一种基于移动代理的自适应的分布式入侵检测系统的架构与实施
|
摘要
随着网络技术的飞速发展,网络安全问题日益突出。网络入侵检测系统处理能力的缺乏引发了入侵事件的漏报或误报,提高入侵检测系统的检测速度和检测准确率是目前急需解决的关键问题。
本文针对提高入侵检测系统处理能力的提高进行了研究,尤其是入侵检测系统性能的优化方面取得了一定的成果
检测速度和检测的准确率是入侵检测两个重要的指标,单纯依靠分析算法的改进来提高二者并不完全奏效。针对这种情况,我们提出了基于移动代理的自适应的分布式入侵检测系统MAAIDS。MAAIDS是一个由移动代理作为优化组件、多个分析结点及探测结点组成的可自动进行优化的分布式网络入侵检测系统。MAAIDS的优化组件执行系统的性能评估,制定相应的优化策略,将分析组件的检测速度和检测准确率稳定在一个可接受的范围之内,尽可能地发挥整个系统的处理能力。
本文提出了MAAIDS的优化机制,整个优化机制包含优化决策判断机制、优化方案生成机制和优化方案评估机制三部分。优化决策判断机制负责对待优化对象性能进行分析以判断是否需要优化;优化方案生成机制涵盖了优化方案的设计中的所有环节;优化方案评估机制则对优化方案的优化效果做出评价,对已生成的优化方案进行可行性分析,确认其优化效果是否达到了执行的标准。
优化方案包含数据包分发方案和检测算法转换方案两部分,本文根据入侵检测的特点提出了MAAIDS的数据包分发机制和检测算法转化机制。数据包分发机制负责将数据包分发至合理的数据分析组件,通过本文所提出的数据包分发规则得以执行。同时,数据分类机制将数据包按照特点进行分类并结合数据包分发规则推理出新的规则,使得数据包分发适应数据包的变化。检测算法转换机制则根据本文所设计的转换规则和转换器决定检测算法的实时替换。
优化方案设计完成后,需要在诸多备选方案中选出最优方案进行实施。本文结合入侵检测的实际情况,采用遗传理论对优化方案进行遴选。遗传理论对
With the development of network technology and application, network security becomes increasingly more important. Network-based intrusion detection systems need deal with so many data that false positives and false negatives often occur. So, doing research on the improvement of intrusion detection system performance is not only challenging but also very important.In this paper, the mechanism, methods of and countermeasures to the improvement of intrusion detection system performance are discussed. After that, several improvements to intrusion detection system are given, which reduce false positive rate and false negative rate and enhance detection speed.Previous research mostly focuses on new detection algorithms rather than the optimization of current algorithms. MAAIDS, which is an acronym for mobile agent based adaptive distributed intrusion detection system, is proposed to enhance intrusion detection system performance. We explain the design and implementations of agents,
which operate based on their (possibly imperfect) beliefs about the current status of the network and use their plans and capabilities to cope with the real world intrusion detection and automated response problems. MAAIDS can optimize itself by a mobile agent named Improvement Agent. Improvement Agent roves and evaluates the performance of a Data Analysis Agent which the Improvement Agent is in its host. According to the evaluation, the Improvement Agent makes an optimization plan to make the most of the capacity of the Data Analysis Agent. Compared to traditional distributed intrusion detection systems, MAAIDS is a more adaptive and efficient system.As an adaptive system, optimization mechanism is put up here. It includes three parts, optimization judgement mechanism, optimization plan creation mechanism and optimization plan evaluation mechanism. Through the three procedures, an optimization plan is born.The optimization plan includes data packets distribution plan and detection algorithms switch plan. Data packets distribution plan enables most packets are sent to proper analysis components which deal with them in higher efficiency. Detection algorithms switch plan is responsible for analysis components choosing proper detection algorithms in most time. From optimization plans we choose the most excellent plan to execute by genetic algorithm.
Here the components of MAAIDS are investigated in the term of agent. Components structures and intelligent attributes are established. We also set up communication protocol and model between components so components can interact with each other when MAAIDS is working. Through interactions, MAAIDS becomes a more intelligent intrusion detection system.
