基于免疫原理的实值编码入侵检测系统研究
|
摘要
目前在信息安全中检测未知入侵行为变得越来越重要,传统异常入侵检测模型存在正常特征简档更新、动态实时检测、分布式检测等困难。新兴的基于生物免疫系统原理的入侵检测为解决传统异常入侵检测面临的诸多难题提供了新的途径。但现有免疫入侵检测技术还处于初期阶段。
详细研究二进制编码免疫入侵检测系统,提出了该类系统检测器集的改进算法,缩减了检测器集的冗余信息量。然而二进制编码及rcb匹配规则无法有效地处理长串模式,不能适应众多特征属性下的入侵检测,难以胜任动态变化环境下的实时检测。为此,提出基于实值编码的免疫入侵检测方法,做了如下研究和创新性工作。
首次较系统地将实值编码移植到免疫入侵检测中,定义了self集合的表示、检测器的表示,建立超球体和超矩形两种模型,提出新的检测器生成方法--多峰值进化,训练可变覆盖范围的检测器,特定的适应度函数使检测器尽量填充self附近以及self实体之间的细小检测空洞,解决了在巨大的模式空间中随机生成法不能有效覆盖non-self区域的不足。分析实值编码的检测粒度特性,获得归一化时采用的最大值越小,信息损失越小,检测粒度越好的结论。
构建了超球体和超矩形系统,实验结果显示,在DARPA99网络数据集、机器学习Wine数据集上,超球体系统在检测率、误报率、non-self区域覆盖的均匀程度、不完备训练集的适应力、算法稳定性、训练时间代价等方面均优于超矩形系统;多峰值进化生成法在检测率、non-self区域覆盖的均匀程度、算法稳定性等方面均优于随机生成法;随机生成法不适用于13维的Wine数据集。多峰值进化超球体系统在KDD Cup’99数据集上进行了实验,验证了该系统能较好地适应高维数检测,得出算法的时间代价和模式维数、训练集大小都近似成线性关系的结论。
提出了利用数据的分布特性提高多峰值进化超球体系统检测精确度的方法和途径。首先建立高斯概率模型描述数据空间中模式的分布,定义聚簇等级参数表征数据点聚集成簇的程度;提供了根据特定聚簇等级生成合成数据集的方法;研究了实际数据集的聚簇特性。实验结果显示,聚簇特性越好(聚簇等级小)的数据集,检测能力越好;增加检测器数目或者降低容忍等级可以一定程度上补偿差的聚簇特性。
在此基础上,提出了扩展的self空间超球体构造模型—可变半径self球体模型(VRSSM),根据聚簇情况模式空间区域实施不同的容忍等级,在检测器训练过程中各个self超球体将具有不同的半径,提高了self/non-self界线划分的精确度。分析表明总体检测能力受数据聚簇特性和正常-异常间的平均属性偏移影响,VRSSM模型的性能则受到聚簇形状和数据点密度差异等客观因素的影响。实验结果显示合成数据集和DARPA99数据集符合VRSSM模型的假设,该模型提高了检测率,降低了误报率。
建立了多峰值进化超球体系统动态实时检测机制,包括强化的初始化训练机制,提高入侵行为高发区域覆盖率的克隆选择和基因库机制,在检测器集不断更新过程中仍然能识别遇到过的入侵行为的免疫记忆机制。提出了VRSSM的动态扩展模型(Dynamic VRSSM)。该模型用正向记忆标定正常行为密集区域,实时计算不同区域的容忍等级。分析指出,实际网络入侵检测系统激活阈值设定为1较合适。克隆个体超变异的概率过高过低都对检测不利,通过实验可找到较佳数值。网络数据集(DARPA99和KDD Cup’99)上的仿真测试结果,验证了动态实时检测机制的有效性;验证了Dynamic VRSSM模型的正确性。
结合分布式耐受和集中式耐受机制,提出了一个分布式协作体系结构原型。集成了实值编码超球体空间表达、多峰值进化检测器生成、VRSSM模型、动态实时检测机制及Dynamic VRSSM模型实现了一个单节点的实验平台,验证了上述理论的正确性和模型的可行性。
In information security areas, detecting unknown intrusion activities becomes more and more important at present, traditional anomaly detection systems face problems on following aspects: updating normal profiles; dynamic real-time detection; distributed detection. New intrusion detection approach based on Biological Immune System principle provides solutions to settle many difficulties that traditional anomaly intrusion detection encountered. But nowadays immune intrusion detection techniques are in their early stage.
Binary coded immune intrusion detection system is investigated in detail and algorithm of improving its detector set is proposed, redundant information of detector set are reduced. However, binary code and rcb matching rule are difficult to deal with long strings effectively, so hard to adapt to applications involving many features and hard to adapt to real-time intrusion detection under dynamic changing circumstance. Therefore, immune intrusion detection approach based on real value code is proposed, and following researches and innovative works are carried out.
Real value code is relative systemically transplanted to immune intrusion detection system for the first time. Self set representation, detector representation are defined; hyper-sphere and hyper-rectangle models are built to construct the pattern space. A new detector generating method -- multimodal evolution is demonstrated, it creates detectors with variable coverage, and a certain type of fitness function is used to guide the detectors evolving towards those small detection holes close to self set or among self entities, overcoming the disadvantage that random generating method cannot cover non-self areas efficiently in high dimensional space. Detection granularity characteristics of real value code are analyzed and get the conclusion that the less the value used to normalize an attribute, the less the information loss, so better detection granularity would be acquired.
Hyper-sphere and hyper-rectangle system are constructed. Experiments on DARPA99 network data set and Wine data set indicate that, hyper-sphere system gets better performances than hyper-rectangle system on aspects including detection rate, false alarm rate, stability, time cost, adaptability to incomplete training set and uniformity of coverage on non-self space; multimodal evolution generating method performs better than random generating method on aspects of detection rate, stability, uniformity of coverage on non-self space; random generating method can’t be applied to Wine data set containing 13 features. Experiments on KDD Cup’99 data set show hyper-sphere system of multimodal evolution functions well in high dimensional pattern space, and its time cost is approximately linear with dimensions and training set size.
