection algorithm [C]. In Proceedings of Artificial Intelligence and Soft Computation 2005. Benidom, Spain,2005: 12-19.
[56]ZHOU JI, DASGUPTA D. V-Detector:An efficient negative selection algorithm with "probably adequate" detector coverage [J]. Information Science. 2009,179(10):1390-1406.
[57]TAYLOR D W, CORNE D W. An investigation of the negative selection algorithm for fault detection in refrigeration system [C]. In Proceedings of Second International Conference on Artificial Immune System 2003. Edinburgh, UK,2003:34-45.
[58]DASGUPTA D, KRISHNAKUMAR K, WONG D and et al. Negative selection algorithm for aircraft fault detection [C]. In Proceedings of Third International Conference on Artificial Immune System 2004. Catania, Italy, 2004:1-13.
[59]HAMAKER J S, BOGGESS L. Non-Euclidean distance measures in AIRS, and artificial immune classification system [C]. In Proceedings of Congress on Evolutionary Computation 2004. Poland,OR,2004:1067-1073.
[60]DASGUPTA D, YU SENHUA, MAJUMDAR N S. MILA—multilevel immune learning algorithm [C]. In Proceedings of Genetic and Evolutionary .Computation Conference 2003. Chicago, IL,2003:201-214.
[61]HART E, ROSS P. Studies on the implications of shape-space models for idiotypic networks [C]. In Proceedings of 3rd International Conference on Artificial Immune System 2004. Catania, Italy,2004:413-426.
[62]HART E. Not all balls are around:an investigation of alternative recognition-region shapes [C]. In Proceedings of International Conference on Artificial Immune System 2005. Banff, Alberta, Canada,2005:29-42.
[63]SHAPIRO J M, LAMONT G B, PETERSON G L. An evolutionary algorithm to generate hyper-ellipsoid detector for negative selection [C]. In Proceedings of the Conference on Genetic and Evolutionary Computation 2005. Washington DC, USA,2005:337-344.
[64]BALACHANDRAN S, DASGUPTA D, NINO F and et al. A framework for evolving multi-shaped detectors in negative selection [C]. In Proceedings of IEEE Symposium on Foundations of Computational Intelligence 2007. Honolulu, Hawaii, USA,2007:401-408.
[65]DASGUPTA D, MCGREGOR D R. sGA:a structured genetic algorithm [R]. Research Report IKBS-11-93,1993:24-41.
[66]GUI M, DAS S, PAHWA A. Procreating V-Detectors for nonself recognition:an application to anomaly detection in power systems [C]. In Proceedings of the 9th Annual Conference on Genetic and Evolutionary Computation 2007. London, England,2007:261-268.
[67]XU BIN, ZHUANG YI. Hybrid detector based negative selection algorithm[C]. In Proceedings of 5th International Conference on Wireless Communications Networking and Mobile Computing. Beijing, China,2009:1-4.
[68]GAO X Z, OVASKA S J, WANG X. Genetic algorithm based detector generation in negative selection algorithm [C]. In Proceedings of Adaptive and Learning Systems 2006. Logan, USA,2006:133-137.
[69]AMARAL J L M, AMARAL J F M, MORIN D and et al. An immune fault detection system with automatic detector generation by genetic algorithm [C]. In Proceedings of the Seventh International Conference on Intelligence Systems Design and Applications 2007. Rio de Janeiro, Brazil,2007:283-288.
[70]HU ZHENGBIN, ZHOU JI, MA PING A novel anomaly detection algorithm based on real-valued negative selection [C]. In Proceedings of First International Workshop on Knowledge Discovery and Data Mining 2008. Adelaide, Australia,2008:499-502.
[71]GONZALEZ L J, CANNADY J. A self-adaptive negative selection approach for anomaly detection [C]. In Proceedings of Evolutionary Computation 2004. In Proceedings of Congress on Evolutionary Computation 2004. Poland, OR, 2004:19-23.
[72]AMARAL J L M, AMARAL J F M, Tanscheit R. Real-valued negative selection algorithm with a quasi-monte carlo genetic detector generation [C]. In Proceedings of 6th International Conference on Artificial Immune System 2007. Santos, Brazil,2007:156-167.
[73]LEE H M, MAO C H. A self-adaptive evolutionary negative selection approach for home anomaly events detection [C]. In Proceedings of Knowledge-Based Intelligent Information and Engineering Systems 2007. Vietri sul Mare, Italy, 2007:325-332.
[74]蔡涛,鞠时光,仲魏等.基于切割的检测器生成算法[J].电子学报,2009,37(4A):131-134.
[75]朱思峰,刘芳,柴争义.基于检测器覆盖率评估的否定选择算法[J].华中科技大学学报(自然科学版),2010,37(1):36-40.
[76]刘星宝,蔡自兴.负选择算法中检测器快速生成策略[J].小型微型计算机系统,2009,30(7):1263-1267.