本文针对提高入侵检测系统处理能力的提高进行了研究,尤其是入侵检测系统性能的优化方面取得了一定的成果
检测速度和检测的准确率是入侵检测两个重要的指标,单纯依靠分析算法的改进来提高二者并不完全奏效。针对这种情况,我们提出了基于移动代理的自适应的分布式入侵检测系统MAAIDS。MAAIDS是一个由移动代理作为优化组件、多个分析结点及探测结点组成的可自动进行优化的分布式网络入侵检测系统。MAAIDS的优化组件执行系统的性能评估,制定相应的优化策略,将分析组件的检测速度和检测准确率稳定在一个可接受的范围之内,尽可能地发挥整个系统的处理能力。
本文提出了MAAIDS的优化机制,整个优化机制包含优化决策判断机制、优化方案生成机制和优化方案评估机制三部分。优化决策判断机制负责对待优化对象性能进行分析以判断是否需要优化;优化方案生成机制涵盖了优化方案的设计中的所有环节;优化方案评估机制则对优化方案的优化效果做出评价,对已生成的优化方案进行可行性分析,确认其优化效果是否达到了执行的标准。
优化方案包含数据包分发方案和检测算法转换方案两部分,本文根据入侵检测的特点提出了MAAIDS的数据包分发机制和检测算法转化机制。数据包分发机制负责将数据包分发至合理的数据分析组件,通过本文所提出的数据包分发规则得以执行。同时,数据分类机制将数据包按照特点进行分类并结合数据包分发规则推理出新的规则,使得数据包分发适应数据包的变化。检测算法转换机制则根据本文所设计的转换规则和转换器决定检测算法的实时替换。
优化方案设计完成后,需要在诸多备选方案中选出最优方案进行实施。本文结合入侵检测的实际情况,采用遗传理论对优化方案进行遴选。遗传理论对
With the development of network technology and application, network security becomes increasingly more important. Network-based intrusion detection systems need deal with so many data that false positives and false negatives often occur. So, doing research on the improvement of intrusion detection system performance is not only challenging but also very important.In this paper, the mechanism, methods of and countermeasures to the improvement of intrusion detection system performance are discussed. After that, several improvements to intrusion detection system are given, which reduce false positive rate and false negative rate and enhance detection speed.Previous research mostly focuses on new detection algorithms rather than the optimization of current algorithms. MAAIDS, which is an acronym for mobile agent based adaptive distributed intrusion detection system, is proposed to enhance intrusion detection system performance. We explain the design and implementations of agents,
which operate based on their (possibly imperfect) beliefs about the current status of the network and use their plans and capabilities to cope with the real world intrusion detection and automated response problems. MAAIDS can optimize itself by a mobile agent named Improvement Agent. Improvement Agent roves and evaluates the performance of a Data Analysis Agent which the Improvement Agent is in its host. According to the evaluation, the Improvement Agent makes an optimization plan to make the most of the capacity of the Data Analysis Agent. Compared to traditional distributed intrusion detection systems, MAAIDS is a more adaptive and efficient system.As an adaptive system, optimization mechanism is put up here. It includes three parts, optimization judgement mechanism, optimization plan creation mechanism and optimization plan evaluation mechanism. Through the three procedures, an optimization plan is born.The optimization plan includes data packets distribution plan and detection algorithms switch plan. Data packets distribution plan enables most packets are sent to proper analysis components which deal with them in higher efficiency. Detection algorithms switch plan is responsible for analysis components choosing proper detection algorithms in most time. From optimization plans we choose the most excellent plan to execute by genetic algorithm.
Here the components of MAAIDS are investigated in the term of agent. Components structures and intelligent attributes are established. We also set up communication protocol and model between components so components can interact with each other when MAAIDS is working. Through interactions, MAAIDS becomes a more intelligent intrusion detection system.
引文
[001] James P. Anderson. Information Security in a Multi-User Computer Environment. Advances in Computers 1972,12:1-36
[002] James P. Anderson. Computer security threat monitoring and surveillance. Technical Report. James P Anderson Co., Fort Washington, Pennsylvania, 1980
[003] Denning D. An Intrusion-Detection Model. IEEE transaction on Software Engineering, 1987,13(2):222-232
[004] Bauer D, Koblentz M. NIDX: a Real-Time Intrusion Detection Expert System. Proceedings of the USENIX'88 Conference, 1988, 261-272
[005] Sebring M, Shellhouse E, Hanna M, Whitehurst R. Expert System in Intrusion Detection: A Case Study. Proceedings of the 11th National Computer Security Conference, 1988,74-81
[006] Smaha S. Haystack: An Intrusion Detection System. Proceedings of the 4th Aerospace Computer Security Application Conference, pages 1988, 37-44
[007] Vaccaro H, Liepins G. Detection of Anomalous Computer Session Activity. Proceedings of the IEEE Symposium on Security and Privacy, 1989
[008] Blain L, Deswarte Y. An Intrusion Tolerant Security Server for an Open Distributed System. In European Symposium on Research in Computer Security(ESORICS), 1990, 97-104
[009] Herberlein L T, Dias G, Levitt K, Mukherjee B, Wood J, Wolber D. A network security monitor. Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy, 1990, 296-304
[010] Fox K, Henning R, Reed J, Simmonian R. A Neural Network Approach Towards Intrusion Detection. Technical report, Harris Corporation, 1990
[011] Lunt T. IDES: An intelligent System for Detecting Intruders. In Computer Security, Threats and Countermeasures, 1990
