神经网络在入侵检测系统中的研究
|
摘要
随着黑客入侵事件的日益猖獗,人们发现只从防御的角度构造安全系统是不够的。入侵检测技术是继“防火墙”、“数据加密”等传统安全保护措施后新一代的安全保障技术。他对计算机和网络资源上的恶意使用行为进行识别和响应,它不仅检测来自外部的入侵行为,同时也监督内部用户的未授权活动。
本文从介绍入侵检测的基本概念入手,分析现有IDS模型与IDS产品中的常用入侵检测方法,发现这些方法均存在不足,使得IDS产品难以满足IDS所需要的实时性、适应性、准确性和自学习能力等方面的需求。然后通过对神经网络的研究表明,神经网络在概念和处理方法上都很适合入侵检测系统的要求,研究与设计出并实现基于神经网络的入侵检测系统,将具有重要的理论与实用意义。并对神经网络理论中的采用BP或者采用改进的BP神经网络Levenberg-Marquardt优化算法和相关知识进行了描述。在此基础上,本论文提出在IDS模型设计中引入神经网络技术,研究如何将神经网络成功应用于入侵检测,并给出了一个基于神经网络的网络入侵检测系统的模型,阐述了该模型的设计思想、模型原理图,并就系统模型中各模块的原理和实现给予详细的介绍。最后通过训练过程和检测过程对实验的结果进行了比较客观的分析,实验的结果也比较令人满意,说明神经网络在基于网络的入侵检测方面具有很大的优势。
With more and more site intruded by hackers, security expert found than only use crypt technology to build a security system is not enough. The Intrusion Detection is a new security technology, apart from tradition security protect technology, such as firewall and data crypt. IDSs watch the computer and network traffic for intrusive and suspicious activities, they not only detect the intrusion from the Extranet hacker, but also the intranet users.
This paper open with some elemental conceptions and theories of IDS. The paper analyzes intrusion-detection technique in existing IDS models and IDS products, discovers they are limited and hard to meet IDS ' s needs which occupies real-time character, adaptability, accuracy and the ability of self-learning. Then study upon on neural network, the paper finds it is very suitable for the IDS in concept. An intrusion-detection system based on neural network will play a much role in the theory and practical if it can be designed and implemented. And the paper gives a detailed describing to the deducing of BP algorithm and its betterment arithmetic of Levenberg-Marquardt(LM) optimized algorithm.
This paper introduces the neural network technology in IDS model, And put forward a detailed design scheme of intrusion-detection model based on neural network. Great emphasis was put in key modules. Lastly according experimental through training and intrusion procedure, we get a fairly analysis, which indicates the neural network has a very great advantage in intrusion detection. Finally, according to the result, the writer put forward some questions and some new ideas.
本文从介绍入侵检测的基本概念入手,分析现有IDS模型与IDS产品中的常用入侵检测方法,发现这些方法均存在不足,使得IDS产品难以满足IDS所需要的实时性、适应性、准确性和自学习能力等方面的需求。然后通过对神经网络的研究表明,神经网络在概念和处理方法上都很适合入侵检测系统的要求,研究与设计出并实现基于神经网络的入侵检测系统,将具有重要的理论与实用意义。并对神经网络理论中的采用BP或者采用改进的BP神经网络Levenberg-Marquardt优化算法和相关知识进行了描述。在此基础上,本论文提出在IDS模型设计中引入神经网络技术,研究如何将神经网络成功应用于入侵检测,并给出了一个基于神经网络的网络入侵检测系统的模型,阐述了该模型的设计思想、模型原理图,并就系统模型中各模块的原理和实现给予详细的介绍。最后通过训练过程和检测过程对实验的结果进行了比较客观的分析,实验的结果也比较令人满意,说明神经网络在基于网络的入侵检测方面具有很大的优势。
With more and more site intruded by hackers, security expert found than only use crypt technology to build a security system is not enough. The Intrusion Detection is a new security technology, apart from tradition security protect technology, such as firewall and data crypt. IDSs watch the computer and network traffic for intrusive and suspicious activities, they not only detect the intrusion from the Extranet hacker, but also the intranet users.