The approaches of using distribution characteristics of data set to improve detection precision are developed for hyper-sphere system of multimodal evolution. Gauss distribution model is built to describe distribution of patterns in data space firstly, and a parameter of clustering level is specified to represent the degree that data clusters are close to Gauss cluster on shapes; Algorithm of generating synthetic data sets according to given clustering level is provided; Clustering characteristics of real data sets are analyzed. Experiments indicate that better detection ability are gained for data sets of better clustering characteristics (less clustering level); more detectors or lower tolerant level can to some extent compensate for bad clustering characteristics of data sets.
Based on above works, an extended hyper-sphere model for self space construction– VRSSM (variable radius of self sphere model) is developed, it implements different tolerant level in different areas of pattern space according to the clustering characteristics there, so self hyper-spheres will be set to variable radius in detector generating procedure, locating the boundary between self and non-self more accurately. Analysis indicates that detection ability is affected by clustering characteristics of data set and average attribute deviation between self and non-self; VRSSM effects rely on clustering characteristics and data point density difference among different areas of space. Experiments show synthetic data sets and DARPA99 network data sets follow the hypothesis of VRSSM, higher detection rate and lower false alarm rate are produced.
Following dynamic real-time detection mechanisms for hyper-sphere system of multimodal evolution are established: strengthened initial training; clonal selection and gene library, they ensure detectors cover by higher probability those areas containing more intrusion activities; memories, they ensure detectors set keeps its ability to recognize intrusions encountered before while updating continuously. Dynamic extension of VRSSM (Dynamic VRSSM) is proposed. Positive memory is used to denote dense areas of normal activities by Dynamic VRSSM in order to calculate tolerant level of different positions online. Analysis indicates that real network intrusion detection system has a suitable activation threshold of 1. Hyper-mutation probability of clonal selection should not be too high or too low, an appropriate value can be found by trial experiment. Emulation tests on network data set (DARPA99 and KDD Cup’99) show those dynamic real-time detection mechanisms are effective and Dynamic VRSSM is feasible.
A distributed cooperative architecture prototype combining both distributed tolerance and central tolerance is presented. Integrating hyper-sphere representation based on real value code, detector generating based on multimodal evolution, VRSSM, dynamic real-time detection mechanism and Dynamic VRSSM, a single node experiments platform is fulfilled, giving a proof for validities of above theories and models.
详细研究二进制编码免疫入侵检测系统,提出了该类系统检测器集的改进算法,缩减了检测器集的冗余信息量。然而二进制编码及rcb匹配规则无法有效地处理长串模式,不能适应众多特征属性下的入侵检测,难以胜任动态变化环境下的实时检测。为此,提出基于实值编码的免疫入侵检测方法,做了如下研究和创新性工作。
首次较系统地将实值编码移植到免疫入侵检测中,定义了self集合的表示、检测器的表示,建立超球体和超矩形两种模型,提出新的检测器生成方法--多峰值进化,训练可变覆盖范围的检测器,特定的适应度函数使检测器尽量填充self附近以及self实体之间的细小检测空洞,解决了在巨大的模式空间中随机生成法不能有效覆盖non-self区域的不足。分析实值编码的检测粒度特性,获得归一化时采用的最大值越小,信息损失越小,检测粒度越好的结论。
构建了超球体和超矩形系统,实验结果显示,在DARPA99网络数据集、机器学习Wine数据集上,超球体系统在检测率、误报率、non-self区域覆盖的均匀程度、不完备训练集的适应力、算法稳定性、训练时间代价等方面均优于超矩形系统;多峰值进化生成法在检测率、non-self区域覆盖的均匀程度、算法稳定性等方面均优于随机生成法;随机生成法不适用于13维的Wine数据集。多峰值进化超球体系统在KDD Cup’99数据集上进行了实验,验证了该系统能较好地适应高维数检测,得出算法的时间代价和模式维数、训练集大小都近似成线性关系的结论。
提出了利用数据的分布特性提高多峰值进化超球体系统检测精确度的方法和途径。首先建立高斯概率模型描述数据空间中模式的分布,定义聚簇等级参数表征数据点聚集成簇的程度;提供了根据特定聚簇等级生成合成数据集的方法;研究了实际数据集的聚簇特性。实验结果显示,聚簇特性越好(聚簇等级小)的数据集,检测能力越好;增加检测器数目或者降低容忍等级可以一定程度上补偿差的聚簇特性。
在此基础上,提出了扩展的self空间超球体构造模型—可变半径self球体模型(VRSSM),根据聚簇情况模式空间区域实施不同的容忍等级,在检测器训练过程中各个self超球体将具有不同的半径,提高了self/non-self界线划分的精确度。分析表明总体检测能力受数据聚簇特性和正常-异常间的平均属性偏移影响,VRSSM模型的性能则受到聚簇形状和数据点密度差异等客观因素的影响。实验结果显示合成数据集和DARPA99数据集符合VRSSM模型的假设,该模型提高了检测率,降低了误报率。
建立了多峰值进化超球体系统动态实时检测机制,包括强化的初始化训练机制,提高入侵行为高发区域覆盖率的克隆选择和基因库机制,在检测器集不断更新过程中仍然能识别遇到过的入侵行为的免疫记忆机制。提出了VRSSM的动态扩展模型(Dynamic VRSSM)。该模型用正向记忆标定正常行为密集区域,实时计算不同区域的容忍等级。分析指出,实际网络入侵检测系统激活阈值设定为1较合适。克隆个体超变异的概率过高过低都对检测不利,通过实验可找到较佳数值。网络数据集(DARPA99和KDD Cup’99)上的仿真测试结果,验证了动态实时检测机制的有效性;验证了Dynamic VRSSM模型的正确性。
结合分布式耐受和集中式耐受机制,提出了一个分布式协作体系结构原型。集成了实值编码超球体空间表达、多峰值进化检测器生成、VRSSM模型、动态实时检测机制及Dynamic VRSSM模型实现了一个单节点的实验平台,验证了上述理论的正确性和模型的可行性。
In information security areas, detecting unknown intrusion activities becomes more and more important at present, traditional anomaly detection systems face problems on following aspects: updating normal profiles; dynamic real-time detection; distributed detection. New intrusion detection approach based on Biological Immune System principle provides solutions to settle many difficulties that traditional anomaly intrusion detection encountered. But nowadays immune intrusion detection techniques are in their early stage.