[012] Mercer L C. Fraud Detection via Regression Analysis. Computers and Security, 1990, 9(5)
[013] Teng H, Chen K and Lu S-Y. Adaptive Real-Time Anomaly Detection using Inductively Generated Sequential Patterns. Proceedings of the IEEE Symposium on Security and Privacy, 1990
[014] Mcauliffe N, Wolcott D, Schaefer L, Kelem N, Hubbard B, Haluey T. Is your Computer Being Misused? A Survey of Current Intrusion Detection System Technology. Proceedings of the IEEE Computer Security Applications Conference, 1990, 260-272
[015] L. Herberlein, G Dias, K. Levitt, B. Mukherjee, J. Wood, and D. Wolber. A Network Security Monitor. Proceedings of the IEEE Symposium on Research in Security and Privacy, 1990, 296--304
[016] S. Staniford-Chen, B. Tung, D. Schnackenberg. The common intrusion detection framework(CIDF). The 1st Information Survivability Workshop, Orlando, FL, USA, 1998
[017] Intrusion Detection Working Group. The Intrusion Detection Exchange Protocol (IDXP). http://www.ietf.org/internet-draft/draft-ietf-idwg-beep-idxp-04.txt
[018] Spafford, E. Crisis and aftermath. Communications of the ACM , 1989, 32 (6) : 678-687
[019] Heady, R., Luger, G., Maccabe, A., et al. The architecture of a network levelintrusion detection system. Technical Report, Department of Computer Science, University of New Mexico, 1990
[020] Doak, Justin. Intrusion detection: the application of feature selection--a comparison of algorithms, and the application of a wide area network analyzer [MS Thesis ]. Department of Computer Science, University of California, Davis, 1992
[021] Bian, Zhao-Qi, YAN, PING-FAN, YANG, CUN-RONG. Pattern Recognition. Beijing: Tsinghua University Press, 1988 (in Chinese)
[022] Lunt, T. F., Tamaru, A., Gilham, F., et al. A real-time intrusion detection expert system (IDES). Technical Report, Computer Science Laboratory, SRI International, Menlo Park, California, 1992
[023] Kumar, G. Classification and detection of computer intrusions [Ph. D. Thesis ]. Purdue University, 1995
[024] http://www.cs.ucsb. edu/~ kemm/NetSTAT/ documents.html
[025] He Hua-can. Introduction to Artificial Intelligence. Xi'an: Northwestern University of Technology Press, 1988 (in Chinese)
[026] Carla, T. L., Brodley, E. Temporal sequence learning and data reduction for anomaly detection. In: Reiter, Med. Proceedings of the 5th Conference on Computer and Communications Security. New York: ACM Press, 1998.150~158
[027] Carla, T. L., Broaley, E. Detecting the abnormal: machine learning in computer security. Technical Report, TR-ECE97-1, Purdue University, West Lafayette, 1997
[028] http://www.usenix.org/publications/library/proceedings/sec98/full-papers/ lee.html
[029] Hu, Kan, Xia, Shao-wei. Large data warehouse-based data mining: a survey. Journal of Software, 1998, 9 (1): 53~63( in Chinese)
[030] http://www.cs.columbia.edu/~sal/hpapers/kdd99-id. ps. gz
[031] http://www.cs.columbia.edu/~sal/hpapers/framework. ps. gz
[032] http://www.cs.columbin.edu/~sal/hpapers/alg-chapter. ps. gz
[033] Ruan, Yao-ping, Yi, Jiang-bo, Zhao, Zhan-sheng. The model and methodology of intrusion detection in computer system. Computer Engineering, 1999, 25 (9): 63~65 (in Chinese)
[034] Ilgun, K. USTAT: a real-time intrusion detection system for UNIX [MS Thesis]. Department of Computer Science,University of California, Santa Barbara, 1992
[035] J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Lsacoff. Architecture for intrusion detection using autonomous Analyzers. COAST Laboratory, Purdue University, COAST Tech Rep: 9805,1998. http://www.cerias.purdue.edu/homes/aafid/docs/tr9805.pdf
[036] S. R. Snapp, S. E. Smaha, D. M. Teal. The DIDS (distributed intrusion detection system) prototype. In: USENIX Association. Proc of the S ummer 1992 USENIX Conf.Berkeley, CA, USA: USENIX Association, 1992,227-233
[037] S. Stanford-Chen, S. Cheung, R. Crawford. GrIDS-A graph based intrusion detection system for large networks. The 19th National Information Systems Security Conference (NISSC), Baltimore, MD, USA, 1996(1):361~370
[038] P. A. Porras, P. G. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. The 20th National Information Systems Security Conference (NISSC), Baltimore, MD, USA, 1997.353-365
[039] White J E. Mobile agents. In: Bradshaw , Jeffrey eds. Software Agents, Menlo Pork, California: AAAI Press, The MIT Press, 1996
[040] Lange D B. Mobile objects and mobile agents: The future of distributed computing. In: Proc of the European Conf on Object-Oriented Programm ing'98. Brussels, 1998
[041] Chess D M, Harrison C G, Kershenbaum A. Mobile agents:Are they a good idea. IBM T J Waston Research Center, Tech Rep: RC19887.1995
[042] Stamos J W, Giffo rd D K. Implementing remote evaluation. IEEE Trans on Software Engineering, 1990,16 (7) : 710~722
[043] Lange D B, Mitsuru O shima. Seven good reasons formobile agents. Communications of the ACM , 1999, 42 (3) : 88~89
[044] Fuggetta A, Picco G P, Vigna G. Understanding code mobility. IEEE Trans on Software Engineering, 1998, 24 (5) : 342~361