This paper open with some elemental conceptions and theories of IDS. The paper analyzes intrusion-detection technique in existing IDS models and IDS products, discovers they are limited and hard to meet IDS ' s needs which occupies real-time character, adaptability, accuracy and the ability of self-learning. Then study upon on neural network, the paper finds it is very suitable for the IDS in concept. An intrusion-detection system based on neural network will play a much role in the theory and practical if it can be designed and implemented. And the paper gives a detailed describing to the deducing of BP algorithm and its betterment arithmetic of Levenberg-Marquardt(LM) optimized algorithm.
This paper introduces the neural network technology in IDS model, And put forward a detailed design scheme of intrusion-detection model based on neural network. Great emphasis was put in key modules. Lastly according experimental through training and intrusion procedure, we get a fairly analysis, which indicates the neural network has a very great advantage in intrusion detection. Finally, according to the result, the writer put forward some questions and some new ideas.
引文
[1] R. Agrawal and R. Srikant. Fast algorithms for mining association rules. In Proceedings of the 20th VLDB Conference, Santiago, Chile, 1994.
[2] R. Agrawal and R. Srikant. Mining sequential patterns, In Proceedings of the 11th International Conference on Data Engineering, Taipei, Taiwan, 1995.
[3] R. Agrawal, T. Imielinski, and A. Swami. Mining association rules between sets of items in arge databases. In Proceedings of the ACM SIGMOD Conference on Management of Data, pages 207 "C216, 1993.
[4] Atkins, P. Buis, C. Hare, R. Kelley, C. Nachenberg, A. B. Nelson, P. Phillips, T. Ritchey, and W. Steen. Internet Security Professional Reference. New Riders Publishirg, 1996.
[5] S. M. Bellovin. Security problems in the TCP/IP protocol suite. Computer Communication??Review ,19(2):32(?).C48,April 1989..170
[6] P.K.Chan and S.J.Stolfo.Toward paralle and distributed learning by meta-earning.In AAAI Workshop in Knowledge Discovery in Databases ,pages 227 (?)C240,1993.
[7] P.Clark and T.Niblett.The CN2 induction algorithm.Machine Learning ,3(4):261 (?)C283,1989.
[8] S.Forrest,S.A.Hofmeyr,A.Somayaji,and T.A.Longsta.. A sense of self for Unix processes.In Proceedings of the 1996 IEEE Symposium on.172 Security and Privacy ,pages 120 (?)C128,Los Alamitos,CA,1996.IEEE Computer Society Press.
[9] J.Frank.Arti .cial intelligence and intrusion detection:Current andfuture directions.In Proceedings of the 17th National Computer Security Conference .October 1994.
[10] F.T.Grampp and R.H.Morris.Unix system security.AT&T Bell Laboratories Technical Journal ,63(8):1649 (?)C1672,October 1984.
[11] R.Heady,GLuger,A.Maccabe,and M.Servilla.The architecture of a network evel intrusion detection systein.Technica report,Computer Science Department,University of New Mexico, August 1990.
[12] K.II .at .onen,M.Klemettinen,H.Mannila,and P.Ronkainenand H.toivonen.TASA:Telecommunication alarm sequence analyzer.ln Proceedings of the IEEE/IFIP 1996 Ne(?)work Operations and Management Symposium .April 1996.
[12] K.Ilgun.R.A.Kemmerer,and P.A.Porras.State transition analysis:A rule-based intrusion detection approach.IEEE Transactions on Software Engineering ,21(3):181 (?)C199,March 1995.
[13] Koral Ilgun.USTAT:A real-time intrusion detection system for Unix.Master Zs thesis.University of California at Santa Barbara,November 1992.. 173
[14] V.Jacobson,C.Leres,and S.McCanne.tcpdump .available via anonymous ftp to ftp.ee.lbl.gov,June 1989.
[15] E.Jonsson and T.01ovsson.A quantitative model of the security intrusion process based on attacker behavior.IEEE Transactions on Software Engineering ,23(4),April 1997.
[16]M.Klemettinen,H.Mannila,P.Ronkainen,H.Toivonen,and.I.Verkamo.Finding interesting rules from large sets of discovered association rules.In Proceedings of the 3rd International Conference on Information and Knowledge Management (CIKM '94),pages 401 C407,Gainthersburg,MD, 1994.
[17] C.Ko,GFink,and K.Levitt.Automated detection of vulnerabilities in privileged programs by execution monitoring.In Proceedings of the 10~th Annual Computer Security Applications Conference ,pages 134 (?)C144,December 1994.
