用于分布式入侵检测系统的合作式本体模型
|
摘要
随着网络应用领域的不断深入,网络攻击手段也从原有的单一、原始的攻击方式逐步发展成如今的多步、复杂的攻击方式。另外,大量异构的分布式入侵检测系统分布在异质网络中,它们的检测原理不同,部署方案不同,检测的效果也大相径庭。这些分散的入侵检测系统很难整合在一起协同工作,更难以担负起保护全球信息基础设施的重任。
为了解决以上问题,本文提出了用于分布式入侵检测系统的合作式本体模型,该模型利用本体的方法,将真实环境的各类实体映射成本体中的实例,通过分析这些实例,推理发现系统所处的威胁状态,并结合所受到的实时攻击,推理攻击后的结果状态。由于本体具有可重用、可理解、可共享的优势,异质网络中的异构入侵检测系统可通过这个本体模型,轻松实现信息的理解、共享和融合,并且利用推理产生的安全状态,准确感知当前系统的微小变化,以实现不同入侵检测系统之间的协同工作,提前对可能发生的攻击作出反应。
本文主要从三个方面来具体阐述用于分布式入侵检测系统的合作式本体模型,分别是:有线网络环境下本体模型的研究,无线网络环境下本体模型的研究以及统一本体模型的研究。
有线网络环境下本体模型的研究主要包括两个部分:模型研究与相关算法研究。在模型研究中,本文提出了一系列构建、实例化、推理本体的方法;分析了有线网络环境下的主要安全要素及它们之间的关系,并将它们作为顶层类;提出了新的威胁状态类,分析其出现根本原因,并给出推理方法;提出了新的误配置类脆弱性的推理方法;最后还给出了具体的系统框架和工作流程。在相关算法研究中,结合系统框架中对算法的需求,本文提出了三个具体的算法:基于层次聚类的并行异常检测算法,基于层次聚类和决策树的混合式入侵检测系统和基于多种特征选择算法的入侵分类器。前两种入侵检测算法的特点可归纳为:混合、轻量、并行。第三种算法混合搭配多种特征选择算法和攻击分类算法,以实现在最精简子集下的最大分类精度。
无线网络环境下本体模型的研究主要包括两个部分:模型研究与相关算法研究。在模型研究中,本文以无线自组网络为主要研究对象,通过分析其安全特点,结合有线网络环境下本体的研究经验,提出了无线网络环境下的本体模型,并依托实验室搭建的真实物联网环境,将环境中的节点、传感器、配置等实体进行实例化。在相关算法研究中,针对特有的黑洞攻击,提出了相应的异常检测算法。
在统一本体模型的研究,结合多层本体结合有线网络环境的本体模型和无线网络环境的本体模型,利用多层次本体建模方法,提出了一个可用于异质环境下异构分布式入侵检测系统的统一的三层安全本体模型,并且调整了有线和无线模型中顶层本体的部分结构,对某些概念进行了融合。该模型可实现入侵检测系统对安全要素的重用,对安全状态的共享,以及对推理结果的理解,以实现它们之间的协同工作。
With the rapid development of network applications, original and simple attackpatterns have become multi-step and complex attack patterns. Moreover, a largenumber of heterogeneous distributed intrusion detection systems are deployed in theheterogeneous networks. They have different detection principles, differentdeployment schemes and different detection performance. It is so hard for thesedistributed intrusion detection system to work together that they are inability toprotect comprehensively Global Information Infrastructure. How to integrateheterogeneous intrusion detection systems in heterogeneous networks and how tomake them work together have been hot issues.
A cooperative ontology model for distributed intrusion detection system isproposed in this paper. In this model, entities in the real scenario are instantiated intoinstances in the ontology. Threat states of system are inferred by analyzing details ofinstances. Consequen states of system are inferred by current threat states and attacksin real time. With the advantage of ontology, heterogeneous intrusion detectionsystems can share knowledge and security state. And they can understand each other.They can work together by inferring attacks and try to prevent transregionallarge-scale security incidents
This model is a unified three levels information security ontology model. Themodel cotains three levels: global level, domain level and local level. In the globallevel, there is single ontology, which is represented common semantic model of allinformation. Global level only offers concept interfaces of different domain ontolgiesand brief descriptions of their relationships. But it does not involve in concretedomain knowledge.
This paper focuses on domain level. Domain ontologies are created by domainknowledge and inherit by global ontology structure. Ontologies in the domain levelare fused by ontology model in the wire network and ontology model in the wirelessnetwork.
Ontology model in the wire network includes two parts: model research andrelated algorithm research. In the model research, a series of methods of creating,instatiating and inferring ontology model are proposed. Different entites in the realscenario are mapped into ontologies in the model. All details of real scenario aredescribed. On the basis of this, a new threat state is proposed. Some important detailsare correlated with threat states. This process is achieved by the method of inferringby rules. Consequence states are inferred by attacks in real time and current threatstate of system. Consequence state can be the next threat state. The old implicit causalrelationships between attacks transformed into the new inferred causal relationshipsbetween attacks and security states. A new mis-configuration vulnerability inferencemethod is also proposed. Configuration entites are described by ontology andconfiguration instances are correlated with other instances. Their important details arecorrelated with mis-configuration vulnerability instances. This process is achieved bythe method of inferring by rules. In addition, new concrete system framework andworkflow are also proposed. In the related algorithm research, three related algorithmsare proposed according to demand of system framework. They are respectivelyparallel anomaly detection algorithm based on hierarchical clustering, hybrid intrusiondetection system based on hierarchical clustering and decision trees and intrusionclassifier based on multiple feature selection. The first algorithm is a parallel anomalydetection algorithm running multicore system. The second algorithm is a light hybridintrusion detection system. The first two types of intrusion detection algorithms havethe following characteristics: hybrid, light and parallel. The third algorithm combinesdifferent feature selection algorithm with attack classification algorithms. Theultimate goal is to achieve the maximum classification accuracy of optimal subset.
Ontology in the wireless model includes two parts: model reseach and relatedalgorithm research. In the model research, mobile Ad Hoc network, as our majorresearch object, are mapped into ontology by methods of wire network. Our platformof Internet of things, as the real scenario, is instantiated. In the related algorithmresearch, an anomaly detection algorithm against black hole is proposed.