[045] Fritz Hohl. The Mobile Agent List. 2000. http://mole. informatik. uni-stuttgart. De/mal/preview/preview.html
[046] Holger Peine, Torsten Stolpmann. The architecture of the ara platform for mobile agents. In: Mobile Agents--First International Work shop, MA '97. Berlin, 1997
[047] Holger Peine. An introduction to mobile agent programming and the ara system. University Kaiserslautern, Tech Rep:ZRI-Report 1/97,1997
[048] Holger Peine. Security concepts and implementation in the ara of mobile agent systems. In: Proc of IEEE WET ICE'98. Palo Alto, 1998
[049] White J. Telescript technology: An introduction to the language. General Magic White Paper GM-M-TSW P3-0495-V1, General Magic Incorporated, Sunnyvale, California, 1995
[050] Joseph Kiniry, Daniel Zimmerman. A hands-on look at Java mobile agents. IEEE Internet Computer, 1997,1(4): 21-30
[051] David Kotz et al. Agent TCL: Targeting the needs of mobile computers. IEEE Internet Computer, 1997,1 (4): 58-67
[052] Gray R S. Agent TCL: A flexible and secure mobile-agent system [PhD dissertation]. Computer Science Department, Dartmouth Co llege, Hanover, 1997
[053] Gray R S et al. D'A gents: Security in a multiple-language, mobile-agent system. In: Giovanni Vigna ed. Mobile Agents and Security, Lecture Notes in Computer Science. New York:Springer-Verlag, 1998
[054] Lange D B. Java Aglet application programming interface (JAPPI). IBM Tokyo Research Laboratory, 1997. http://www.trl.ibm.co.jp/aglets
[055] Karjoth G, Lange D B. A security model for Aglets. IEEE Internet Computer, 1997,1 (4) : 68-77
[056] Walsh T, Paciorek N , Wong D. Security and reliability in concordia. In: 31st Annual Hawaii International Conference on System Sciences (HICSS31), Kona, Hawaii, 1998
[057] Wong D et al. Concordia: An infrastructure for collaborating mobile agents. In: Mobile Agents-First International Workshop, MA '97. Berlin, 1997
[058] Reuven Koblick. Concordia. Communication of the ACM, 1999, 42 (3) : 96- 97
[059] TACOMA. Project overview. 2000. http://www.tacoma.cs.uit.no/overview.html
[060] Johansen D et al. An approach towards an agent computing environment. Department of Computer Science, University of Tromso, Tech Rep: 98233,1998
[061] Baumann J et al. Mole-concepts of a mobile agent system. WWW Journal, 1998, 1(3): 123-137
[062] Markus Straber et al. Mole--A Java based mobile agent system. In: Proc of the 2nd ECOOP Workshop on Mobile Object System s. Linz, Austria, 1996. 28-35
[063] Fritz Hohl. A model of attacks of malicious hosts against mobile agents. In: Proc of the ECOOP Workshop on Distributed Object Security and 4th Workshop on Mobile Object Systems:Secure Internet Mobile Computations. France, 1998. 105~120
[064] Fritz Hohl. Time limited blackbox security: Protecting mobile agents from malicious hosts. In: Vigna Ged. Mobile Agents and Security. New York: Springer-Verlag, 1998
[065] ObjectSpace Inc. Voyager Core Package: Technical Overview. Technical White Paper, 1997
[066] ObjectSpace Inc. A Comparison of Voyager, Odyssey, and Aglets. Technical White Paper, 1997
[067] N F Puketza , K Zhang , M Chung et al. A methodology for testing intrusion detection systems. IEEE Trans on Software Engineering, 1996 , 22 (10): 719~729
[068] Gupta, N McKeown. Packet classification on multiple fields. The ACM SIGCOMM'99, Cambridge, Massachusetts, 1999. http://acm.lib.tsinghua.edu.cn/acm/main.nsp?view = ACM
[069] T V Lakshman, D Stidialis. High speed policy-based packet forwarding using efficient multi-dimensional range matching. The ACM Sigcomm'98, 1998. http://acm. lib.tsinghua.edu.cn/acm/main.nsp?view = ACM
[070] A Hari, S Suri, G Parulkar. Detecting and resolving packet filter conflicts. INFOCOM 2000, 19th Annual Joint Conf of the IEEE Computer and Communications Societies , 2000. http://ieeexplore.ieee.org
[071] P Gupta, N McKeown. Packet classification using hierarchical intelligent cuttings. IEEE Micro, 2000 , 20 (1): 34~41
[072] V Srinivasan, S Suri, G Varghese. Packet classification using tuple space search. The ACM Sigcomm'99,1999. http://acm.lib.tsinghua.edu.cn/acm/main.nsp?vies=ACM
[073] Jvan Lunteren , A P Jengbersen. Multi-field packet classification using ternary CAM. Electronics Letters , 2002, 38 (1): 21~23
[074] E Kohler, R Morris, B Chen et al. The click modular router. ACM Trans on Computer Systems, 2000,18 (3) : 263~297
[075] V Srinivasan, G Varghese, S Suri et al. Fast and scalable layer four switching. ACM SIGCOMM Computer Communication Review(ACM SIGCOMM'98), 1998, 28 (4) : 191~202
[076] M M Buddhikot, S Suri, M Waldvogel. Space decomposition techniques for fast layer-4 switching. In: Proc of Conf on Protocols for High Speed Networks. Salem, MA, USA: Kluwer Academic Publishers,1999. 25~41
[077] A Brodnik, S Carlsson, M Degermark et al. Small forwarding tables for fast routing lookups. The ACM SIGCOMM 1997 Conf ,Cannes , France , 1997.http://acm.lib.tsinghua.edu.cn/acm/main.nsp?view = ACM
[078] J Xu, M Singhal, J Degroat. A novel cache architecture to support layer-four packet classification at memory access speeds. The INFOCOM 2000, Tel Aviv, Israel, 2000. http://ieeexplore.ieee.org