[18] S.Kumar and E.H.Spa .ord.A software architecture to support misuse intrusion detection.In Proceedings of the 18th National Information Security Conference .pages 194 (?)C204.1995.
[19] W.Lee and S.J.Stolfo.Data mining approaches for intrusion detection.In Proceedings of the 7th USENIX Security Symposium ,San Antonio,TX,January 1998.
[20] W.Lee,S.J.Stolfo,and K.W.Mol.Mining audit data to build intrusion detection models.In Proceedings of the 4th International Conference. 174 on Knowledge Discovery and Data Mining ,New York,NY,August 1998.AAAI Press.
[21] W.Lee,S.J.Stolfo,and K.W.Mok.A data mining frame work for building intrusion detection models.In Proceedings of the 1999 IEEE Symposium on Security and Privacy ,May 1999.
[21] S.McClure,J.Scambray,and J.Broderick.Test Center Comparison:Network intrusion-detection solutions.In INFOWORLD May 4,1998 .INFOWORLD.1998.
[22] Network Flight Recorder Inc. Network. light recorder. http://www.nfr.com,1997.
[23] V. Paxson. End-to-end internet packet dynamics. In Proceedings of SIGCOMM '97, September 1997.
[24] V. Paxson. Bro: A system for detecting network intruders in real-time. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, 1998.
[25] P. A. Porras and P. G. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In National Information Systems Security Conference, Baltimore MD, October 1997.. 176
[26] P. A. Porras and A. Valdes. Live tra. c analysis of TCP/IP gateways. In Proceedings of the Internel Society Symposium on Network and Distributed System Security, March 1998.
[27] SunSoft. SunSHIELD Basic Security Module Guide. SunSoft, Mountain View, CA, 1995.
[28] Sandeep Kumar. CLASSIFICATION AND DETECTION OF CONPUTER INTRUSIONS, PhD thesis. Purdue University, 1995.
[29] Phil Porras. The Common Intrusion Detection Framework Architecture, Available in www.gidos.org.
[30] T. Tidwell, R. Larson, K. Fitch and J. Hale. "Modeling Internet Attacks". Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, pp. 54-59, 2001.
[31] D. E. Denning. An intrusion-detection model". IEEE Transaction on Software Engineering, 13(2): 222-232, Feb 1987.
[32] Staniford-Chen S, Cheung S, Crawford R etal. GrIDS: a graph based intrusion detection system for large networks. In Proceedings of the 19th National Information Systems Security Conference, Vol 1. National Institute of Standards and Technology, 1996, 361-370.
[33] Andrew P. Noore, Robert J. Ellison, Rechard C. Linger. Attack Modeling for Information Security and Survivability. Technical Notes, Carnegie Mellon University, March, 2001.
[34] Ming-Yuh Huang, Thomas M. Wicks. A Large-scale Distributed Intrusion Detection Framwork Based on Attack Strategy Analysis. Technical Report, Boeing Company, Seattle, WA, U. S. A..
[35] J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff, E. Spafford, D. Zamboni, "An Architecture for Intrusion Detection Using Autonomous Agents", Technical Report 98-05, COAST Laboratory, Purdue University, May 1998.
[36] Boaz Gelbord, KPN Research. Graphical Techniques in Intrusion Detection Systems, IEEE. P253-P258. 2001.
[37] 陈硕,安常青,李学农.分布式入侵检测系统及其认知能力.软件学报,Vol.12,No.2,P225-232,2001.
[38] 马恒太,蒋建春,陈伟锋等.基于Agent的分布式入侵检测系统模型.软件学报,Vol.11,No.10,P1314-P1319,2001
[39] W.Richard Stevens著,施振川,周利民,孙宏晖等译.UNIX网络编程(第一卷).清华大学出版社.1999.7
[40] yawl,warcher入侵检测包,Avai lable in www.docshow.net.
[3] CERT Advi sory CA-2001-23 Cont inued Threat of the "Code Red" Worm, CERT Report, Avai lable in www.cert.org.[41] backend,网络安全工具开发函数库介绍,Available in www.nsfocus.com.
[42] J. M. Spivey. The Z Notation: A Reference Manual(2nd Ed.). Series in Computer Science. Prentice-Hall International, 1992.