Binary coded immune intrusion detection system is investigated in detail and algorithm of improving its detector set is proposed, redundant information of detector set are reduced. However, binary code and rcb matching rule are difficult to deal with long strings effectively, so hard to adapt to applications involving many features and hard to adapt to real-time intrusion detection under dynamic changing circumstance. Therefore, immune intrusion detection approach based on real value code is proposed, and following researches and innovative works are carried out.
Real value code is relative systemically transplanted to immune intrusion detection system for the first time. Self set representation, detector representation are defined; hyper-sphere and hyper-rectangle models are built to construct the pattern space. A new detector generating method -- multimodal evolution is demonstrated, it creates detectors with variable coverage, and a certain type of fitness function is used to guide the detectors evolving towards those small detection holes close to self set or among self entities, overcoming the disadvantage that random generating method cannot cover non-self areas efficiently in high dimensional space. Detection granularity characteristics of real value code are analyzed and get the conclusion that the less the value used to normalize an attribute, the less the information loss, so better detection granularity would be acquired.
Hyper-sphere and hyper-rectangle system are constructed. Experiments on DARPA99 network data set and Wine data set indicate that, hyper-sphere system gets better performances than hyper-rectangle system on aspects including detection rate, false alarm rate, stability, time cost, adaptability to incomplete training set and uniformity of coverage on non-self space; multimodal evolution generating method performs better than random generating method on aspects of detection rate, stability, uniformity of coverage on non-self space; random generating method can’t be applied to Wine data set containing 13 features. Experiments on KDD Cup’99 data set show hyper-sphere system of multimodal evolution functions well in high dimensional pattern space, and its time cost is approximately linear with dimensions and training set size.
The approaches of using distribution characteristics of data set to improve detection precision are developed for hyper-sphere system of multimodal evolution. Gauss distribution model is built to describe distribution of patterns in data space firstly, and a parameter of clustering level is specified to represent the degree that data clusters are close to Gauss cluster on shapes; Algorithm of generating synthetic data sets according to given clustering level is provided; Clustering characteristics of real data sets are analyzed. Experiments indicate that better detection ability are gained for data sets of better clustering characteristics (less clustering level); more detectors or lower tolerant level can to some extent compensate for bad clustering characteristics of data sets.
Based on above works, an extended hyper-sphere model for self space construction– VRSSM (variable radius of self sphere model) is developed, it implements different tolerant level in different areas of pattern space according to the clustering characteristics there, so self hyper-spheres will be set to variable radius in detector generating procedure, locating the boundary between self and non-self more accurately. Analysis indicates that detection ability is affected by clustering characteristics of data set and average attribute deviation between self and non-self; VRSSM effects rely on clustering characteristics and data point density difference among different areas of space. Experiments show synthetic data sets and DARPA99 network data sets follow the hypothesis of VRSSM, higher detection rate and lower false alarm rate are produced.
Following dynamic real-time detection mechanisms for hyper-sphere system of multimodal evolution are established: strengthened initial training; clonal selection and gene library, they ensure detectors cover by higher probability those areas containing more intrusion activities; memories, they ensure detectors set keeps its ability to recognize intrusions encountered before while updating continuously. Dynamic extension of VRSSM (Dynamic VRSSM) is proposed. Positive memory is used to denote dense areas of normal activities by Dynamic VRSSM in order to calculate tolerant level of different positions online. Analysis indicates that real network intrusion detection system has a suitable activation threshold of 1. Hyper-mutation probability of clonal selection should not be too high or too low, an appropriate value can be found by trial experiment. Emulation tests on network data set (DARPA99 and KDD Cup’99) show those dynamic real-time detection mechanisms are effective and Dynamic VRSSM is feasible.
A distributed cooperative architecture prototype combining both distributed tolerance and central tolerance is presented. Integrating hyper-sphere representation based on real value code, detector generating based on multimodal evolution, VRSSM, dynamic real-time detection mechanism and Dynamic VRSSM, a single node experiments platform is fulfilled, giving a proof for validities of above theories and models.