[079] P Gupta, N McKeown. Algorithms for packet classification. IEEE Network, 2001, 15 (2) : 24~32
[080] Anja Feldmann, S Muthukrishnan. Tradeoffs for packet classification. The INFOCOM 2000, 2000
[081] PODLENA J R, HENDTLASS T. An accelerated genetic algorithm. Applied Intelligence, 1998, 8: 103~111
[082] BOSA H W. Aircraft conceptual design by genetic/gradient-guided optimization. Enging. Appli. of Artif. Intelli.,1998,11:377~382
[083] 徐沾杰,马昌文,梅启智,等.用遗传算法求解一个系统可靠性优化问题.清华大学学报,1998,7:54~57
[084] Kanoh H, Matsumoto M, Nishihara S, et al. Genetic algorithms for constraint satisfaction problems. IEEE Trans.SMC,1995.626~631
[085] 秦宏启,王克峰,袁一.基于改进遗传算法的多产品连续化工过程生产调度.大连理工大学学报,1997,37(6):653~656
[086] 吴志远,邵惠鹤,吴新余.新的进化过程遗传算法.上海交通大学学报,1997,31(12):66~68
[087] Jeon Gi, K, Lee J J. Adaptive simulate annealing genetic algorithm for system identification.Enging. Applic. Artif. Intelli., 1996, 9 (5):523~532
[088] 马良.无约束多目标优化问题的算法.计算机工程与应用,1997,4:38~40
[089] Likas A, Papa Georgiou G. A connectionist approach for solving large constraint satisfaction problems. Applied Intelligence, 1997,7:215~225
[090] 吴志远,邵惠鹤,吴新余.遗传退火进化算法.上海交通大学学报,1997,31(12):69~71
[091] 田澎,王浣尘,张冬茉.全局最优化的Darwin & Boltzmann混合策略.上海交通大学学报,1996,30(11):20~27
[092] Kim J, Myung H, Jeon J. Hybrid evolutionary programming with fast convergence for constrained optimization problems. IEEE Trans. SMC,1995. 3047~3052
[093] 王耀南.基于遗传算法的模糊神经控制及其应用.系统工程与电子技术,1999,21(6):54~56
[094] 王继宏,胡建平.有限资源环境下的分层、分布式体系结构研究.计算机科学,2000,27(3):26~281
[095] 石柯.敏捷制造单元若干关键技术的研究.武汉:华中科技大学,2000
[096] KQML advisory group. An overview of KQML: a knowledge query and manipulation language.1992
[097] Foundation for Intelligent Physical Agents. FIPA 97 specification part 2: Agent communication language,Geneva,Switzerland, 1997
[098] Xiaobin Wei,Rainer Unland. An XML-Based Agent Communication Framework.In: Workshop on Agents And CSCW:A Fruitful Marriage,The GermanConference on Computer-Supported Cooperative Work(D-CSCW2000),Munich,Germany,2000
[099] Foundation for Intelligent Physical Agents.FIPA 97 specification part 2:Agent communication language,Geneva,Switzerland,1997
[100] Y Labrou,T Finin.Semantics for an Agent communication language.Intelligent Agent Ⅳ:Agent Theories,Architectures and Languages.In:M Wooldridg, M Singh, Anand Rao eds.,Springer-Verlag,Leture Notes in AI,1998:1365
[101] R. G. Smith. A Framework for Distributed Problem Solving. UMI Research Press, 1980
[102] J.Sticklen and B. Chandrasekaran. Integrating Classification-Based Compiled Level Reasoning With Function-Based Deep Level Reasoning. Special Issue on Causal Modeling, Applied Artificial Intelligence, 191~220, 1989
[103] R. Simmons and R. Davis. Generate, Test, and Debug: Combining Associational Rules andCausal Models. Proc. of IJCAI-10, 1071~1078, 1987
[104] S. Marcus. Automating Knowledge Acquisition for Expert Systems. Kluwer, Boston, 1988
[105] M. A. Musen. Automated Generation of Model-Based Knowledge-Acquisition Tools. Morgan Kaufmam, San Mateo, 1989
[106] R. G. Smith. A Framework for Distributed Problem Solving. UMI Research Press, 1980
[107] E. Durfee. Coordination of Distributed Problem Solvers. Kluwer Academic Press, 1988
[108] H. J. Levesque, P. R. Cohen, and J. H. T. Nunes. On acting together. In Proceedings of the Eighth National Conference on Artificial Intelligence (AAAI-90), pages 94~99, Boston, MA, 1990
[109] N. R. Jennings. Commitments and conventions: The foundation of coordination in multianalyzer systems. Knowledge Engineering Review, 8(3):223~250, 1993
[110] M. Wooldridge. Coherent social action. In A. Cohn, editor, Proceedings of the Eleventh European Conference on Artificial Intelligence (ECAI-94). John Wiley & Sons, August 1994
[111] 蒋建春,马恒太,任党恩,卿斯汉.网络安全入侵检测:研究综述.计算机研究与发展,2000,11(11):1460~1466
[112] 朱淼良,邱瑜.移动代理系统综述.计算机研究与发展,2001,38(1):16~25
[113] 田立勤,林闯.报文分类技术的研究与应用.计算机研究与发展,2003,40(6):765~775
[114] 俞国燕,郑时雄,刘桂雄,黄平.复杂工程问题全局优化算法研究.华南理工大学学报,2000,28(8):104~110
[115] 魏晓斌,周盛宗,Boris Bachmendo,Rainer Unland.Agent通讯机制探讨.计算机工程与应用,2002,5:66~70
[116] Chunsheng Li, Qingfeng Song, and Chengqi Zhang. MA-IDS Architecture for Distributed Intrusion Detection using Mobile Agents. In Proceedings of the 2nd International Conference on Information Technology for Application (ICITA 2004). pages 451~455, HARBIN, CN, 2004
[002] James P. Anderson. Computer security threat monitoring and surveillance. Technical Report. James P Anderson Co., Fort Washington, Pennsylvania, 1980
[003] Denning D. An Intrusion-Detection Model. IEEE transaction on Software Engineering, 1987,13(2):222-232
[004] Bauer D, Koblentz M. NIDX: a Real-Time Intrusion Detection Expert System. Proceedings of the USENIX'88 Conference, 1988, 261-272
[005] Sebring M, Shellhouse E, Hanna M, Whitehurst R. Expert System in Intrusion Detection: A Case Study. Proceedings of the 11th National Computer Security Conference, 1988,74-81
[006] Smaha S. Haystack: An Intrusion Detection System. Proceedings of the 4th Aerospace Computer Security Application Conference, pages 1988, 37-44