为了解决以上问题,本文提出了用于分布式入侵检测系统的合作式本体模型,该模型利用本体的方法,将真实环境的各类实体映射成本体中的实例,通过分析这些实例,推理发现系统所处的威胁状态,并结合所受到的实时攻击,推理攻击后的结果状态。由于本体具有可重用、可理解、可共享的优势,异质网络中的异构入侵检测系统可通过这个本体模型,轻松实现信息的理解、共享和融合,并且利用推理产生的安全状态,准确感知当前系统的微小变化,以实现不同入侵检测系统之间的协同工作,提前对可能发生的攻击作出反应。
本文主要从三个方面来具体阐述用于分布式入侵检测系统的合作式本体模型,分别是:有线网络环境下本体模型的研究,无线网络环境下本体模型的研究以及统一本体模型的研究。
有线网络环境下本体模型的研究主要包括两个部分:模型研究与相关算法研究。在模型研究中,本文提出了一系列构建、实例化、推理本体的方法;分析了有线网络环境下的主要安全要素及它们之间的关系,并将它们作为顶层类;提出了新的威胁状态类,分析其出现根本原因,并给出推理方法;提出了新的误配置类脆弱性的推理方法;最后还给出了具体的系统框架和工作流程。在相关算法研究中,结合系统框架中对算法的需求,本文提出了三个具体的算法:基于层次聚类的并行异常检测算法,基于层次聚类和决策树的混合式入侵检测系统和基于多种特征选择算法的入侵分类器。前两种入侵检测算法的特点可归纳为:混合、轻量、并行。第三种算法混合搭配多种特征选择算法和攻击分类算法,以实现在最精简子集下的最大分类精度。
无线网络环境下本体模型的研究主要包括两个部分:模型研究与相关算法研究。在模型研究中,本文以无线自组网络为主要研究对象,通过分析其安全特点,结合有线网络环境下本体的研究经验,提出了无线网络环境下的本体模型,并依托实验室搭建的真实物联网环境,将环境中的节点、传感器、配置等实体进行实例化。在相关算法研究中,针对特有的黑洞攻击,提出了相应的异常检测算法。
在统一本体模型的研究,结合多层本体结合有线网络环境的本体模型和无线网络环境的本体模型,利用多层次本体建模方法,提出了一个可用于异质环境下异构分布式入侵检测系统的统一的三层安全本体模型,并且调整了有线和无线模型中顶层本体的部分结构,对某些概念进行了融合。该模型可实现入侵检测系统对安全要素的重用,对安全状态的共享,以及对推理结果的理解,以实现它们之间的协同工作。
With the rapid development of network applications, original and simple attackpatterns have become multi-step and complex attack patterns. Moreover, a largenumber of heterogeneous distributed intrusion detection systems are deployed in theheterogeneous networks. They have different detection principles, differentdeployment schemes and different detection performance. It is so hard for thesedistributed intrusion detection system to work together that they are inability toprotect comprehensively Global Information Infrastructure. How to integrateheterogeneous intrusion detection systems in heterogeneous networks and how tomake them work together have been hot issues.
A cooperative ontology model for distributed intrusion detection system isproposed in this paper. In this model, entities in the real scenario are instantiated intoinstances in the ontology. Threat states of system are inferred by analyzing details ofinstances. Consequen states of system are inferred by current threat states and attacksin real time. With the advantage of ontology, heterogeneous intrusion detectionsystems can share knowledge and security state. And they can understand each other.They can work together by inferring attacks and try to prevent transregionallarge-scale security incidents
This model is a unified three levels information security ontology model. Themodel cotains three levels: global level, domain level and local level. In the globallevel, there is single ontology, which is represented common semantic model of allinformation. Global level only offers concept interfaces of different domain ontolgiesand brief descriptions of their relationships. But it does not involve in concretedomain knowledge.
This paper focuses on domain level. Domain ontologies are created by domainknowledge and inherit by global ontology structure. Ontologies in the domain levelare fused by ontology model in the wire network and ontology model in the wirelessnetwork.
Ontology model in the wire network includes two parts: model research andrelated algorithm research. In the model research, a series of methods of creating,instatiating and inferring ontology model are proposed. Different entites in the realscenario are mapped into ontologies in the model. All details of real scenario aredescribed. On the basis of this, a new threat state is proposed. Some important detailsare correlated with threat states. This process is achieved by the method of inferringby rules. Consequence states are inferred by attacks in real time and current threatstate of system. Consequence state can be the next threat state. The old implicit causalrelationships between attacks transformed into the new inferred causal relationshipsbetween attacks and security states. A new mis-configuration vulnerability inferencemethod is also proposed. Configuration entites are described by ontology andconfiguration instances are correlated with other instances. Their important details arecorrelated with mis-configuration vulnerability instances. This process is achieved bythe method of inferring by rules. In addition, new concrete system framework andworkflow are also proposed. In the related algorithm research, three related algorithmsare proposed according to demand of system framework. They are respectivelyparallel anomaly detection algorithm based on hierarchical clustering, hybrid intrusiondetection system based on hierarchical clustering and decision trees and intrusionclassifier based on multiple feature selection. The first algorithm is a parallel anomalydetection algorithm running multicore system. The second algorithm is a light hybridintrusion detection system. The first two types of intrusion detection algorithms havethe following characteristics: hybrid, light and parallel. The third algorithm combinesdifferent feature selection algorithm with attack classification algorithms. Theultimate goal is to achieve the maximum classification accuracy of optimal subset.
Ontology in the wireless model includes two parts: model reseach and relatedalgorithm research. In the model research, mobile Ad Hoc network, as our majorresearch object, are mapped into ontology by methods of wire network. Our platformof Internet of things, as the real scenario, is instantiated. In the related algorithmresearch, an anomaly detection algorithm against black hole is proposed.
引文
[1] Neches Robert, Fikes Richard, Finin Tim, Gruber Thomas, Patil Ramesh, SenatorTed, Swartout William R. Enabling technology for knowledge sharing[J]. AIMagazine,1991(3):36-56.
[2] Borst Willem Nico. Construction of Engineering Ontologies for KnowledgeSharing and Reuse[M]. Enschede: Universiteit Twente,1997.
[3] Dieter Fensel. Ontologies[M]. Heidelberg: Springer,2001.
[4] Sergei Nirenburg, Victor Raskin. Ontological semantics[M]. MA:The MIT Press,2004.
[5] Undercoffer Jeffrey, Joshi Anupam, Finin Tim, Pinkston John. Using DAML+OIL to classify intrusive behaviours[J]. Knowledge Engineering Review,2003(3):221-241.
[6] Vorobiev Artem, Bekmamedova Nargiza. An ontology-driven approach applied toinformation security[J]. Journal of Research and Practice in InformationTechnology,2010(1):61-76.
[7] Li Wan, Tian Shengfeng. An ontology-based intrusion alerts correlation system[J].Expert Systems with Applications,2010(10):7138–7146
[8] Blanco Carlos, Lasheras Joaquín, Valencia-García Rafael, Fernández-MedinaEduardo1, Toval Ambrosio, Piattini Mario1. ARES2008-3rd InternationalConference on Availability, Security, and Reliability, Proceedings[C]. NJ:IEEE-ISTO,2008.
[9] Martin Ester, Hans-Peter Kriegel, J rg Sander, Xiaowei Xu. Proceedings of theSecond International Conference on Knowledge Discovery and Data Mining(KDD-96)[C]. AAAI Press,1996.
[10] Zhang Tian;Ramakrishnan Raghu1, Livny Miron. Proceedings of the1996ACMSIGMOD International Conference on Management of Data[C]. ACM Press,1996.
[11] Guan Yu, Ghorbani Ali A., Belacel Nabil. CCECE2003Canadian Conference onElectrical and Computer Engineering: Toward a Caring and HumaneTechnology[C]. Institute of Electrical and Electronics Engineers Inc,2003
[12] Oh Sang Hyun, Lee Won Suk. An anomaly intrusion detection method byclustering normal user behavior[J]. Computers and Security,2003(7):596-612.
[13] Fei Ren, Liang Hu, Hao Liang, Xiaobo Liu, Weiwu Ren. Proceedings-International Conference on Computer Science and Software Engineering, CSSE2008[C]. IEEE Computer Society,2008.