引文
[1] Heady R., Luger G., Maccabe A., et al. The Architecture of a Network Level Intrusion Detection System[R]. Technical report. Department of Computer Science, University of New Mexico, 1990
[2] Anderson, J. P., Computer Security Threat Monitoring and Surveillance, James P. Anderson Co., Fort Washington, PA, 1980
[3] Denning, D. E., An Intrusion-Detection Model, IEEE Transactions on Software Engineering, 1987, SE-13(2): 222-232
[4] Axelsson, S., Intrusion Detection Systems: A Taxonomy and Survey, Technical Report No 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, March 2000
[5] Kumar, S., Classification and Detection of Computer Intrusions, PhD Thesis, Department of Computer Science, Purdue University, August 1995
[6] Tamilarasan, A., Mukkamala, S., Sung, A.H., et al. Feature Ranking and Selection for Intrusion Detection Using Artificial Neural Networks and Statistical Methods. in International Joint Conference on Neural Networks (IJCNN '06). Vancouver, Canada. 2006. 4754-4761
[7] Sui Song, Li Ling, Manikopoulo, C.N. Flow-based Statistical Aggregation Schemes for Network Anomaly Detection. in Proceedings of the IEEE International Conference on Networking Sensing and Control (ICNSC '06). Florida, USA. 2006. 786-791
[8] Yongxuan Zhu, Xin Shan, Jun Guo. Modified genetic algorithm based feature subset selection in intrusion detection system. in IEEE International Symposium on Communications and Information Technology. Beijing, China. 2005. Vol.1: 10-13
[9] Chi Hoon Lee, Jin Wook Chung, Sung Woo Shin. Network Intrusion Detection Through Genetic Feature Selection. in 7th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing. Las Vegas, USA. 2006. 109-114
[10] Sang-Jun Han, Sung-Bae Cho. Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Transactions on Systems, Man, and Cybernetics, Part B, 2006, 36(3): 559-570
[11] Mora, F.J., Macia, F., Garcia, J.M., et al. Intrusion detection system based on growinggrid neural network. in IEEE Mediterranean Electrotechnical Conference. Malaga , Spain. 2006. 839-842
[12] Weidong Li, Kejun Zhang, Boqun Li, et al. An efficient framework for intrusion detection based on data mining. in ICSC Congress on Computational Intelligence Methods and Applications. Istanbul, Turkey. 2005
[13] Lu, C.T., Boedihardjo, A.P., Manalwar, P. Exploiting efficient data mining techniques to enhance intrusion detection systems. in IEEE International Conference on Information Reuse and Integration. Las Vegas, USA. 2005. 512-517
[14] Xia, T., Qu, G., Hariri, S., et al. An efficient network intrusion detection method based on information theory and genetic algorithm. in 24th IEEE International Performance, Computing, and Communications Conference. Phoenix, Arizona, USA. 2005. 11-17
[15] Shokri, R., Oroumchian, F., Yazdani, N. CluSID: a clustering scheme for intrusion detection improved by information theory. in 13th IEEE International Conference on Networks. Singapore. 2005. New Jersey: IEEE Press, 2005. Vol.1: 553-558
[16] Kephart, J.O. A biologically inspired immune system for computers, In: Proceedings of the Fourth International Workshop on the Synthesis and Simulation of Living Systems, 1994; 130-139
[17] Forrest, S., Perelson, A. S., Allen, L., et al. Self-nonself discrimination in a computer. In Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA: IEEE Computer Society Press. 1994
[18] S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 1998
[19] Steven Andrew Hofmeyr. An Immunological Model of Distributed Detection and Its Application to Computer Security: [PhD thesis]. University of New Mexico, 1999
[20] Kim, J. and Bentley, P. J. Towards an Artificial Immune System for Network Intrusion Detection: An Investigation of Dynamic Clonal Selection, the Congress on Evolutionary Computation (CEC-2002), Honolulu, 2002. 1015-1020
[21] Kim, J. W. Integrating Artificial Immune Algorithms for Intrusion Detection: [PhD Thesis], Department of Computer Science, University College London, 2002
[22] Stibor, T., Timmis, J., Eckert, C. On the appropriateness of negative selection defined over Hamming shape-space as a network intrusion detection system. in IEEE Congress on Evolutionary Computation. Edinburgh, United Kingdom. 2005. Vol.2: 995-1002
[23] De Castro, L. N., Von Zuben, F. J. Artificial Immune Systems: Part II - A Survey ofApplications. Technical Report - RT DCA 02/00, 2000
[24] MacKay, C. R. Immunological memory. Advanced Immunology, 1993, 53: 217-265
[25] P. D'haeseleer, S. Forrest, and P. Helman. An Immunological Approach to Change Detection: Algorithms, Analysis, and Implications. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. 1996
[26] Dasgupta, D., An Artificial Immune System as a Multi-Agent Decision Support System, proceedings of the IEEE International Conference on Systems, Man and Cybernetics (SMC), San Diego, 1998. 3816-3820
[27] De Castro, L. N., Von Zuben, F. J. Learning and Optimization Using the Clonal Selection Principle. IEEE Transactions on Evolutionary Computation, Special Issue on Artificial Immune Systems. 2001
[28] Perelson, A. S., Hightower, R., Forrest, S. Evolution and Somatic Learning in V-Region Genes. Research in Immunology, 1996. 147:202-208
[29] Smith, R., Forrest, S., and Perelson, A. Searching for diverse, cooperative populations with genetic algorithms. Evolutionary Computation, 1993. 1(2):127-149
[30] Potter, M. and De Jong, K. Cooperative co-evolution: An architecture for evolving co-adapted subcomponents. Evolutionary Computation, 2000. 8(1):1-29