[007] Vaccaro H, Liepins G. Detection of Anomalous Computer Session Activity. Proceedings of the IEEE Symposium on Security and Privacy, 1989
[008] Blain L, Deswarte Y. An Intrusion Tolerant Security Server for an Open Distributed System. In European Symposium on Research in Computer Security(ESORICS), 1990, 97-104
[009] Herberlein L T, Dias G, Levitt K, Mukherjee B, Wood J, Wolber D. A network security monitor. Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy, 1990, 296-304
[010] Fox K, Henning R, Reed J, Simmonian R. A Neural Network Approach Towards Intrusion Detection. Technical report, Harris Corporation, 1990
[011] Lunt T. IDES: An intelligent System for Detecting Intruders. In Computer Security, Threats and Countermeasures, 1990
[012] Mercer L C. Fraud Detection via Regression Analysis. Computers and Security, 1990, 9(5)
[013] Teng H, Chen K and Lu S-Y. Adaptive Real-Time Anomaly Detection using Inductively Generated Sequential Patterns. Proceedings of the IEEE Symposium on Security and Privacy, 1990
[014] Mcauliffe N, Wolcott D, Schaefer L, Kelem N, Hubbard B, Haluey T. Is your Computer Being Misused? A Survey of Current Intrusion Detection System Technology. Proceedings of the IEEE Computer Security Applications Conference, 1990, 260-272
[015] L. Herberlein, G Dias, K. Levitt, B. Mukherjee, J. Wood, and D. Wolber. A Network Security Monitor. Proceedings of the IEEE Symposium on Research in Security and Privacy, 1990, 296--304
[016] S. Staniford-Chen, B. Tung, D. Schnackenberg. The common intrusion detection framework(CIDF). The 1st Information Survivability Workshop, Orlando, FL, USA, 1998
[017] Intrusion Detection Working Group. The Intrusion Detection Exchange Protocol (IDXP). http://www.ietf.org/internet-draft/draft-ietf-idwg-beep-idxp-04.txt
[018] Spafford, E. Crisis and aftermath. Communications of the ACM , 1989, 32 (6) : 678-687
[019] Heady, R., Luger, G., Maccabe, A., et al. The architecture of a network levelintrusion detection system. Technical Report, Department of Computer Science, University of New Mexico, 1990
[020] Doak, Justin. Intrusion detection: the application of feature selection--a comparison of algorithms, and the application of a wide area network analyzer [MS Thesis ]. Department of Computer Science, University of California, Davis, 1992
[021] Bian, Zhao-Qi, YAN, PING-FAN, YANG, CUN-RONG. Pattern Recognition. Beijing: Tsinghua University Press, 1988 (in Chinese)
[022] Lunt, T. F., Tamaru, A., Gilham, F., et al. A real-time intrusion detection expert system (IDES). Technical Report, Computer Science Laboratory, SRI International, Menlo Park, California, 1992
[023] Kumar, G. Classification and detection of computer intrusions [Ph. D. Thesis ]. Purdue University, 1995
[024] http://www.cs.ucsb. edu/~ kemm/NetSTAT/ documents.html
[025] He Hua-can. Introduction to Artificial Intelligence. Xi'an: Northwestern University of Technology Press, 1988 (in Chinese)
[026] Carla, T. L., Brodley, E. Temporal sequence learning and data reduction for anomaly detection. In: Reiter, Med. Proceedings of the 5th Conference on Computer and Communications Security. New York: ACM Press, 1998.150~158
[027] Carla, T. L., Broaley, E. Detecting the abnormal: machine learning in computer security. Technical Report, TR-ECE97-1, Purdue University, West Lafayette, 1997
[028] http://www.usenix.org/publications/library/proceedings/sec98/full-papers/ lee.html
[029] Hu, Kan, Xia, Shao-wei. Large data warehouse-based data mining: a survey. Journal of Software, 1998, 9 (1): 53~63( in Chinese)
[030] http://www.cs.columbia.edu/~sal/hpapers/kdd99-id. ps. gz
[031] http://www.cs.columbia.edu/~sal/hpapers/framework. ps. gz
[032] http://www.cs.columbin.edu/~sal/hpapers/alg-chapter. ps. gz
[033] Ruan, Yao-ping, Yi, Jiang-bo, Zhao, Zhan-sheng. The model and methodology of intrusion detection in computer system. Computer Engineering, 1999, 25 (9): 63~65 (in Chinese)
[034] Ilgun, K. USTAT: a real-time intrusion detection system for UNIX [MS Thesis]. Department of Computer Science,University of California, Santa Barbara, 1992
[035] J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Lsacoff. Architecture for intrusion detection using autonomous Analyzers. COAST Laboratory, Purdue University, COAST Tech Rep: 9805,1998. http://www.cerias.purdue.edu/homes/aafid/docs/tr9805.pdf
[036] S. R. Snapp, S. E. Smaha, D. M. Teal. The DIDS (distributed intrusion detection system) prototype. In: USENIX Association. Proc of the S ummer 1992 USENIX Conf.Berkeley, CA, USA: USENIX Association, 1992,227-233
[037] S. Stanford-Chen, S. Cheung, R. Crawford. GrIDS-A graph based intrusion detection system for large networks. The 19th National Information Systems Security Conference (NISSC), Baltimore, MD, USA, 1996(1):361~370
[038] P. A. Porras, P. G. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. The 20th National Information Systems Security Conference (NISSC), Baltimore, MD, USA, 1997.353-365
[039] White J E. Mobile agents. In: Bradshaw , Jeffrey eds. Software Agents, Menlo Pork, California: AAAI Press, The MIT Press, 1996