[43] 李刚,朱关铭,童頫结构化面向对象形式规格说明语言OOZS—设计原理.上海大学学报(自然科学版),Vol.4,No.2,Apr.1998.
[44] 王晓程,刘恩德,谢小权.攻击分类研究与分布式网络入侵检测系统.计算机研究与发展,Vol.38,No.6,June 2001.
[45] R. Duke, G. Rose, and G. Smith, Object-Z: a specification language advocated for the description of standards. Computer Standards and Interfaces, 17: 511-533, 1995
[46] 孙书 入侵检测技术在水利厅网络安全系统中的设计与应用 中山大学硕士学位论文
[47] 潘吴,饶友民 BP神经网络的入侵系统分析 武汉理工大学学报·信息与管理工程版 Vol.27.No.2 Apr.2005
[48] 肖道举.王辉.陈晓苏 BP神经网络在入侵检测中的应用 华中科技大学学报(自然科学版) Vol.31 No.5 2003.5
[49] 郑宏.陆阳.徐朝农 基于BP经网络的入侵检测系统分类器的实现合肥工业大学学报(自然科学版) Vol.26 No.2 Apr.2003
[50] 江兴东 基于BP神经网络的智能入侵检测系统 成都信息工程学院学报 Vol.20 No.1 Feb.2005
[51] 危胜军,胡昌振,姜飞 基于BP神经网络改进算法的入侵检测方法 计算机工程 Vol.31 № 13 July 2005
[52] 潘吴,钟珞 基于拆分、组装BP 网络的入侵检测方法研究 武汉理工大学学报 Vol.27 No.1 Jan.2005
[53] 马海峰,孙名松 基于多层前向神经网络入侵检测系统的研究 哈尔滨理工大学学 Vol.9 NO.2 Apr.2004
[54] 王磊 廖晓峰基于改进BP算法的入侵检测神经网络方法计算机工程与应用 2004.3
[55] 撖书良,蒋嶷川,张世永 基于神经网络的高效智能入侵检测系统 计算机工程 Vol.30 № 10 May 2004
[56] 郭翠英,余雪丽 基于神经网络的人侵检测模型 太原理工大学学报 Vol.2 No.5 Sep.2001
[57] 向宏 杨小东 基于神经网络的入侵检测研究与设计 网络安全技术与应用 2004.10
[58] 唐彰国 基于神经网络的异常入侵检测设计与实现 武汉大学学报(理学版) Vol.50 No.1 Oct.2004.083-086
[59] 马锐 基于神经网络专家系统的入侵检测方法 计算机工程与应用 2004.2 151-153
[60] 孙剑,许家玲 神经网络算法在智能体IDS系统中的应用 电子科技大学学报 Vol.33 NO.3 Jun.2005
[61] 杨立洁,杨波 神经网络在入侵检测中的应用 济南大学学报(自然科学版) Vol.18 No.1 Mar.2004
[62] 蔡坚,傅光轩,聂方彦 一种基于BP神经网络的异常检测系统的实现 计算机应用 Vol.24 Dec,2004
[63] 吴水秀,谢龙明 一种基于HOP 神经网络的IDS 模型 江西师范大学学报(自然科学版) Vol.27 No.4 Aug.2003
[64] 王勇 一种基于进化神经网络的入侵检测实验系统 华东理工大学学报(自然科学版)Vol.31 No.3 2005.2
[65] 伍良富 一种基于神经网络的黑客入侵检测新方法 小型微型计算机系统??Vol. 24 NO. 8 Aug. 2003
[66] 程丽丽,孙名松 遗传算法优化模糊神经网络的入侵检测模型 哈尔滨理工大学学报 Vol.10 No.12 Apr.2005
[67] 刘玉洁,张旭 反馈神经网络在入侵检测系统中的应用 计算机工程 Vol. 31 SupplementaryIssue July 2005
[68] 唐恬 改进BP算法用于入侵检测 空军雷达学院学报 Vol.19 No.4 Dec.2005.19
[69] 王子民,王勇 基于Levenberg—Marquardt算法的主机入侵检测系统研究 计算机应用 Vol.25 No.9 Sept.2005
[70] 青华平 傅彦 基于模式匹配和神经网络的分布式入侵防御系统的研究 计算机安全 2006.2
[71] 鲁红英 罗俊松基于遗传神经网络的入侵检测方法研究 成都理工大学学报(自然科学版) Vol.32 NO.4 Aug.2005
[72] 戴天虹基于遗传神经网络的入侵检测研究 中国安全科学学报 Vol.01 No.2 R.2006
[73] 基于神经网络的入侵检测系统的研究与实现 新疆大学硕士论文
[74] 基于神经网络技术的网络入侵检测系统研究与实现 国防科技大学研究生院学位论文
[2] R. Agrawal and R. Srikant. Mining sequential patterns, In Proceedings of the 11th International Conference on Data Engineering, Taipei, Taiwan, 1995.