[31] Gaspar, A. and Collard, P. Two models of immunization for time dependent optimization. In Proceedings of the IEEE International Conference on Systems, Man and Cybernetics. 2000
[32] Kephart J., Sorkin G., Swimmer M., et al. Artificial Immune Systems and Their Applications. Spring-verlag. Chap. Blueprint for a computer immune system, 1998. 242-260
[33] Dasgupta D., Forrest S. Artificial immune Systems and their Applications. Spring-verlag. Chap. An anomaly detection algorithm inspired by the immune system, 1998. 262-277
[34]刘才铭,张雁,赵辉等.多级免疫检测器集在分布式入侵检测中的应用.电子科技大学学报. 2007, 36(6): 1179-1182
[35]倪建成,李志蜀,孙飞显等,基于免疫Multi-agent的网络入侵检测模型.计算机工程. 2007,33(8): 23-26
[36]谷雨,赵佳枢,张天军等.基于免疫多样性的分布式入侵检测算法,西安交通大学学报. 2006,40(10): 1052-1055
[37]马占飞1, 2 ,郑雪峰.基于生物免疫机理的分布式agent入侵检测系统模型.计算机应用研究. 2008,25(3): 895-898
[38] Machado, R.B., Boukerche, A., Sobral, J.B.M., et al. A Hybrid Artificial Immune and Mobile Agent Intrusion Detection Based Model for Computer Network Operations. in Proceedings of 19th IEEE International Parallel and Distributed Processing Symposium. Denver, Colorado, USA. 2005. 1-8
[39] Ruifan Li, Cong Wang, Xuyan Tu. A new immunity-based model for network intrusion detection. in Proceedings of the IEEE Networking, Sensing and Control. Taipei, Taiwan. 2005. 106-109
[40] Zeming Zhang, Wenjian Luo, Xufa Wang. Designing Abstract Immune Mobile Agents for Distributed Intrusion Detection. in International Conference on Neural Networks and Brain. Beijing, China. 2005. Vol.2: 748-753
[41]杨洋,张凤斌,姜恩龙等.关于克隆选择算法优化检测器的研究.哈尔滨理工大学学报. 2007, 12(5): 102-104
[42]符海东,赵建峰.基于粗集理论和人工免疫的入侵检测方法.计算机工程. 2008, 34(3): 194-196
[43]左瑞娟,武永华.基于克隆选择的模糊分类规则提取算法.智能系统学报. 2007, 2(4):74-79
[44]李涛,基于免疫的网络监控模型.计算机学报. 2006,29(9): 1515-1522
[45]张瑞武,夏靖波,罗赟骞.一种基于免疫原理的动态入侵检测模型.计算机工程. 2006,32(16): 160-162
[46]许春,李涛,刘孙俊等.基于免疫危险理论的新型网络入侵检测方法研究.南京邮电大学学报(自然科学版). 2006,26(5): 80-85
[47]罗一丹,蔡自兴,王勇等.基于免疫重构的阴性选择算法.计算机科学, 2008,35(3): 149-151
[48]王辉,王科俊,于立君等.一种基于模糊思想的变阈值免疫阴性选择算法.哈尔滨工程大学学报. 2007,28(11): 1222-1227
[49] Li Zhi-tang, Li Yao, Wang Li. A novel fuzzy anomaly detection algorithm based on artificial immune system. in Proceedings of the 8th International Conference on High-Performance Computing in Asia-Pacific Region. Beijing, China. 2005. IEEE CS Press
[50] Graham, J.H., Yu, Y. Computer system security threat evaluation based upon artificial immunity model and fuzzy logic. in IEEE International Conference on Systems, Man and Cybernetics. Hawaii, USA. 2005. Vol.2: 1297-1302
[51]张泽明,罗文坚,王煦法.一种基于人工免疫的多层垃圾邮件过滤算法.电子学报. 2006,34(9): 1616-1620
[52]陈强,郑德玲.一种实数编码的免疫学习算法.计算机工程. 2007,33(3): 15-17
[53]陶新民,陈万海,郭黎利.一种新的基于模糊聚类和免疫原理的入侵监测模型.电子学报. 2006,34(7): 1329-1332
[54] Ji-Qing Xian, Feng-Hua Lang, Xian-Lun Tang. A novel intrusion detection method based on clonal selection clustering algorithm. in Proceedings of International Conference on Machine Learning and Cybernetics. Guangzhou, China. 2005. Vol.6: 3905-3910
[55] Xun Yue, Zhongxian Chi, Yanyou Hao, et al. Incremental Clustering Algorithm of Data Stream Based on Artificial Immune Network. in The 6th World Congress on Intelligent Control and Automation. Dalian, China. 2006. Vol.1: 4021-4025
[56]白琳.基于免疫遗传聚类的异常检测系统.西安邮电学院学报. 2008,13(1): 103-108
[57]程永新,许家珆,陈科.一种新型入侵检测模型及其检测器生成算法.电子科技大学学报. 2006,35(2): 235-238
[58]张雅静.用于异常检测的基因免疫检测算法.计算机工程. 2006,32(3): 151-153
[59] Weon, I.Y., Doo Heon Song, Chang-Hoon Lee, et al. A memory-based learning approach to reduce false alarms in intrusion detection. in the 7th International Conference on Advanced Communication Technology. Phoenix Park, Republic of Korea. 2005. Vol.1: 241-245
[60] Ostaszewski, M., Seredynski, F., Bouvry, P. A nonself space approach to network anomaly detection. in 20th International Parallel and Distributed Processing Symposium. Rhodes Island, Greece. 2006. IEEE Computer Society Press
[61] Yu-Fang Zhang, Gui-Hua Sun, Zhong-Yang Xiong. A Novel Method of Intrusion Detection Based on Artificial Immune System. in International Conference on Machine Learning and Cybernetics. Dalian, China. 2006. 1602-1608
[62] Tieshan Zhao, Zengzhi Li, Zemin Wang, et al. An Adaptive Intrusion Detection Algorithm Based on Improved Dynamic Clonal Selection Algorithms. in 6th International Conference on Intelligent Systems Design and Applications. Jinan, China. 2006. Vol.2: 1073-1076
[63] Sarafijanovic, S., Le Boudec, J.-Y. An artificial immune system approach with secondary response for misbehavior detection in mobile ad hoc networks. IEEE Transactions on Neural Networks, 2005, 16(5): 1076-1087
[64] Hongxia Xie, Zhengyun Hui. An Intrusion Detection Architecture for Ad Hoc Network Based on Artificial Immune System. in 7th International Conference onParallel and Distributed Computing, Applications and Technologies. Taipei, Taiwan. 2006. 1-4
[65] Guang-Yu Du, Tian-Shu Huang, Bing-Jie Zhao, et al. Dynamic self-defined immunity model base on data mining for network intrusion detection. in Proceedings of International Conference on Machine Learning and Cybernetics. Guangzhou, China. 2005. Vol.6: 3866-3870
[66] Markowska-Kaczmar, U., Kordas, B. Negative Selection based method for Multi-Class problem classification. in 6th International Conference on Intelligent Systems Design and Applications. Jinan, China. 2006. Vol.2: 1165-1170
[67] Tao Lin, He-Xu Sun, Yu-Qing Peng, et al. Research on the Network Intrusion Detection Based on the Immune System. in International Conference on Machine Learning and Cybernetics. Dalian, China. 2006. 4479-4482