[14] Horng Shi-Jinn, Su Ming-Yang, Chen Yuan-Hsin, Kao Tzong-Wann, ChenRong-Jian, Lai Jui-Lin, Perkasa Citra Dwi.A novel intrusion detection systembased on hierarchical clustering and support vector machines[J]. Expert Systemswith Applications,2011(1):306-313.
[15] Burbeck Kalle, Nadjm-Tehrani Simin.7th International Conference onInformation Security and Cryptology-ICISC2004[C]. Springer Verlag,2004.
[16] Dash M, Liu H. Feature selection for classification[J]. Intelligent Data Analysis,Amsterdam: IOS Press,1997(3):131-156
[17] Zhao Zheng, Liu H. Proceedings of the7th SIAM International Conference onData Mining[C]. Society for Industrial and Applied Mathematics Publications,2007.
[18]陈斌,洪家荣,王亚东.最优特征子集选择问题[J].计算机学报,1997(2):133-138
[19] Leo Breiman. Random Forests[J]. Machine Learning,2001(1):5-32.
[20] Pang Herbert, George Stephen L., Hui Ken, Tong Tiejun. Gene selection usingiterative feature elimination random forests for survival outcomes[J]. IEEE/ACMTransactions on Computational Biology and Bioinformatics,2012(5):1422-1431.
[21] Joelsson Sveinn R., Benediktsson Jon Atli, Sveinsson Johannes R.. Proceedingsof the7th Nordic Signal Processing Symposium, NORSIG2006[C]. IEEEComputer Society,2007.
[22] Zenglin Xu, Rong Jin, Jieping Ye, Michael R. Lyu, Irwin King. ICML’09Proceedings of the26thAnnual International Conference on MachineLearning[C]. ACM,2009.
[23] Thibault Helleputte, Pierre Dupont. ICML’0909Proceedings of the26thAnnualInternational Conference on Machine Learning[C]. ACM,2009.
[24] Xu Zenglin, King Irwin, Lyu Michael Rung-Tsong, Jin Rong. Discriminativesemi-supervised feature selection via manifold regularization[J]. IEEETransactions on Neural Networks,2010(7):1033-1047.
[25] Asanovic Krste1, Bodik, Rastislav,Demmel James, Keaveny, Tony, KeutzerKurt, Kubiatowicz John, Morgan Nelson, Patterson, David, Sen Koushik,Wawrzynek John, Wessel David, Yelick Katherine. A view of the parallelcomputing landscape[J]. Communications of the ACM,2009(10):56-67.
[26] David J. Kuck. High Performance Computing: Challenges for FutureSystems[M]. New York: Oxford University Press,1996.
[27] Susan L. Graham, Marc Snir. Getting Up To Speed: The Future OfSupercomputing[M]. Washington DC: National Academies Press,2005.
[28] W. Daniel Hillis, GuyL. Steele, Jr. Data Parallel Algorithms[J]. Communicationsof the ACM-Special issue on parallelism,1986(12):1170-1183.
[29] Daan Leijen, Wolfram Schulte, Sebastiaan Burckhardt. OOPSLA’09Proceedings of the24th ACM SIGPLAN conference on Object orientedprogramming systems languages and applications[C]. ACM,2009.
[30] Batcher K. E. Design of a Massively Parallel Processor[J]. IEEE Transactions onComputer,1980(9):836-840.
[31] Gepner Pawe, Kowalik Micha F., PARELEC2006-Proceedings: InternationalSymposium on Parallel Computing in Electrical Engineering[C]. IEEE ComputerSociety,2006.
[32] Armbrust Michael, Fox Armando, Griffith Rean, Joseph Anthony D. KatzRandy, Konwinski Andy, Lee Gunho, Patterson David, Rabkin Ariel,Stoica Ion,Zaharia Matei. A view of cloud computing[J]. Communications of the ACM,2010(4):50-58.
[33]陈国良,孙广中,徐云,龙柏.并行计算的一体化研究现状与发展趋势[J].科学通报,2009(8):1043-1049.
[34] Shameem Akhther, Jason Roberts. Multi-Core Programming[M]. Richard Bowles,2006.
[35] Anya kim, Jim Luo, Myong Kang. Security ontology for AnnotatingResources[J]. Lecture Notes in Computer Science,2005:1483-1499.
[36] Benjamin Morin, Ludovic Me, Herve Debar, Mireille Ducasse. A Logic-basedModel to Support Alert Correlation in Intrusion Detection[J]. Information Fusion,2009(4):285-299.
[37] Gutavo A. Isaza, Andres G. Castillo, Nestor D.7th international Conference onPratical Applications of Agents and Multi-Agent Systems(PAAMS2009)[C],Springer,2009.
[38] Vorobiev A., Jun Han. Second international Conference on Semanticas,Konwledge and Grid,2006(SKG’06)[C], IEEE,2006.
[39] Coppolino L., Dipt. Perle Tecnol.. International Conference on Network andService Security(N2S ‘09)[C]. IEEE,2009.
[40] Information technology-Security techniques-Information security managementsystems–Requirements[S/OL]. ISO/IEC27001:2005,[2013-09-25].http://www.iso.org/iso/catalogue_detail?csnumber=42103
[41] Velasco, J.L.a.V.-G., R. and Fernandez-Breis, J.T. and Toval, A., ModellingReusable Security Requirements Based on an Ontology Framework[J]. Journalof Research and Practice in Information Technology,2009(2):119-133.
[42] Wang J, A.a.G. M.. Bioinformatics, Systems Biology and Intelligent Computing,2009. IJCBS'09.[C]. IEEE,2009.
[43] Common Vulnerabilities and Exposures–The standard of Information SecurityVulnerability Names[EB/OL]. CVE,[2013-09-06]. http://cve.mitre.org/
[44] National Vulnerability Database–automating vulnerability management,security measurement, and compliance checking[DB/OL]. NVD,[2013-10-10].http://nvd.nist.gov/
[45] Common Configuration Enumeration–Unique Identifiers for Common SystemConfiguration Issues[EB/OL]. CCE,[2013-5-30]. http://cce.mitre.org/
[46] Common Attack Pattern enumeration and Classification–A Community ofKnowledge Resource for Building Secure Software[EB/OL]. CAPEC,
[2013-09-05]. http://capec.mitre.org/
[47] OWL Web Ontology Language Overview. W3C Recommendation,[2004-02-10].http://www.w3.org/TR/owl-features/
[48] Vulnerability Notes Database–Advisory and mitigation information aboutsoftware vulnerabilities[DB/OL]. National Cyber Secuity Division,[2013-10-10],http://www.kb.cert.org/vuls/.
[49] SWRL: A Semantic Web Rule Language Combining OWL and RuleML[EB/OL].W3C Member Submission,[2004-05-21]. http://www.w3.org/S ubmission/SWRL/
[50] The Intrusion Detection Message Exchange Format(IDMEF)[EB/OL]. NetworkWorking group Request for Comments:4765.[2007-03].http://www.ietf.org/rfc/rfc4765.txt
[51] Erbacher R.F., Walker K.L., Frincke D.A., Intrusion and Misuse Detection inLarge-scale Systems[J]. Computer Graphics and Applications,2002(1):38-47.
[52] Dae-Ki Kang, Fuller D, Honavar V. IAW’05: Proceedings from the Sixth AnnualIEEE SMC[C]. IEEE,2005.
[53] Zhi-Song Pan, Song-Can Chen, Gen-Bao Hu, Dao-Qiang Zhang.2003International Conference on Machine Learning and Cybernetics[C]. IEEE,2003.