[77]KIM MISUN, KIM MINSOO, SEO JH. Network anomaly behavior detection using an adapitive multiplex detector[C]. In Proceedings of International Conference on Computatinoal Science and its Applications, Glasgow, UK, 2006:154-162.
[78]CHMIELEWSKI A, WIERZCHON S T. Simple method of increasing the coverage of nonself region for negative selection algorithms [C]. In Proceedings of the 6th International Conference on Computation Information Systems and Industrial Management Applications 2007. Elk Poland,2007: 155-160.
[79]CHMIELEWSKI A, WIERZCHON S T. V-Detector algorithm with tree-based structures [C]. In Proceedings of the International Multiconference on Computer Science and Information Technology 2006. Wisla Poland,2006:11- 16.
[80]CHMIELEWSKI A, WIERZCHON S T. Experiments with the V-detector algorithm[J]. Systems Science,2006,32(4):55-63.
[81]CHMIELEWSKI A, WIERZCHON S T. Minimizing overlapping regions for double detectors approach[C]. In Proceedings of the 2009 International Multiconference on Computer Science and Information Technology, Mragowo, Poland,2009:25-30.
[82]CHMIELEWSKI A, WIERZCHON S T. Dual representation of samples for negative selection issues [J]. Computer Assisted Mechanics and Engineering Sciences,2007,14(4):579-590.
[83]蔡涛,鞠时光,牛德姣.快速否定选择算法的研究与分析[J].小型微型计算机系统,2009,30(6):1171-1174.
[84]YI ZHAOXIANG, MU XIAODONG, ZHANG LI and et al. A matrix negative selection algorithm for anomaly detection [C]. In Proceedings of Evolutionary Computation 2008. Hong Kong, China,2008:978-983.
[85]MA WANLI, TRAN D, SHARMA D. Negative selection with antigen feedback in intrusion detection [C]. In Proceedings of 7th International Conference on Artificial Immune System 2008. Phuket, Thailand,2008:200-209.
[86]ZENG JINQUAN, LI TAO, LIU XIAOJIE and et al. A feedback negative selection algorithm to anomaly detection [C]. In Proceedings of the 3rd International Conference on Natural Computation 2007. Haikou, China,2007: 604-608.
[87]ZHANG FENGBIN, WANG DAWEI, WANG SHENGWEN. A self region based real-valued negative selection algorithm [J]. Journal of Harbin Institute of Technology (New Series),2008,15(6):851-855.
[88]URSZULA M K, BARTOSZ K. Multi-class iteratively refined negative selection classifier[J]. Applied Soft Computing Journal,2008,8(2):972-984.
[89]IQAWA K, OHASHI H. A negative selection algorithm for classification and reduction of the noise effect[J]. Applied Soft Computing Journal,2009,9(1): 431-438.
[90]XI LIANG, ZHANG FENGBIN, WANG DAWEI. Optimization of real-valued self set for anomaly detection using Gaussion distribution[C]. In Proceedings of International Conference on Artificial Interlligence and computational Intelligence, Shanghai, China,2009:112-120.
[91]ZHANG QINGHUA, FU YUZHEN, XU BUQONG. A new model of self-adaptive network intrusion detection[C]. In Proceedings of 2008 IEEE Congress on Evolutionary Computation, Hong Kong, China,2008:436-439.
[92]FU HAIDONG, QI XIE. A constructional algorithm of principal and subordinate structure self-set based on decision tree[C]. In Proceedings of 2008 International Conference on Wireless Communications, Networking and Mobile Computing, Dalian, China,2008:1-5.
[93]ADADEH M S, HABIBI J, DANESHI M and et al. Intrusion detection using a hybridization of evolutionary fuzzy systems and artificial immune systems [C]. In Proceedings of Evolutionary Computation 2007. Singapore,2007:3547-3553.
[94]DAL D, ABRAHAM S, ABRAHAM A and et al. Evolutionary induced secondary immunity:an artificial immune systems based intrusion detection systems [C]. In Proceedings of 7th Computer Information Systems and Industrial Management Applications 2008. Ostrava Czech Republic,2008:65-70.
[95]POWERS S T, HE JIE. A hybrid artificial immune system and self organizing map for network intrusion detection [J]. Information Science,2008,178(5): 3024-3042.
[96]FANELLI R L. A hybrid model for immune inspired network intrusion detection [C]. In Proceedings of the 7th International Conference on Artificial Immune Systems 2008. Phuket, Thailand,2008:107-118.
[97]KATJA L, RAINER B, Tansu A and et al. A cooperative AIS framework for intrusion detection [C]. In Proceedings of IEEE International Conference on Communications 2007. Glasgow, Scotland,2007:1409-1416.