[3] R. Agrawal, T. Imielinski, and A. Swami. Mining association rules between sets of items in arge databases. In Proceedings of the ACM SIGMOD Conference on Management of Data, pages 207 "C216, 1993.
[4] Atkins, P. Buis, C. Hare, R. Kelley, C. Nachenberg, A. B. Nelson, P. Phillips, T. Ritchey, and W. Steen. Internet Security Professional Reference. New Riders Publishirg, 1996.
[5] S. M. Bellovin. Security problems in the TCP/IP protocol suite. Computer Communication??Review ,19(2):32(?).C48,April 1989..170
[6] P.K.Chan and S.J.Stolfo.Toward paralle and distributed learning by meta-earning.In AAAI Workshop in Knowledge Discovery in Databases ,pages 227 (?)C240,1993.
[7] P.Clark and T.Niblett.The CN2 induction algorithm.Machine Learning ,3(4):261 (?)C283,1989.
[8] S.Forrest,S.A.Hofmeyr,A.Somayaji,and T.A.Longsta.. A sense of self for Unix processes.In Proceedings of the 1996 IEEE Symposium on.172 Security and Privacy ,pages 120 (?)C128,Los Alamitos,CA,1996.IEEE Computer Society Press.
[9] J.Frank.Arti .cial intelligence and intrusion detection:Current andfuture directions.In Proceedings of the 17th National Computer Security Conference .October 1994.
[10] F.T.Grampp and R.H.Morris.Unix system security.AT&T Bell Laboratories Technical Journal ,63(8):1649 (?)C1672,October 1984.
[11] R.Heady,GLuger,A.Maccabe,and M.Servilla.The architecture of a network evel intrusion detection systein.Technica report,Computer Science Department,University of New Mexico, August 1990.
[12] K.II .at .onen,M.Klemettinen,H.Mannila,and P.Ronkainenand H.toivonen.TASA:Telecommunication alarm sequence analyzer.ln Proceedings of the IEEE/IFIP 1996 Ne(?)work Operations and Management Symposium .April 1996.
[12] K.Ilgun.R.A.Kemmerer,and P.A.Porras.State transition analysis:A rule-based intrusion detection approach.IEEE Transactions on Software Engineering ,21(3):181 (?)C199,March 1995.
[13] Koral Ilgun.USTAT:A real-time intrusion detection system for Unix.Master Zs thesis.University of California at Santa Barbara,November 1992.. 173
[14] V.Jacobson,C.Leres,and S.McCanne.tcpdump .available via anonymous ftp to ftp.ee.lbl.gov,June 1989.
[15] E.Jonsson and T.01ovsson.A quantitative model of the security intrusion process based on attacker behavior.IEEE Transactions on Software Engineering ,23(4),April 1997.
[16]M.Klemettinen,H.Mannila,P.Ronkainen,H.Toivonen,and.I.Verkamo.Finding interesting rules from large sets of discovered association rules.In Proceedings of the 3rd International Conference on Information and Knowledge Management (CIKM '94),pages 401 C407,Gainthersburg,MD, 1994.
[17] C.Ko,GFink,and K.Levitt.Automated detection of vulnerabilities in privileged programs by execution monitoring.In Proceedings of the 10~th Annual Computer Security Applications Conference ,pages 134 (?)C144,December 1994.
[18] S.Kumar and E.H.Spa .ord.A software architecture to support misuse intrusion detection.In Proceedings of the 18th National Information Security Conference .pages 194 (?)C204.1995.
[19] W.Lee and S.J.Stolfo.Data mining approaches for intrusion detection.In Proceedings of the 7th USENIX Security Symposium ,San Antonio,TX,January 1998.