[68] Purui Su, Dengguo Feng. The Design of an Artificial Immune System. in International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies. Mauritius. 2006. 195-195
[69] Seredynski, F., Bouvry, P. Some Issues in Solving the Anomaly Detection Problem using Immunological Approach. in Proceedings of 19th IEEE International Parallel and Distributed Processing Symposium. Denver, Colorado. 2005
[70] M. Sebring, E. Shellhouse, M. Hanna, et al. Expert Systems in Intrusion Detection: A Case Study. In Proceedings of the lth National Computer Security Conference, October 1988
[71] K. Jackson, D. DuBois, and C. Stallings. An expert system application for network intrusion detection. Proceedings of the 14th Department of Energy Computer Security Group Conference, 1991
[72] A. Baur and W. Weiss. Audit Trail analysis Tool for systems with high demands regarding security and access control. Technical report, ZFE F2 SOF 42, Siemens Nixdorf Software, Munchen, Nov 1988
[73] Percus, J.K., Percus, O.E., Perelson, A.S. Predicting the size of the antibody-combining region from consideration of efficient self/nonself discrimination. In Proceedings of the National Academy of Science. 1993. 90: 1691-1695
[74] Balthrop J., Esponda F., Forrest S., et al. Coverage and Generalization in an Artificial Immune System. In Proceedings of the Genetic and Evolutionary Computation Conference. (GECCO 2002), Morgan Kaufmann. New York, 2002. 3-10
[75] D’haeseleer, P. An immunological approach to change detection: Theoretical results. In Proceedings of the 9th IEEE Computer Security Foundations Workshop Los Alamitos, CA: IEEE Computer Society Press, 1996
[76] Helman, P. & Forrest, S. An Efficient Algorithm for Generating Random antibody Strings. Technical Report CS94-07, Dept. of Computer Science, University of New Mexico. 1994
[77] WierzchońS.T. Discriminative power of the receptors activated by k-contiguous bits rule, (Invited paper) Journal of Computer Science and Technology. Special Issue on Research Computer Science, 2000, 1(3): 1-13
[78] WierzchońS T. Generating optimal repertoire of antibody strings in an artificial immune system[A]. In: K?opotek M A, Michalewicz M, WierzchońS T, eds., Intelligent Information Systems[C]. Bystra, Poland, 2000. Heidelberg/New York: Physica-Verlag/Springer-Verlag, 2000. 119-133
[79] WierzchońS.T. Deriving a concise description of non-self patterns in an artificial immune system, New learning paradigms in soft computing, Physica-Verlag GmbH, Heidelberg, Germany, 2002
[80] Wang, W., Battiti, R. Identifying intrusions in computer networks with principal component analysis. in The First International Conference on Availability, Reliability and Security. Vienna, Austria. 2006. Vienna University of Technology Press
[81] León E, Nasraoui O, Gómez J. Anomaly detection based on unsupervised niche clustering with application to network intrusion detection[A]. In: Proceedings of the Congress of Evolutionary Computation[C]. Portland, Oregon, USA, 2004. Piscataway, New Jersey: IEEE Press, 2004. 502-508
[82] Nasraoui O, Cardona C, Rojas C, et al. TECNO-STREAMS: tracking evolving clusters in noisy data streams with a scalable immune system learning model[A]. In: Proc. of Third IEEE International Conference on Data Mining[C]. Melbourne, FL, 2003. Los Alamitos, CA: IEEE Computer Society Press, 2003. 235-242
[83] Zhao J B, Huang H K. An evolving intrusion detection system based on natural immune system[A]. In: Proceedings of IEEE Region 10 Conference on Computers, Communications, Control and Power Engineering[C]. Beijing, China, 2002. Beijing: Institute of Electrical and Electronics Engineers, Inc., 2002. 129-132
[84] Zhou J, Dipankar dasgupta. Augmented negative selection algorithm with variable-coverage detectors[A]. In: Proceedings of the Congress of Evolutionary Computation[C]. Portland, Oregon, USA, 2004. Piscataway, New Jersey: IEEE Press,2004. 1081-1088
[85] Dasgupta D, Gonzalez F. An immunity-based technique to characterize intrusions in computer networks[J]. Journal IEEE Transactions on Evolutionary Computation, 2002, 6(3): 281-291
[86] Fabio A, G, Dasgupta D. An immunogenetic technique to detect anomalies in network traffic[A]. In: Proceedings of the Genetic and Evolutionary Computation Conference[C]. New York, 2002. San Francisco, CA: Morgan Kaufmann Publishers, 2002. 1081-1088
[87] Gomez J, Gonzalez F, Kaniganti M, et al. An evolutionary approach to generate fuzzy anomaly (attack) signatures[A]. In: Proceedings of the Fourth Annual IEEE Information Assurance Workshop[C]. West point, NY, 2003. Piscataway, New Jersey: IEEE Press, 2003. 251-259
[88] Hou H, Dozier G. Comparing the performance of binary-coded detector and constraint-based detector[A]. In: Proceedings of the Congress of Evolutionary Computation[C]. Portland, Oregon, USA, 2004. Piscataway, New Jersey: IEEE Press, 2004. 772-777
[89] Baoguo Xu, Apin Zhang. Application of Support Vector Clustering Algorithm to Network Intrusion Detection. in 2nd International Conference on Neural Networks and Brain. Beijing, China. 2005. Vol.2: 1036-1040
[90] Dong Seong Kim, Ha-Nam Nguyen, Jong Sou Park. Genetic algorithm to improve SVM based network intrusion detection system. in 19th International Conference on Advanced Information Networking and Applications. Taipei, Taiwan. 2005. Vol.2: 155-158
[91] Wai-Tak Wong, Cheng-Yang Lai. Identifying Important Features for Intrusion Detection using Discriminant Analysis and Support Vector Machine. in 5th International Conference on Machine Learning and Cybernetics. Dalian, China. 2006. 3563-3567