[98]HAAG C R, LAMONT G B, WILLIAMS P D and et al. An artificial immune system-inspired multiobjective evolutionary algorithm with application to the detection of distributed computer network intrusions [C]. In Proceedings of the 6th International Conference on Artificial Immune Systems 2007. Santos, Brazil, 2007:2717-2724.
[99]ILHAN A, MEHMET K, ERHAN A. Chaotic-based hybride negative selection algorithm and its applications infault and anomaly detection[J]. Expert Systems with Applications,37(7):5285-5294.
[100]ZHU TIEYING, MA ZHIXING, LIU SHAOJUN and et al. Improved negative selection algorithm based on bloom filter [C]. In Proceedings of 2009 International Conference on E-Business and Information System Security, Wuhan, China,2009:31-35.
[101]FANG XIANJIN, LI LONGSHU. An artificial immune model with vaciine operator for network intrusion detection[C]. In Proceedings of 2008 Pacific-Asia Workshop on Computational Intelligence and Industrial Application, Wuhan, China,2008:488-491.
[102]LUO WENJIAN, GUO PENG, WANG XUFA. On convergence of evolutionary negative selection algorithms for anomaly detection[C]. In Proceedings of 2008 IEEE Congress on Evolutionary Computation, Hong Kong, China:2933-2939.
[103]AKYAZI U SIMAUYAR A. Detection of DDoS attackts via an artificial immune system inspired multiobjective evolutionary algorithm[J]. In Proceedings of EvoApplication 2010, Istanbul, Turkey,2010:1-10.
[104]FU HAIDONG, HU FAN. Intrusion detection algorithm of artificial immune based on decision tree and genetic algorithm[C]. In Proceedings of 4th International Conference on Wireless Communications, Neworking and Mobile Computing, Dalian, China,2008:5-10.
[105]LAURENTYS C A, RONACHE G, PALHARES R M and et al. Design of aritificial immune for fault detection:a negative selection approach [J]. Expert Systems with Application,2010,37(7):5507-5513.
[106]CECILIA S, KEITH W. Novelty detection in a changing environment:a negative selection approach[J]. Mechnical Systems and Signal Processing, 2010,24(4):1114-1128.
[107]PLETT E, DAS S. A new algorithm based on negative selection and idiotypic networks for generating parsimonious detector sets for industrial fault detection applications[C]. In Proceedings of 8th International Conference on Artificial Immune Systems. York, UK,2009:288-300.
[108]BERETA M, BURCZYNSKI T. Immune k-means and negative selection algorithms for data analysis[J]. Information Science,2009,179(10):1407-1425.
[109]唐骏.基于否定选择算法的身份认证技术[J].计算机应用,2009,29(9): 3191-3193.
[110]陈云芳,王如传.基于免疫算法的分类器设计[J].计算机科学,2008,35(2):133-136.
[111]XU BAOLIANG, LUO WENJIAN, WANG XUFA. A preliminary study on why using the nonself detector set for anomaly detection in artificial immune systems[C]. In Proceedings of 2009 International Conference on Computational Intelligence and Security, Beijing, China,2009:559-564.
[112]ZHOU JI, DASGUPTA D. Augmented negative selection algorithm with variable-coverage detectors [C]. In Proceedings of Evolutionary Computation 2004. Portland, OR, USA,2004:1081-1088.
[113]STIBOR T, TIMMIS J, ECKERT C. A. comparative study of real-valued negative selection to statistical anomaly detection techniques [C]. In Proceedings of 4th International Conference on Artificial Immune Systems 2005. Banff, Alta, Canada,2005:262-275.
[114]STIBOR T, TIMMIS J. Commnets on real-valed negative selection vs. real-valued positive selection and one-Class SVM [C]. In Proceedings of Evolutionary Computation 2007. Singapore,2007:3727-3734.
[115]STIBOR T, TIMMIS J, ECKERT C. On the use of hyperspheres in artificial immune systems as antibody recognition regions [C]. In Proceedings of 5th International Conference on Artificial Immune Systems 2006. Oeiras, Portugal, 2006:215-228.
[116]ZHOU JI, DASGUPTA D. Applicability issues of the real-valued negative selection algorithms [C]. In Proceedings of Genetic and Evolutionary Computation Conference 2006. Seattle, WA, USA,2006:111-118.
[117]郑军,胡铭曾,云晓春等。基于数据流方法的大规模网络异常发现[J].通信学报,2006,27(2):1-8.
[118]冯文峰,郭巧,王利等.基于多维数据模型的网络流量分析系统[J].计算机工程,2006,32(3):122-124.
[119]ESTAN C, KEYS K, MOORE D and et al. Building a better netflow [C]. In Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. Portland, Oregon, USA,2004:245-256.
[120]MUTHUKRISHMAN S. Data streams:algorithms and applications [J]. Foundations and Trends in Theoretical Computer Science,2005,1(2):117-136.