[20] W.Lee,S.J.Stolfo,and K.W.Mol.Mining audit data to build intrusion detection models.In Proceedings of the 4th International Conference. 174 on Knowledge Discovery and Data Mining ,New York,NY,August 1998.AAAI Press.
[21] W.Lee,S.J.Stolfo,and K.W.Mok.A data mining frame work for building intrusion detection models.In Proceedings of the 1999 IEEE Symposium on Security and Privacy ,May 1999.
[21] S.McClure,J.Scambray,and J.Broderick.Test Center Comparison:Network intrusion-detection solutions.In INFOWORLD May 4,1998 .INFOWORLD.1998.
[22] Network Flight Recorder Inc. Network. light recorder. http://www.nfr.com,1997.
[23] V. Paxson. End-to-end internet packet dynamics. In Proceedings of SIGCOMM '97, September 1997.
[24] V. Paxson. Bro: A system for detecting network intruders in real-time. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, 1998.
[25] P. A. Porras and P. G. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In National Information Systems Security Conference, Baltimore MD, October 1997.. 176
[26] P. A. Porras and A. Valdes. Live tra. c analysis of TCP/IP gateways. In Proceedings of the Internel Society Symposium on Network and Distributed System Security, March 1998.
[27] SunSoft. SunSHIELD Basic Security Module Guide. SunSoft, Mountain View, CA, 1995.
[28] Sandeep Kumar. CLASSIFICATION AND DETECTION OF CONPUTER INTRUSIONS, PhD thesis. Purdue University, 1995.
[29] Phil Porras. The Common Intrusion Detection Framework Architecture, Available in www.gidos.org.
[30] T. Tidwell, R. Larson, K. Fitch and J. Hale. "Modeling Internet Attacks". Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, pp. 54-59, 2001.
[31] D. E. Denning. An intrusion-detection model". IEEE Transaction on Software Engineering, 13(2): 222-232, Feb 1987.
[32] Staniford-Chen S, Cheung S, Crawford R etal. GrIDS: a graph based intrusion detection system for large networks. In Proceedings of the 19th National Information Systems Security Conference, Vol 1. National Institute of Standards and Technology, 1996, 361-370.
[33] Andrew P. Noore, Robert J. Ellison, Rechard C. Linger. Attack Modeling for Information Security and Survivability. Technical Notes, Carnegie Mellon University, March, 2001.
[34] Ming-Yuh Huang, Thomas M. Wicks. A Large-scale Distributed Intrusion Detection Framwork Based on Attack Strategy Analysis. Technical Report, Boeing Company, Seattle, WA, U. S. A..
[35] J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff, E. Spafford, D. Zamboni, "An Architecture for Intrusion Detection Using Autonomous Agents", Technical Report 98-05, COAST Laboratory, Purdue University, May 1998.
[36] Boaz Gelbord, KPN Research. Graphical Techniques in Intrusion Detection Systems, IEEE. P253-P258. 2001.
[37] 陈硕,安常青,李学农.分布式入侵检测系统及其认知能力.软件学报,Vol.12,No.2,P225-232,2001.
[38] 马恒太,蒋建春,陈伟锋等.基于Agent的分布式入侵检测系统模型.软件学报,Vol.11,No.10,P1314-P1319,2001
[39] W.Richard Stevens著,施振川,周利民,孙宏晖等译.UNIX网络编程(第一卷).清华大学出版社.1999.7
[40] yawl,warcher入侵检测包,Avai lable in www.docshow.net.
[3] CERT Advi sory CA-2001-23 Cont inued Threat of the "Code Red" Worm, CERT Report, Avai lable in www.cert.org.[41] backend,网络安全工具开发函数库介绍,Available in www.nsfocus.com.
[42] J. M. Spivey. The Z Notation: A Reference Manual(2nd Ed.). Series in Computer Science. Prentice-Hall International, 1992.
[43] 李刚,朱关铭,童頫结构化面向对象形式规格说明语言OOZS—设计原理.上海大学学报(自然科学版),Vol.4,No.2,Apr.1998.
[44] 王晓程,刘恩德,谢小权.攻击分类研究与分布式网络入侵检测系统.计算机研究与发展,Vol.38,No.6,June 2001.