[92] Dasgupta D, Gonzalez F. Evolving complex fuzzy classifier rules using a linear tree genetic algorithm. In the Proceedings of the Genetic and Evolutionary Computation Conference. San Francisco, 2001. San Francisco, CA: Morgan Kaufmann Publishers, 2001. 299-305
[93] D. Beasley, D.R. Bull, and R.R. Martin. A sequential niche technique for multimodal function optimization. Evolutionary Computation, 1993. 1(2):101-125
[94] Gonzalez L, Cannady J. A Self-adaptive Negative Selection approach for AnomalyDetection. In Proceedings of the Congress on Evolutionary Computation. Portland, Oregon, USA, 2004. Piscataway, New Jersey: IEEE Press, 2004. 1561-1568
[95] Mahfoud S W. Crowding and Preselection revisited [A]. In: Manner R, Manderick B, eds., Parallel Problem Solving from Nature– II [C]. Amsterdam, Netherlands: Elsevier Science, 1992. 27-36
[96] Hettich S, Blake C L, Merz C J. UCI Repository of machine learning databases[EB/OL]. Irvine, CA: University of California, Department of Information and Computer Science, 1998-03. http://www.ics.uci.edu/~mlearn/MLRepository.html
[97] Lincoln Laboratory. Massachusetts Institute of Technology. DARPA 99 Intrusion Detection Data Set[EB/OL]. 2001-04. http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html
[98] KDD Cup’99 data set.[EB/OL]. 1999. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[99] Weng Guang'an, Yu Shengsheng, Zhou Jingli. Multimodal Evolution Approach to Multidimensional Intrusion Detection. Journal of Southwest Jiaotong University. 2006, 14(3): 212-217
[100] Li, X.Y. Clustering and classification algorithm for computer intrusion detection: [Ph.D. thesis], Arizona State University. 2001
[101] Feng, Y., Wu, Z.F., Wu, K.G., et al. An Unsupervised Anomaly Intrusion Detection Algorithm Based On Swarm Intelligence. In: Proceedings of the Fourth International Conference on Machine Learning and Cybernetics, Guangzhou, August 2005
[102] Du, GY; Huang, TS; Zhao, BJ; et al. Dynamic self-defined immunity model base on data mining for network intrusion detection. In 4th International Conference on Machine Learning and Cybernetics. Wuhan, China, August, 2005
[103] Xun Yue, Zhong-xian Chi, Yan-you Hao, et al. Incremental Clustering Algorithm of Data Stream Based on Artificial Immune Network. In The Sixth World Congress on Intelligent Control and Automation (WCICA), Dalian, China. 2006. 4021-4025
[104] Jiu-Ling Zhao, Jiu-Fen Zhao, Jian-Jun Li. Intrusion detection based on clustering genetic algorithm. In Proceedings of 2005 International Conference on Machine Learning and Cybernetics, Aug. 2005. Vol.(6): 3911-3914
[105] A. Ghoting and S. Parthasarathy. Facilitating Interactive Distributed Data Stream Processing and Mining. In Proceedings of the 18th IEEE International Parallel and Distributed Processing Symposium (IPDPS), 2004
[106] John Zhong Lei, Ali Ghorbani. Network Intrusion Detection Using an ImprovedCompetitive Learning Neural Network. In the Second Annual Conference on Communication Networks and Services Research (CNSR'04), 2004. 190-197
[107] H. G. Kayacik, A. N. Zincir-Heywood, M. I. Heywood. On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection. In the Second Annual Conference on Communication Networks and Services Research (CNSR'04), 2004. 181-189
[108] S. Mathew, D. Britt, R. Giomundo, et al. Real-time Multistage Attack Awareness through Enhanced Intrusion Alert Clustering. In Situation Management Workshop (SIMA 2005), MILCOM 2005 Atlantic City, NJ, October 2005. Vol.(3): 1801-1806
[109] Shi Zhong, Khoshgoftaar T.M., Nath S.V. A clustering approach to wireless network intrusion detection. In: 17th IEEE International Conference on Tools with Artificial Intelligence. 2005
[110] Yang J., Huang S.-H.S., Wan M.D. A clustering-partitioning algorithm to find TCP packet round-trip time for intrusion detection. In: 20th International Conference on Advanced Information Networking and Applications, 2006
[111] Zhong Yong, Qin Xiaolin, Dong-Mei Lin, An Intrusion Detection Method Based on Clustering Multidimensional Sets[A]. In Proceedings of Fourth International Conference on Machine Learning and Cybernetics [C]. DaLian, China, Aug. 2006
[112] Witcha Chimphlee, Abdul Hanan Abdullah, Mohd Noor Md Sap, et al. Anomaly-Based Intrusion Detection using Fuzzy Rough Clustering. In International Conference on Hybrid Information Technology, 2006. Vol.(1): 329-334
[113] Sang-Hyun Oh, Jin-Suk Kang, Yung-Cheol Byun, et al. Intrusion detection based on clustering a data stream. In: Third ACIS International Conference on Software Engineering Research, Management and Applications, 2005. 220-227
[114] G.S. Knight, L. Carosielli. Detecting Malicious Use With Unlabelled Data Using Clustering and Outlier Analysis. In 18th International Conference on Information Security, Athens. Kluwer Academic Publishers, May 2003
[115] Lee W. A data mining framework for constructing features and models for intrusion detection systems: [Ph.D. Thesis]. New York: Columbia University, 1999
[116] T. Xia, Guang-zhi Qu, Salim Hariri, et al. An efficient network intrusion detection method based on information theory and genetic algorithm. In 24th IEEE International Conference on Performance, Computing, and Communications, 2005. 11-17
[117] P. Scheunders. A genetic c-means clustering algorithm applied to color imagequantization. Pattern Recognition. 1997. 30(6): 859-866
[118]翁广安,余胜生,周敬利.一种新的多峰值进化异常入侵检测方法.小型微型计算机系统. 2008, 29(6)
[119]翁广安,余胜生,周敬利.改进的球形检测器入侵检测算法.华中科技大学学报(自然科学版). 2008, 36(4): 51-53