[54] Subhadrabandhu D., Sarkar S., Anjum F.. A Framework for Misuse Detection inad hoc Networks-part1[J]. IEEE Journal of Selected Areas in Communications,2006(2):274-289.
[55] Michael Meier, Sebastian Schmert, Hartmut Koenig. Improving the Efficiency ofMisuse Detection[J]. Detection of Intrusion and Malware, and VulnerabilityAssessment,2005:188-205.
[56] Eleazar Eskin, Andrew Arnold, Michael Prerau. A Geometirc Framework forUnsupervised Anomaly Detection[J]. Appications of Data Mining in ComputerSecurity,2002:77-101.
[57] Varun Chandola, Arindam Banerjee, Vipin Kumar. Anomaly Detection: ASurvey[J]. ACM Computing Surveys,2009(3):15(1)-15(56).
[58] Christopher Kruegel, Giovanni Vigna. CCS’03Proceedings of the10thACMConference on Computer and Communications Security[C]. NY:ACM Press,2003.
[59] Caleb C. Noble, Diane J. Cook. KDD’03Proceedings of the ninth ACMSIGKDD international conference on Knowledge discovery and data mining. NY:ACM Press,2003.
[60] Bnaerjee A., Burlina, P., Diehl C. A Support Vector Method for AnomalyDetection in Hyperspectral imagery[J]. IEEE Transactions on Geoscience andRemote Sensing,2006(8):2282-2291.
[61] Khan Latifur,Awad M., Thuraisingham B., A new Intrusion Detection Systemusing Support Vector Machines and Hierarchical Clustering[J]. VLDB Journal,2007(4):507-521.
[62] Song Jungsuk, Ohira, K, Tarakura H. A Clustering Method for ImprovingPreformance of Anomaly-based Intrusion Detection System[J]. IEICETransactions on Information and Systems,2008(5):1282-1291.
[63] Park Nam Hun, Oh Sang Hyun, Lee Won Suk. Anomaly Intrusion Detection byClustering Transactional Audit Streams in A Host Computer[J]. InformationSciences,2010(12):2375-2389.
[64] Peng Liu, Dong Zhou, NaiJun Wu.2007International Conference on ServiceSystems and Service Management. IEEE,2007.
[65] Soren Hader, Fred A. Hamprecht. Proceedings of the26thAnnual Conference ofthe Gesellschaft fur Klassifikaation e.V.[C]. IEEE,2002.
[66] Ding C. Xiaofeng He.2002IEEE International Conference on Data Mining,2002(ICDM2003)[C]. IEEE,2002.
[67] Schikuta E. Proceedings of the13thInternational Conference on PatternRecognition[C]. IEEE,1996.
[68] George von Borries, Haiyan Wang. Partition Clustering of High DimensionalLow Sample Size Data based on p-values[J]. Computationaal Statistics&DataAnalysis,2009(12):3987-3998.
[69] Clark F. Olson. Parallel Algorithms for Hierarchical Clustering[J]. ParallelComputing,1995(8):1313-1325.
[70] Weizhong Zhao, Huifang Ma, Qing He.1st International Conference onCloudCom[C]. IEEE,2009.
[71] KDD Cup1999Data[DB/OL].[1999-10-28]. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[72] DARPA Intrusion Detection Data Sets[DB/OL].[2002].http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/index.html
[73] Matrin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser, GeorgeYamoyany. SAICSIT’02Proceedings of the2002Annual Research Conferenceof the South African Institute of Computer Scientists and InformationTechnologists on Enablement through Technology[C]. South African Institute forComputer Scientists and Information Technologists,2002.
[74] Kai Hwang, Min Cai, Ying Chen, Min Qin. Hybrid Intrusion Detection withWeighted Signature Generation over Anomalous Internet Episodes[J]. IEEETransaction on Dependable and Secure Computing.2007(1):41-55.
[75] álvaro Herreroa, Emilio Corchadoa, María A. Pellicera, Ajith Abrahamb.MOVIH-IDS: A mobile-visualization hybrid intrusion detection system[J].Neurocomputing,2009(13-15):2775-2784.
[76] Ozgur Depren, Murat Topallar, Emin Anarim, M. Kemal Ciliz. An intelligentintrusion detection system (IDS) for anomaly and misuse detection in computernetworks[J]. Expert Systems with Applications,2005(4):713-722.
[77] Jiong Zhang, Zulkernine, M.. ARES2006:1stInternational Conference onAvailability, Reliability and Security. IEEE,2006.
[78] Ken Deeter, Kapil Singh, Steve Wilson, Luca Filipozzi, Son Vuong. MATA2004:1stInternational Workshop[C]. Heidelberg: Springer,2004.
[79] Chung Y.Y., Wahid N..A Hybird Network Intrusion Detection System usingSimplified Swarm Optimization(SSO)[J]. Applied Soft Computing,2012(9):3014-3022.
[80] Wang S.S., Yan K.Q.. An Intergrated Intrusion Detection System forCluster-based Wireless Sensor Networks[J]. Expert Systems with Applications,2011(12):15234-15243.
[81] Aydin M.A., Zaim A.H. Ceylan. A Hybrid Intrusion Detection System Design forComputer Network Security[J]. Computer&Electrical Engineering,2009(3):517-526.
[82] Bazara I.A Barry, H Aanthony Chan. Syntax, and Semantics-based SignatureDatabase for Hybrid Intrusion Detection Systems[J]. Security andCommunication Networks,2009(6):457-475.
[83] Nahla Ben Amor, Salem Benferhat, Zied Elouedi. SAC’04proceedings of the2004ACM Symmposium on Applied Computing[C]. NY: ACM Press,2004.
[84] Abbes T, Bouhoula A., Rusinowitch M.. ITCC2004: International Conferenceon Information Technology: Coding and Computing[C]. IEEE,2004.
[85] Christopher Krugel, Thomas Toth. RAID2003:6th International Symposium[C].IEEE,2003.
[86] XiangYang Li, Nong Ye. Decision Tree Classifiers for Computer IntrusionDetection[J]. Parallel and Distributed Computing Practices,2001(2):179-190.
[87] Xiao-Bai Li. A scalable decision tree system and its application in patternrecognition and intrusion detection[J]. Decision Support Systems,2006(1):112-130.
[88] Chih-Fong Tsai, Yu-Feng Hsu, Chia-Ying Lin, Wei-Yang Lin. Intrusion Detectionby Machine Learning: A Review[J]. Expert Systems with Applications,2009(10):11994-12000.
[89] Snehal A. Mulay, P.R. Devale, G.V. Garje. Intrusion Detection System usingSupport Vector Machine and Decision Tree[J]. International Journal of ComputerApplications,2010(3):40-43.
[90] Ajith Abraham, Ravi Jain, Johnson Thomas, Sang Yong Han. D-SCIDS:Distributed soft computing intrusion detection system[J]. Journal of Network andComputer Applications,2007(1):81-98.
[91] Gowrison G., Ramar K., Muneeswaran K., Revathi T.. Minimal ComplexityAttack Classification Intrusion Detection System[J]. Applied Soft Computing,2013(2):921-927.
[92]陈友,程学旗,李洋,戴磊.基于特征选择的轻量级入侵检测系统[J].计算机学报,2007(7):1639-1651.