[45] R. Duke, G. Rose, and G. Smith, Object-Z: a specification language advocated for the description of standards. Computer Standards and Interfaces, 17: 511-533, 1995
[46] 孙书 入侵检测技术在水利厅网络安全系统中的设计与应用 中山大学硕士学位论文
[47] 潘吴,饶友民 BP神经网络的入侵系统分析 武汉理工大学学报·信息与管理工程版 Vol.27.No.2 Apr.2005
[48] 肖道举.王辉.陈晓苏 BP神经网络在入侵检测中的应用 华中科技大学学报(自然科学版) Vol.31 No.5 2003.5
[49] 郑宏.陆阳.徐朝农 基于BP经网络的入侵检测系统分类器的实现合肥工业大学学报(自然科学版) Vol.26 No.2 Apr.2003
[50] 江兴东 基于BP神经网络的智能入侵检测系统 成都信息工程学院学报 Vol.20 No.1 Feb.2005
[51] 危胜军,胡昌振,姜飞 基于BP神经网络改进算法的入侵检测方法 计算机工程 Vol.31 № 13 July 2005
[52] 潘吴,钟珞 基于拆分、组装BP 网络的入侵检测方法研究 武汉理工大学学报 Vol.27 No.1 Jan.2005
[53] 马海峰,孙名松 基于多层前向神经网络入侵检测系统的研究 哈尔滨理工大学学 Vol.9 NO.2 Apr.2004
[54] 王磊 廖晓峰基于改进BP算法的入侵检测神经网络方法计算机工程与应用 2004.3
[55] 撖书良,蒋嶷川,张世永 基于神经网络的高效智能入侵检测系统 计算机工程 Vol.30 № 10 May 2004
[56] 郭翠英,余雪丽 基于神经网络的人侵检测模型 太原理工大学学报 Vol.2 No.5 Sep.2001
[57] 向宏 杨小东 基于神经网络的入侵检测研究与设计 网络安全技术与应用 2004.10
[58] 唐彰国 基于神经网络的异常入侵检测设计与实现 武汉大学学报(理学版) Vol.50 No.1 Oct.2004.083-086
[59] 马锐 基于神经网络专家系统的入侵检测方法 计算机工程与应用 2004.2 151-153
[60] 孙剑,许家玲 神经网络算法在智能体IDS系统中的应用 电子科技大学学报 Vol.33 NO.3 Jun.2005
[61] 杨立洁,杨波 神经网络在入侵检测中的应用 济南大学学报(自然科学版) Vol.18 No.1 Mar.2004
[62] 蔡坚,傅光轩,聂方彦 一种基于BP神经网络的异常检测系统的实现 计算机应用 Vol.24 Dec,2004
[63] 吴水秀,谢龙明 一种基于HOP 神经网络的IDS 模型 江西师范大学学报(自然科学版) Vol.27 No.4 Aug.2003
[64] 王勇 一种基于进化神经网络的入侵检测实验系统 华东理工大学学报(自然科学版)Vol.31 No.3 2005.2
[65] 伍良富 一种基于神经网络的黑客入侵检测新方法 小型微型计算机系统??Vol. 24 NO. 8 Aug. 2003
[66] 程丽丽,孙名松 遗传算法优化模糊神经网络的入侵检测模型 哈尔滨理工大学学报 Vol.10 No.12 Apr.2005
[67] 刘玉洁,张旭 反馈神经网络在入侵检测系统中的应用 计算机工程 Vol. 31 SupplementaryIssue July 2005
[68] 唐恬 改进BP算法用于入侵检测 空军雷达学院学报 Vol.19 No.4 Dec.2005.19
[69] 王子民,王勇 基于Levenberg—Marquardt算法的主机入侵检测系统研究 计算机应用 Vol.25 No.9 Sept.2005
[70] 青华平 傅彦 基于模式匹配和神经网络的分布式入侵防御系统的研究 计算机安全 2006.2
[71] 鲁红英 罗俊松基于遗传神经网络的入侵检测方法研究 成都理工大学学报(自然科学版) Vol.32 NO.4 Aug.2005
[72] 戴天虹基于遗传神经网络的入侵检测研究 中国安全科学学报 Vol.01 No.2 R.2006
[73] 基于神经网络的入侵检测系统的研究与实现 新疆大学硕士论文
[74] 基于神经网络技术的网络入侵检测系统研究与实现 国防科技大学研究生院学位论文