[040] Lange D B. Mobile objects and mobile agents: The future of distributed computing. In: Proc of the European Conf on Object-Oriented Programm ing'98. Brussels, 1998
[041] Chess D M, Harrison C G, Kershenbaum A. Mobile agents:Are they a good idea. IBM T J Waston Research Center, Tech Rep: RC19887.1995
[042] Stamos J W, Giffo rd D K. Implementing remote evaluation. IEEE Trans on Software Engineering, 1990,16 (7) : 710~722
[043] Lange D B, Mitsuru O shima. Seven good reasons formobile agents. Communications of the ACM , 1999, 42 (3) : 88~89
[044] Fuggetta A, Picco G P, Vigna G. Understanding code mobility. IEEE Trans on Software Engineering, 1998, 24 (5) : 342~361
[045] Fritz Hohl. The Mobile Agent List. 2000. http://mole. informatik. uni-stuttgart. De/mal/preview/preview.html
[046] Holger Peine, Torsten Stolpmann. The architecture of the ara platform for mobile agents. In: Mobile Agents--First International Work shop, MA '97. Berlin, 1997
[047] Holger Peine. An introduction to mobile agent programming and the ara system. University Kaiserslautern, Tech Rep:ZRI-Report 1/97,1997
[048] Holger Peine. Security concepts and implementation in the ara of mobile agent systems. In: Proc of IEEE WET ICE'98. Palo Alto, 1998
[049] White J. Telescript technology: An introduction to the language. General Magic White Paper GM-M-TSW P3-0495-V1, General Magic Incorporated, Sunnyvale, California, 1995
[050] Joseph Kiniry, Daniel Zimmerman. A hands-on look at Java mobile agents. IEEE Internet Computer, 1997,1(4): 21-30
[051] David Kotz et al. Agent TCL: Targeting the needs of mobile computers. IEEE Internet Computer, 1997,1 (4): 58-67
[052] Gray R S. Agent TCL: A flexible and secure mobile-agent system [PhD dissertation]. Computer Science Department, Dartmouth Co llege, Hanover, 1997
[053] Gray R S et al. D'A gents: Security in a multiple-language, mobile-agent system. In: Giovanni Vigna ed. Mobile Agents and Security, Lecture Notes in Computer Science. New York:Springer-Verlag, 1998
[054] Lange D B. Java Aglet application programming interface (JAPPI). IBM Tokyo Research Laboratory, 1997. http://www.trl.ibm.co.jp/aglets
[055] Karjoth G, Lange D B. A security model for Aglets. IEEE Internet Computer, 1997,1 (4) : 68-77
[056] Walsh T, Paciorek N , Wong D. Security and reliability in concordia. In: 31st Annual Hawaii International Conference on System Sciences (HICSS31), Kona, Hawaii, 1998
[057] Wong D et al. Concordia: An infrastructure for collaborating mobile agents. In: Mobile Agents-First International Workshop, MA '97. Berlin, 1997
[058] Reuven Koblick. Concordia. Communication of the ACM, 1999, 42 (3) : 96- 97
[059] TACOMA. Project overview. 2000. http://www.tacoma.cs.uit.no/overview.html
[060] Johansen D et al. An approach towards an agent computing environment. Department of Computer Science, University of Tromso, Tech Rep: 98233,1998
[061] Baumann J et al. Mole-concepts of a mobile agent system. WWW Journal, 1998, 1(3): 123-137
[062] Markus Straber et al. Mole--A Java based mobile agent system. In: Proc of the 2nd ECOOP Workshop on Mobile Object System s. Linz, Austria, 1996. 28-35
[063] Fritz Hohl. A model of attacks of malicious hosts against mobile agents. In: Proc of the ECOOP Workshop on Distributed Object Security and 4th Workshop on Mobile Object Systems:Secure Internet Mobile Computations. France, 1998. 105~120
[064] Fritz Hohl. Time limited blackbox security: Protecting mobile agents from malicious hosts. In: Vigna Ged. Mobile Agents and Security. New York: Springer-Verlag, 1998
[065] ObjectSpace Inc. Voyager Core Package: Technical Overview. Technical White Paper, 1997
[066] ObjectSpace Inc. A Comparison of Voyager, Odyssey, and Aglets. Technical White Paper, 1997
[067] N F Puketza , K Zhang , M Chung et al. A methodology for testing intrusion detection systems. IEEE Trans on Software Engineering, 1996 , 22 (10): 719~729
[068] Gupta, N McKeown. Packet classification on multiple fields. The ACM SIGCOMM'99, Cambridge, Massachusetts, 1999. http://acm.lib.tsinghua.edu.cn/acm/main.nsp?view = ACM
[069] T V Lakshman, D Stidialis. High speed policy-based packet forwarding using efficient multi-dimensional range matching. The ACM Sigcomm'98, 1998. http://acm. lib.tsinghua.edu.cn/acm/main.nsp?view = ACM
[070] A Hari, S Suri, G Parulkar. Detecting and resolving packet filter conflicts. INFOCOM 2000, 19th Annual Joint Conf of the IEEE Computer and Communications Societies , 2000. http://ieeexplore.ieee.org
[071] P Gupta, N McKeown. Packet classification using hierarchical intelligent cuttings. IEEE Micro, 2000 , 20 (1): 34~41
[072] V Srinivasan, S Suri, G Varghese. Packet classification using tuple space search. The ACM Sigcomm'99,1999. http://acm.lib.tsinghua.edu.cn/acm/main.nsp?vies=ACM
[073] Jvan Lunteren , A P Jengbersen. Multi-field packet classification using ternary CAM. Electronics Letters , 2002, 38 (1): 21~23
[074] E Kohler, R Morris, B Chen et al. The click modular router. ACM Trans on Computer Systems, 2000,18 (3) : 263~297