[93] Liu B., Fang B., Liu X.W., Chen J., Huang Z.H., He X.P.. Large MarginSubspace Learning for Feature Selection[J]. Pattern Recognition,2013(10):2788-2806.
[94] Wang C., Cao L.B., Miao B.Q.. Optimal Feature Selection for Sparse LinearDiscriminat Analysis and Its Application in Gene Expression Data[J].Computational Statistics&Data Analysis,2013:140-149.
[95] Li B., Chow T.W.S., Huang D.. A Novel Feature Selection Method and ItsApplication[J]. Journal of Intellgent Information Systems,2013(2):235-268.
[96] Hajek P., Michalak K.. Feature Selection in Corporate Credit Rating Prediction[J].Knowledge-based Systems,2013:72-84.
[97] Lan L., Vucetic S.. Improving Accuracy of Microarray Classification by a SimpleMulti-task Feature Selection Filter[J] International Journal of Data Mining andBioinformatics,2011(2):189-208.
[98] Hsu H.H., Hsieh C.W., Lu M.D.. Hybrid Feature Selection by Combining Filtersand Wrappers[J]. Expert Systems with Applications,2011(7):8144-8150.
[99] Xue B., Cervante L., Shang L., Browne W.N., Zhang M.J.. A Multi-objectiveParticle Swarm Optimisation for Filter-based Feature Selection in ClassficationProblems[J]. Connection Science,2012(2-3):91-116.
[100] Lazar C., Taminau J., Meganck S., Steenhoff D., Colettaa A.. A Survey on FilterTechniques for Features Selection in Gene Expression Microarry Analysis[J].IEEE-ACM Transactions on Computational Biology and Bioinformatics,2012(4):1106-1119.
[101] Krishna B., Kallaperumal B.. Efficient Genetic-wrapper Algorithm based DataMining for Featuree Subset Selection in a Power Quality Pattern RecognitionApplication[J]. Internal ARAB Journal of Information Technology,2011(4):397-405.
[102] Foithong S., Pinngem O., Attachoo B.. Feature Subset Selection Wrapper basedon Mutual Information and Rough Sets[J]. Expert System with Applications,2012(1):574-584.
[103] Shiue Y.R., Guh R.S., Lee K.F.. Development of Machine Learning-based RealTime Scheduling Systems: Using Ensemble based on Wrapper Feature SelectionApproach[J]. International Journal of Production Research,2012(20):5887-5905.
[104] Moustakidis S.P., Theocharis J.B.. A Fast SVM-based Wrapper FeatureSelection Method Driven by A Fuzzy Complementary Criterion[J]. PatternAnalysis and Applications,2012(4):379-397.
[105]吕召彪等.无线网络架构与演进趋势[M].机械工业出版社,2002.
[106]赫尔利等著,杨青等译.无线网络安全[M].科学出版社,2009.
[107] Stephen McLaughlin et al. MOBILE AD-HOC NETWORK: US, US2006/017/6829A1[P].[2006-08-10].
[108] Levente Buttyan, Jean-Pierre Hubaux. Stimulating Cooperation inself-organizing mobile ad hoc networks[J]. Mobile Networks and Applications,2003(5):579-592.
[109] Stefano Basagni et al. Mobile Ad Hoc Networking[M]. IEEE Press,2004.
[110] Mehran Abolhasan, Tadeusz Wysocki, Eryk Dutkiewicz. A review of routingprotocols for mobile ad hoc networks[J]. Ad Hoc Network,2004(1):1-22.
[111] Haas Z.J., Halpern J.L.. Gossip-based Ad Hoc Routing[J]. IEEE/ACMTransactions on Networking,2006,14(3):479-491.
[112] Kulik J., Heinzelman W., Balakrishnan H.. Negotiation-based Protocols forDisseminating Information in Wireless Sensor Networks[J]. Wireless Networks,2002(2-3):169-185.
[113]沈波,张世永,钟亦平.无线传感器网络分簇路由协议[J].软件学报,2006(7):1588-1600.
[114] Heinzelman W.R., Chandrakasan A., Balakrishnan H.. Proceedings of the33rdAnnual Hawaii Interlnational Conference on System Sciences[C]. IEEE,2000.
[115] Lim T.L., Mohan G.. Proceedings of2ndInternational Conference on BroadbandNetworks[C]. IEEE,2005.
[116] Shuihui M., Hong J.. ICCT ‘06: Proceedins of2006International Conference onCommunication Technology[C]. IEEE,2006.
[117] Zeng K., Ren K., Lou W., et al.. Energy Aware Effcient Geographic Routing inLossy Wireless Sensor Networks with Environmental Energy Supply[J]. WirelessNetworks,2009(1):39-51.
[118] Bernardos A.M., Tarrio P., Casar J.R.. PIMRC’06: IEEE InternationalSymposium on Personal, Indoor and Mobile Radio Communications[C]. IEEE,2006.
[119] Yongchang Y., Gang W.. WiCom’07: International Conference on WirelessCommunications, Networking and Mobile Computing[C]. IEEE,2007.
[120] Mohammad Al-Shurman, Seong-Moo Yoo, Seungjin Park. ACM-SE42Proceedins of the42ndAnnual Southeast Regional Conference[C]. NY: ACMPress,2004.
[121] Bo Sun, Yong Guan, Jian Chen, Pooch U.W.. Personal Mobile CommunicationsConference. IEEE,2003.
[122] Yih-Chun Hu, Perrig A., Johnson D.B.. INFOCOM2003:20nd Annual JointConference of the IEEE Computer and Communications[C]. IEEE,2003.
[123] Yih-Chun Hu, Perrig A., Johnson D.B.. Wormhole Attacks in WirelessNetworks[J]. IEEE Journal on Selected Areas in Communications,2006(2):370-380.
[124] Palanisamy P., Annadurai P. Impact of Rushing Attack on Multicast in MobileAd Hoc Network[J]. International Journal of Computer Science and InformationSecurity,2009(1-2):183-190.
[125] Yih-Chun Hu, Adrian Perrig, David B. Johnson. WiSE’03: Proceedings of the2ndACM Workshop on Wirelesss Security[C]. NY: ACM Press,2003.
[2] Borst Willem Nico. Construction of Engineering Ontologies for KnowledgeSharing and Reuse[M]. Enschede: Universiteit Twente,1997.
[3] Dieter Fensel. Ontologies[M]. Heidelberg: Springer,2001.
[4] Sergei Nirenburg, Victor Raskin. Ontological semantics[M]. MA:The MIT Press,2004.
[5] Undercoffer Jeffrey, Joshi Anupam, Finin Tim, Pinkston John. Using DAML+OIL to classify intrusive behaviours[J]. Knowledge Engineering Review,2003(3):221-241.
[6] Vorobiev Artem, Bekmamedova Nargiza. An ontology-driven approach applied toinformation security[J]. Journal of Research and Practice in InformationTechnology,2010(1):61-76.
[7] Li Wan, Tian Shengfeng. An ontology-based intrusion alerts correlation system[J].Expert Systems with Applications,2010(10):7138–7146
[8] Blanco Carlos, Lasheras Joaquín, Valencia-García Rafael, Fernández-MedinaEduardo1, Toval Ambrosio, Piattini Mario1. ARES2008-3rd InternationalConference on Availability, Security, and Reliability, Proceedings[C]. NJ:IEEE-ISTO,2008.