[075] V Srinivasan, G Varghese, S Suri et al. Fast and scalable layer four switching. ACM SIGCOMM Computer Communication Review(ACM SIGCOMM'98), 1998, 28 (4) : 191~202
[076] M M Buddhikot, S Suri, M Waldvogel. Space decomposition techniques for fast layer-4 switching. In: Proc of Conf on Protocols for High Speed Networks. Salem, MA, USA: Kluwer Academic Publishers,1999. 25~41
[077] A Brodnik, S Carlsson, M Degermark et al. Small forwarding tables for fast routing lookups. The ACM SIGCOMM 1997 Conf ,Cannes , France , 1997.http://acm.lib.tsinghua.edu.cn/acm/main.nsp?view = ACM
[078] J Xu, M Singhal, J Degroat. A novel cache architecture to support layer-four packet classification at memory access speeds. The INFOCOM 2000, Tel Aviv, Israel, 2000. http://ieeexplore.ieee.org
[079] P Gupta, N McKeown. Algorithms for packet classification. IEEE Network, 2001, 15 (2) : 24~32
[080] Anja Feldmann, S Muthukrishnan. Tradeoffs for packet classification. The INFOCOM 2000, 2000
[081] PODLENA J R, HENDTLASS T. An accelerated genetic algorithm. Applied Intelligence, 1998, 8: 103~111
[082] BOSA H W. Aircraft conceptual design by genetic/gradient-guided optimization. Enging. Appli. of Artif. Intelli.,1998,11:377~382
[083] 徐沾杰,马昌文,梅启智,等.用遗传算法求解一个系统可靠性优化问题.清华大学学报,1998,7:54~57
[084] Kanoh H, Matsumoto M, Nishihara S, et al. Genetic algorithms for constraint satisfaction problems. IEEE Trans.SMC,1995.626~631
[085] 秦宏启,王克峰,袁一.基于改进遗传算法的多产品连续化工过程生产调度.大连理工大学学报,1997,37(6):653~656
[086] 吴志远,邵惠鹤,吴新余.新的进化过程遗传算法.上海交通大学学报,1997,31(12):66~68
[087] Jeon Gi, K, Lee J J. Adaptive simulate annealing genetic algorithm for system identification.Enging. Applic. Artif. Intelli., 1996, 9 (5):523~532
[088] 马良.无约束多目标优化问题的算法.计算机工程与应用,1997,4:38~40
[089] Likas A, Papa Georgiou G. A connectionist approach for solving large constraint satisfaction problems. Applied Intelligence, 1997,7:215~225
[090] 吴志远,邵惠鹤,吴新余.遗传退火进化算法.上海交通大学学报,1997,31(12):69~71
[091] 田澎,王浣尘,张冬茉.全局最优化的Darwin & Boltzmann混合策略.上海交通大学学报,1996,30(11):20~27
[092] Kim J, Myung H, Jeon J. Hybrid evolutionary programming with fast convergence for constrained optimization problems. IEEE Trans. SMC,1995. 3047~3052
[093] 王耀南.基于遗传算法的模糊神经控制及其应用.系统工程与电子技术,1999,21(6):54~56
[094] 王继宏,胡建平.有限资源环境下的分层、分布式体系结构研究.计算机科学,2000,27(3):26~281
[095] 石柯.敏捷制造单元若干关键技术的研究.武汉:华中科技大学,2000
[096] KQML advisory group. An overview of KQML: a knowledge query and manipulation language.1992
[097] Foundation for Intelligent Physical Agents. FIPA 97 specification part 2: Agent communication language,Geneva,Switzerland, 1997
[098] Xiaobin Wei,Rainer Unland. An XML-Based Agent Communication Framework.In: Workshop on Agents And CSCW:A Fruitful Marriage,The GermanConference on Computer-Supported Cooperative Work(D-CSCW2000),Munich,Germany,2000
[099] Foundation for Intelligent Physical Agents.FIPA 97 specification part 2:Agent communication language,Geneva,Switzerland,1997
[100] Y Labrou,T Finin.Semantics for an Agent communication language.Intelligent Agent Ⅳ:Agent Theories,Architectures and Languages.In:M Wooldridg, M Singh, Anand Rao eds.,Springer-Verlag,Leture Notes in AI,1998:1365
[101] R. G. Smith. A Framework for Distributed Problem Solving. UMI Research Press, 1980
[102] J.Sticklen and B. Chandrasekaran. Integrating Classification-Based Compiled Level Reasoning With Function-Based Deep Level Reasoning. Special Issue on Causal Modeling, Applied Artificial Intelligence, 191~220, 1989
[103] R. Simmons and R. Davis. Generate, Test, and Debug: Combining Associational Rules andCausal Models. Proc. of IJCAI-10, 1071~1078, 1987
[104] S. Marcus. Automating Knowledge Acquisition for Expert Systems. Kluwer, Boston, 1988
[105] M. A. Musen. Automated Generation of Model-Based Knowledge-Acquisition Tools. Morgan Kaufmam, San Mateo, 1989
[106] R. G. Smith. A Framework for Distributed Problem Solving. UMI Research Press, 1980
[107] E. Durfee. Coordination of Distributed Problem Solvers. Kluwer Academic Press, 1988
[108] H. J. Levesque, P. R. Cohen, and J. H. T. Nunes. On acting together. In Proceedings of the Eighth National Conference on Artificial Intelligence (AAAI-90), pages 94~99, Boston, MA, 1990
[109] N. R. Jennings. Commitments and conventions: The foundation of coordination in multianalyzer systems. Knowledge Engineering Review, 8(3):223~250, 1993
[110] M. Wooldridge. Coherent social action. In A. Cohn, editor, Proceedings of the Eleventh European Conference on Artificial Intelligence (ECAI-94). John Wiley & Sons, August 1994
[111] 蒋建春,马恒太,任党恩,卿斯汉.网络安全入侵检测:研究综述.计算机研究与发展,2000,11(11):1460~1466
[112] 朱淼良,邱瑜.移动代理系统综述.计算机研究与发展,2001,38(1):16~25
[113] 田立勤,林闯.报文分类技术的研究与应用.计算机研究与发展,2003,40(6):765~775
[114] 俞国燕,郑时雄,刘桂雄,黄平.复杂工程问题全局优化算法研究.华南理工大学学报,2000,28(8):104~110
[115] 魏晓斌,周盛宗,Boris Bachmendo,Rainer Unland.Agent通讯机制探讨.计算机工程与应用,2002,5:66~70
[116] Chunsheng Li, Qingfeng Song, and Chengqi Zhang. MA-IDS Architecture for Distributed Intrusion Detection using Mobile Agents. In Proceedings of the 2nd International Conference on Information Technology for Application (ICITA 2004). pages 451~455, HARBIN, CN, 2004