[9] Martin Ester, Hans-Peter Kriegel, J rg Sander, Xiaowei Xu. Proceedings of theSecond International Conference on Knowledge Discovery and Data Mining(KDD-96)[C]. AAAI Press,1996.
[10] Zhang Tian;Ramakrishnan Raghu1, Livny Miron. Proceedings of the1996ACMSIGMOD International Conference on Management of Data[C]. ACM Press,1996.
[11] Guan Yu, Ghorbani Ali A., Belacel Nabil. CCECE2003Canadian Conference onElectrical and Computer Engineering: Toward a Caring and HumaneTechnology[C]. Institute of Electrical and Electronics Engineers Inc,2003
[12] Oh Sang Hyun, Lee Won Suk. An anomaly intrusion detection method byclustering normal user behavior[J]. Computers and Security,2003(7):596-612.
[13] Fei Ren, Liang Hu, Hao Liang, Xiaobo Liu, Weiwu Ren. Proceedings-International Conference on Computer Science and Software Engineering, CSSE2008[C]. IEEE Computer Society,2008.
[14] Horng Shi-Jinn, Su Ming-Yang, Chen Yuan-Hsin, Kao Tzong-Wann, ChenRong-Jian, Lai Jui-Lin, Perkasa Citra Dwi.A novel intrusion detection systembased on hierarchical clustering and support vector machines[J]. Expert Systemswith Applications,2011(1):306-313.
[15] Burbeck Kalle, Nadjm-Tehrani Simin.7th International Conference onInformation Security and Cryptology-ICISC2004[C]. Springer Verlag,2004.
[16] Dash M, Liu H. Feature selection for classification[J]. Intelligent Data Analysis,Amsterdam: IOS Press,1997(3):131-156
[17] Zhao Zheng, Liu H. Proceedings of the7th SIAM International Conference onData Mining[C]. Society for Industrial and Applied Mathematics Publications,2007.
[18]陈斌,洪家荣,王亚东.最优特征子集选择问题[J].计算机学报,1997(2):133-138
[19] Leo Breiman. Random Forests[J]. Machine Learning,2001(1):5-32.
[20] Pang Herbert, George Stephen L., Hui Ken, Tong Tiejun. Gene selection usingiterative feature elimination random forests for survival outcomes[J]. IEEE/ACMTransactions on Computational Biology and Bioinformatics,2012(5):1422-1431.
[21] Joelsson Sveinn R., Benediktsson Jon Atli, Sveinsson Johannes R.. Proceedingsof the7th Nordic Signal Processing Symposium, NORSIG2006[C]. IEEEComputer Society,2007.
[22] Zenglin Xu, Rong Jin, Jieping Ye, Michael R. Lyu, Irwin King. ICML’09Proceedings of the26thAnnual International Conference on MachineLearning[C]. ACM,2009.
[23] Thibault Helleputte, Pierre Dupont. ICML’0909Proceedings of the26thAnnualInternational Conference on Machine Learning[C]. ACM,2009.
[24] Xu Zenglin, King Irwin, Lyu Michael Rung-Tsong, Jin Rong. Discriminativesemi-supervised feature selection via manifold regularization[J]. IEEETransactions on Neural Networks,2010(7):1033-1047.
[25] Asanovic Krste1, Bodik, Rastislav,Demmel James, Keaveny, Tony, KeutzerKurt, Kubiatowicz John, Morgan Nelson, Patterson, David, Sen Koushik,Wawrzynek John, Wessel David, Yelick Katherine. A view of the parallelcomputing landscape[J]. Communications of the ACM,2009(10):56-67.
[26] David J. Kuck. High Performance Computing: Challenges for FutureSystems[M]. New York: Oxford University Press,1996.
[27] Susan L. Graham, Marc Snir. Getting Up To Speed: The Future OfSupercomputing[M]. Washington DC: National Academies Press,2005.
[28] W. Daniel Hillis, GuyL. Steele, Jr. Data Parallel Algorithms[J]. Communicationsof the ACM-Special issue on parallelism,1986(12):1170-1183.
[29] Daan Leijen, Wolfram Schulte, Sebastiaan Burckhardt. OOPSLA’09Proceedings of the24th ACM SIGPLAN conference on Object orientedprogramming systems languages and applications[C]. ACM,2009.
[30] Batcher K. E. Design of a Massively Parallel Processor[J]. IEEE Transactions onComputer,1980(9):836-840.
[31] Gepner Pawe, Kowalik Micha F., PARELEC2006-Proceedings: InternationalSymposium on Parallel Computing in Electrical Engineering[C]. IEEE ComputerSociety,2006.
[32] Armbrust Michael, Fox Armando, Griffith Rean, Joseph Anthony D. KatzRandy, Konwinski Andy, Lee Gunho, Patterson David, Rabkin Ariel,Stoica Ion,Zaharia Matei. A view of cloud computing[J]. Communications of the ACM,2010(4):50-58.
[33]陈国良,孙广中,徐云,龙柏.并行计算的一体化研究现状与发展趋势[J].科学通报,2009(8):1043-1049.
[34] Shameem Akhther, Jason Roberts. Multi-Core Programming[M]. Richard Bowles,2006.
[35] Anya kim, Jim Luo, Myong Kang. Security ontology for AnnotatingResources[J]. Lecture Notes in Computer Science,2005:1483-1499.
[36] Benjamin Morin, Ludovic Me, Herve Debar, Mireille Ducasse. A Logic-basedModel to Support Alert Correlation in Intrusion Detection[J]. Information Fusion,2009(4):285-299.
[37] Gutavo A. Isaza, Andres G. Castillo, Nestor D.7th international Conference onPratical Applications of Agents and Multi-Agent Systems(PAAMS2009)[C],Springer,2009.
[38] Vorobiev A., Jun Han. Second international Conference on Semanticas,Konwledge and Grid,2006(SKG’06)[C], IEEE,2006.
[39] Coppolino L., Dipt. Perle Tecnol.. International Conference on Network andService Security(N2S ‘09)[C]. IEEE,2009.
[40] Information technology-Security techniques-Information security managementsystems–Requirements[S/OL]. ISO/IEC27001:2005,[2013-09-25].http://www.iso.org/iso/catalogue_detail?csnumber=42103
[41] Velasco, J.L.a.V.-G., R. and Fernandez-Breis, J.T. and Toval, A., ModellingReusable Security Requirements Based on an Ontology Framework[J]. Journalof Research and Practice in Information Technology,2009(2):119-133.
[42] Wang J, A.a.G. M.. Bioinformatics, Systems Biology and Intelligent Computing,2009. IJCBS'09.[C]. IEEE,2009.
[43] Common Vulnerabilities and Exposures–The standard of Information SecurityVulnerability Names[EB/OL]. CVE,[2013-09-06]. http://cve.mitre.org/
[44] National Vulnerability Database–automating vulnerability management,security measurement, and compliance checking[DB/OL]. NVD,[2013-10-10].http://nvd.nist.gov/
[45] Common Configuration Enumeration–Unique Identifiers for Common SystemConfiguration Issues[EB/OL]. CCE,[2013-5-30]. http://cce.mitre.org/
[46] Common Attack Pattern enumeration and Classification–A Community ofKnowledge Resource for Building Secure Software[EB/OL]. CAPEC,
[2013-09-05]. http://capec.mitre.org/
[47] OWL Web Ontology Language Overview. W3C Recommendation,[2004-02-10].http://www.w3.org/TR/owl-features/
[48] Vulnerability Notes Database–Advisory and mitigation information aboutsoftware vulnerabilities[DB/OL]. National Cyber Secuity Division,[2013-10-10],http://www.kb.cert.org/vuls/.
[49] SWRL: A Semantic Web Rule Language Combining OWL and RuleML[EB/OL].W3C Member Submission,[2004-05-21]. http://www.w3.org/S ubmission/SWRL/
[50] The Intrusion Detection Message Exchange Format(IDMEF)[EB/OL]. NetworkWorking group Request for Comments:4765.[2007-03].http://www.ietf.org/rfc/rfc4765.txt
[51] Erbacher R.F., Walker K.L., Frincke D.A., Intrusion and Misuse Detection inLarge-scale Systems[J]. Computer Graphics and Applications,2002(1):38-47.
[52] Dae-Ki Kang, Fuller D, Honavar V. IAW’05: Proceedings from the Sixth AnnualIEEE SMC[C]. IEEE,2005.
[53] Zhi-Song Pan, Song-Can Chen, Gen-Bao Hu, Dao-Qiang Zhang.2003International Conference on Machine Learning and Cybernetics[C]. IEEE,2003.
[54] Subhadrabandhu D., Sarkar S., Anjum F.. A Framework for Misuse Detection inad hoc Networks-part1[J]. IEEE Journal of Selected Areas in Communications,2006(2):274-289.
[55] Michael Meier, Sebastian Schmert, Hartmut Koenig. Improving the Efficiency ofMisuse Detection[J]. Detection of Intrusion and Malware, and VulnerabilityAssessment,2005:188-205.
[56] Eleazar Eskin, Andrew Arnold, Michael Prerau. A Geometirc Framework forUnsupervised Anomaly Detection[J]. Appications of Data Mining in ComputerSecurity,2002:77-101.
[57] Varun Chandola, Arindam Banerjee, Vipin Kumar. Anomaly Detection: ASurvey[J]. ACM Computing Surveys,2009(3):15(1)-15(56).
[58] Christopher Kruegel, Giovanni Vigna. CCS’03Proceedings of the10thACMConference on Computer and Communications Security[C]. NY:ACM Press,2003.
[59] Caleb C. Noble, Diane J. Cook. KDD’03Proceedings of the ninth ACMSIGKDD international conference on Knowledge discovery and data mining. NY:ACM Press,2003.
[60] Bnaerjee A., Burlina, P., Diehl C. A Support Vector Method for AnomalyDetection in Hyperspectral imagery[J]. IEEE Transactions on Geoscience andRemote Sensing,2006(8):2282-2291.
[61] Khan Latifur,Awad M., Thuraisingham B., A new Intrusion Detection Systemusing Support Vector Machines and Hierarchical Clustering[J]. VLDB Journal,2007(4):507-521.
[62] Song Jungsuk, Ohira, K, Tarakura H. A Clustering Method for ImprovingPreformance of Anomaly-based Intrusion Detection System[J]. IEICETransactions on Information and Systems,2008(5):1282-1291.
[63] Park Nam Hun, Oh Sang Hyun, Lee Won Suk. Anomaly Intrusion Detection byClustering Transactional Audit Streams in A Host Computer[J]. InformationSciences,2010(12):2375-2389.
[64] Peng Liu, Dong Zhou, NaiJun Wu.2007International Conference on ServiceSystems and Service Management. IEEE,2007.
[65] Soren Hader, Fred A. Hamprecht. Proceedings of the26thAnnual Conference ofthe Gesellschaft fur Klassifikaation e.V.[C]. IEEE,2002.
[66] Ding C. Xiaofeng He.2002IEEE International Conference on Data Mining,2002(ICDM2003)[C]. IEEE,2002.
[67] Schikuta E. Proceedings of the13thInternational Conference on PatternRecognition[C]. IEEE,1996.
[68] George von Borries, Haiyan Wang. Partition Clustering of High DimensionalLow Sample Size Data based on p-values[J]. Computationaal Statistics&DataAnalysis,2009(12):3987-3998.
[69] Clark F. Olson. Parallel Algorithms for Hierarchical Clustering[J]. ParallelComputing,1995(8):1313-1325.
[70] Weizhong Zhao, Huifang Ma, Qing He.1st International Conference onCloudCom[C]. IEEE,2009.
[71] KDD Cup1999Data[DB/OL].[1999-10-28]. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[72] DARPA Intrusion Detection Data Sets[DB/OL].[2002].http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/index.html
[73] Matrin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser, GeorgeYamoyany. SAICSIT’02Proceedings of the2002Annual Research Conferenceof the South African Institute of Computer Scientists and InformationTechnologists on Enablement through Technology[C]. South African Institute forComputer Scientists and Information Technologists,2002.
[74] Kai Hwang, Min Cai, Ying Chen, Min Qin. Hybrid Intrusion Detection withWeighted Signature Generation over Anomalous Internet Episodes[J]. IEEETransaction on Dependable and Secure Computing.2007(1):41-55.
[75] álvaro Herreroa, Emilio Corchadoa, María A. Pellicera, Ajith Abrahamb.MOVIH-IDS: A mobile-visualization hybrid intrusion detection system[J].Neurocomputing,2009(13-15):2775-2784.
[76] Ozgur Depren, Murat Topallar, Emin Anarim, M. Kemal Ciliz. An intelligentintrusion detection system (IDS) for anomaly and misuse detection in computernetworks[J]. Expert Systems with Applications,2005(4):713-722.
[77] Jiong Zhang, Zulkernine, M.. ARES2006:1stInternational Conference onAvailability, Reliability and Security. IEEE,2006.
[78] Ken Deeter, Kapil Singh, Steve Wilson, Luca Filipozzi, Son Vuong. MATA2004:1stInternational Workshop[C]. Heidelberg: Springer,2004.
[79] Chung Y.Y., Wahid N..A Hybird Network Intrusion Detection System usingSimplified Swarm Optimization(SSO)[J]. Applied Soft Computing,2012(9):3014-3022.
[80] Wang S.S., Yan K.Q.. An Intergrated Intrusion Detection System forCluster-based Wireless Sensor Networks[J]. Expert Systems with Applications,2011(12):15234-15243.
[81] Aydin M.A., Zaim A.H. Ceylan. A Hybrid Intrusion Detection System Design forComputer Network Security[J]. Computer&Electrical Engineering,2009(3):517-526.
[82] Bazara I.A Barry, H Aanthony Chan. Syntax, and Semantics-based SignatureDatabase for Hybrid Intrusion Detection Systems[J]. Security andCommunication Networks,2009(6):457-475.
[83] Nahla Ben Amor, Salem Benferhat, Zied Elouedi. SAC’04proceedings of the2004ACM Symmposium on Applied Computing[C]. NY: ACM Press,2004.
[84] Abbes T, Bouhoula A., Rusinowitch M.. ITCC2004: International Conferenceon Information Technology: Coding and Computing[C]. IEEE,2004.
[85] Christopher Krugel, Thomas Toth. RAID2003:6th International Symposium[C].IEEE,2003.
[86] XiangYang Li, Nong Ye. Decision Tree Classifiers for Computer IntrusionDetection[J]. Parallel and Distributed Computing Practices,2001(2):179-190.
[87] Xiao-Bai Li. A scalable decision tree system and its application in patternrecognition and intrusion detection[J]. Decision Support Systems,2006(1):112-130.
[88] Chih-Fong Tsai, Yu-Feng Hsu, Chia-Ying Lin, Wei-Yang Lin. Intrusion Detectionby Machine Learning: A Review[J]. Expert Systems with Applications,2009(10):11994-12000.
[89] Snehal A. Mulay, P.R. Devale, G.V. Garje. Intrusion Detection System usingSupport Vector Machine and Decision Tree[J]. International Journal of ComputerApplications,2010(3):40-43.
[90] Ajith Abraham, Ravi Jain, Johnson Thomas, Sang Yong Han. D-SCIDS:Distributed soft computing intrusion detection system[J]. Journal of Network andComputer Applications,2007(1):81-98.
[91] Gowrison G., Ramar K., Muneeswaran K., Revathi T.. Minimal ComplexityAttack Classification Intrusion Detection System[J]. Applied Soft Computing,2013(2):921-927.
[92]陈友,程学旗,李洋,戴磊.基于特征选择的轻量级入侵检测系统[J].计算机学报,2007(7):1639-1651.
[93] Liu B., Fang B., Liu X.W., Chen J., Huang Z.H., He X.P.. Large MarginSubspace Learning for Feature Selection[J]. Pattern Recognition,2013(10):2788-2806.
[94] Wang C., Cao L.B., Miao B.Q.. Optimal Feature Selection for Sparse LinearDiscriminat Analysis and Its Application in Gene Expression Data[J].Computational Statistics&Data Analysis,2013:140-149.
[95] Li B., Chow T.W.S., Huang D.. A Novel Feature Selection Method and ItsApplication[J]. Journal of Intellgent Information Systems,2013(2):235-268.
[96] Hajek P., Michalak K.. Feature Selection in Corporate Credit Rating Prediction[J].Knowledge-based Systems,2013:72-84.
[97] Lan L., Vucetic S.. Improving Accuracy of Microarray Classification by a SimpleMulti-task Feature Selection Filter[J] International Journal of Data Mining andBioinformatics,2011(2):189-208.
[98] Hsu H.H., Hsieh C.W., Lu M.D.. Hybrid Feature Selection by Combining Filtersand Wrappers[J]. Expert Systems with Applications,2011(7):8144-8150.
[99] Xue B., Cervante L., Shang L., Browne W.N., Zhang M.J.. A Multi-objectiveParticle Swarm Optimisation for Filter-based Feature Selection in ClassficationProblems[J]. Connection Science,2012(2-3):91-116.
[100] Lazar C., Taminau J., Meganck S., Steenhoff D., Colettaa A.. A Survey on FilterTechniques for Features Selection in Gene Expression Microarry Analysis[J].IEEE-ACM Transactions on Computational Biology and Bioinformatics,2012(4):1106-1119.
[101] Krishna B., Kallaperumal B.. Efficient Genetic-wrapper Algorithm based DataMining for Featuree Subset Selection in a Power Quality Pattern RecognitionApplication[J]. Internal ARAB Journal of Information Technology,2011(4):397-405.
[102] Foithong S., Pinngem O., Attachoo B.. Feature Subset Selection Wrapper basedon Mutual Information and Rough Sets[J]. Expert System with Applications,2012(1):574-584.
[103] Shiue Y.R., Guh R.S., Lee K.F.. Development of Machine Learning-based RealTime Scheduling Systems: Using Ensemble based on Wrapper Feature SelectionApproach[J]. International Journal of Production Research,2012(20):5887-5905.
[104] Moustakidis S.P., Theocharis J.B.. A Fast SVM-based Wrapper FeatureSelection Method Driven by A Fuzzy Complementary Criterion[J]. PatternAnalysis and Applications,2012(4):379-397.
[105]吕召彪等.无线网络架构与演进趋势[M].机械工业出版社,2002.
[106]赫尔利等著,杨青等译.无线网络安全[M].科学出版社,2009.
[107] Stephen McLaughlin et al. MOBILE AD-HOC NETWORK: US, US2006/017/6829A1[P].[2006-08-10].
[108] Levente Buttyan, Jean-Pierre Hubaux. Stimulating Cooperation inself-organizing mobile ad hoc networks[J]. Mobile Networks and Applications,2003(5):579-592.
[109] Stefano Basagni et al. Mobile Ad Hoc Networking[M]. IEEE Press,2004.
[110] Mehran Abolhasan, Tadeusz Wysocki, Eryk Dutkiewicz. A review of routingprotocols for mobile ad hoc networks[J]. Ad Hoc Network,2004(1):1-22.
[111] Haas Z.J., Halpern J.L.. Gossip-based Ad Hoc Routing[J]. IEEE/ACMTransactions on Networking,2006,14(3):479-491.
[112] Kulik J., Heinzelman W., Balakrishnan H.. Negotiation-based Protocols forDisseminating Information in Wireless Sensor Networks[J]. Wireless Networks,2002(2-3):169-185.
[113]沈波,张世永,钟亦平.无线传感器网络分簇路由协议[J].软件学报,2006(7):1588-1600.
[114] Heinzelman W.R., Chandrakasan A., Balakrishnan H.. Proceedings of the33rdAnnual Hawaii Interlnational Conference on System Sciences[C]. IEEE,2000.
[115] Lim T.L., Mohan G.. Proceedings of2ndInternational Conference on BroadbandNetworks[C]. IEEE,2005.
[116] Shuihui M., Hong J.. ICCT ‘06: Proceedins of2006International Conference onCommunication Technology[C]. IEEE,2006.
[117] Zeng K., Ren K., Lou W., et al.. Energy Aware Effcient Geographic Routing inLossy Wireless Sensor Networks with Environmental Energy Supply[J]. WirelessNetworks,2009(1):39-51.
[118] Bernardos A.M., Tarrio P., Casar J.R.. PIMRC’06: IEEE InternationalSymposium on Personal, Indoor and Mobile Radio Communications[C]. IEEE,2006.
[119] Yongchang Y., Gang W.. WiCom’07: International Conference on WirelessCommunications, Networking and Mobile Computing[C]. IEEE,2007.
[120] Mohammad Al-Shurman, Seong-Moo Yoo, Seungjin Park. ACM-SE42Proceedins of the42ndAnnual Southeast Regional Conference[C]. NY: ACMPress,2004.
[121] Bo Sun, Yong Guan, Jian Chen, Pooch U.W.. Personal Mobile CommunicationsConference. IEEE,2003.
[122] Yih-Chun Hu, Perrig A., Johnson D.B.. INFOCOM2003:20nd Annual JointConference of the IEEE Computer and Communications[C]. IEEE,2003.
[123] Yih-Chun Hu, Perrig A., Johnson D.B.. Wormhole Attacks in WirelessNetworks[J]. IEEE Journal on Selected Areas in Communications,2006(2):370-380.
[124] Palanisamy P., Annadurai P. Impact of Rushing Attack on Multicast in MobileAd Hoc Network[J]. International Journal of Computer Science and InformationSecurity,2009(1-2):183-190.
[125] Yih-Chun Hu, Adrian Perrig, David B. Johnson. WiSE’03: Proceedings of the2ndACM Workshop on Wirelesss Security[C]. NY: ACM Press,2003.