[120] Sergio de Paula, F., Nunes de Castro, L. et al. An intrusion detection system using ideas from the immune system. In: Proceedings of the 2004 IEEE Congress on Evolutionary Computation, Portland, Oregon. IEEE Press. 2004. 1059-1066
[2] Anderson, J. P., Computer Security Threat Monitoring and Surveillance, James P. Anderson Co., Fort Washington, PA, 1980
[3] Denning, D. E., An Intrusion-Detection Model, IEEE Transactions on Software Engineering, 1987, SE-13(2): 222-232
[4] Axelsson, S., Intrusion Detection Systems: A Taxonomy and Survey, Technical Report No 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, March 2000
[5] Kumar, S., Classification and Detection of Computer Intrusions, PhD Thesis, Department of Computer Science, Purdue University, August 1995
[6] Tamilarasan, A., Mukkamala, S., Sung, A.H., et al. Feature Ranking and Selection for Intrusion Detection Using Artificial Neural Networks and Statistical Methods. in International Joint Conference on Neural Networks (IJCNN '06). Vancouver, Canada. 2006. 4754-4761
[7] Sui Song, Li Ling, Manikopoulo, C.N. Flow-based Statistical Aggregation Schemes for Network Anomaly Detection. in Proceedings of the IEEE International Conference on Networking Sensing and Control (ICNSC '06). Florida, USA. 2006. 786-791
[8] Yongxuan Zhu, Xin Shan, Jun Guo. Modified genetic algorithm based feature subset selection in intrusion detection system. in IEEE International Symposium on Communications and Information Technology. Beijing, China. 2005. Vol.1: 10-13
[9] Chi Hoon Lee, Jin Wook Chung, Sung Woo Shin. Network Intrusion Detection Through Genetic Feature Selection. in 7th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing. Las Vegas, USA. 2006. 109-114
[10] Sang-Jun Han, Sung-Bae Cho. Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Transactions on Systems, Man, and Cybernetics, Part B, 2006, 36(3): 559-570
[11] Mora, F.J., Macia, F., Garcia, J.M., et al. Intrusion detection system based on growinggrid neural network. in IEEE Mediterranean Electrotechnical Conference. Malaga , Spain. 2006. 839-842
[12] Weidong Li, Kejun Zhang, Boqun Li, et al. An efficient framework for intrusion detection based on data mining. in ICSC Congress on Computational Intelligence Methods and Applications. Istanbul, Turkey. 2005
[13] Lu, C.T., Boedihardjo, A.P., Manalwar, P. Exploiting efficient data mining techniques to enhance intrusion detection systems. in IEEE International Conference on Information Reuse and Integration. Las Vegas, USA. 2005. 512-517
[14] Xia, T., Qu, G., Hariri, S., et al. An efficient network intrusion detection method based on information theory and genetic algorithm. in 24th IEEE International Performance, Computing, and Communications Conference. Phoenix, Arizona, USA. 2005. 11-17
[15] Shokri, R., Oroumchian, F., Yazdani, N. CluSID: a clustering scheme for intrusion detection improved by information theory. in 13th IEEE International Conference on Networks. Singapore. 2005. New Jersey: IEEE Press, 2005. Vol.1: 553-558
[16] Kephart, J.O. A biologically inspired immune system for computers, In: Proceedings of the Fourth International Workshop on the Synthesis and Simulation of Living Systems, 1994; 130-139
[17] Forrest, S., Perelson, A. S., Allen, L., et al. Self-nonself discrimination in a computer. In Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA: IEEE Computer Society Press. 1994
[18] S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 1998
[19] Steven Andrew Hofmeyr. An Immunological Model of Distributed Detection and Its Application to Computer Security: [PhD thesis]. University of New Mexico, 1999
[20] Kim, J. and Bentley, P. J. Towards an Artificial Immune System for Network Intrusion Detection: An Investigation of Dynamic Clonal Selection, the Congress on Evolutionary Computation (CEC-2002), Honolulu, 2002. 1015-1020
[21] Kim, J. W. Integrating Artificial Immune Algorithms for Intrusion Detection: [PhD Thesis], Department of Computer Science, University College London, 2002
[22] Stibor, T., Timmis, J., Eckert, C. On the appropriateness of negative selection defined over Hamming shape-space as a network intrusion detection system. in IEEE Congress on Evolutionary Computation. Edinburgh, United Kingdom. 2005. Vol.2: 995-1002
[23] De Castro, L. N., Von Zuben, F. J. Artificial Immune Systems: Part II - A Survey ofApplications. Technical Report - RT DCA 02/00, 2000
[24] MacKay, C. R. Immunological memory. Advanced Immunology, 1993, 53: 217-265
[25] P. D'haeseleer, S. Forrest, and P. Helman. An Immunological Approach to Change Detection: Algorithms, Analysis, and Implications. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy. 1996
[26] Dasgupta, D., An Artificial Immune System as a Multi-Agent Decision Support System, proceedings of the IEEE International Conference on Systems, Man and Cybernetics (SMC), San Diego, 1998. 3816-3820
[27] De Castro, L. N., Von Zuben, F. J. Learning and Optimization Using the Clonal Selection Principle. IEEE Transactions on Evolutionary Computation, Special Issue on Artificial Immune Systems. 2001
[28] Perelson, A. S., Hightower, R., Forrest, S. Evolution and Somatic Learning in V-Region Genes. Research in Immunology, 1996. 147:202-208
[29] Smith, R., Forrest, S., and Perelson, A. Searching for diverse, cooperative populations with genetic algorithms. Evolutionary Computation, 1993. 1(2):127-149
[30] Potter, M. and De Jong, K. Cooperative co-evolution: An architecture for evolving co-adapted subcomponents. Evolutionary Computation, 2000. 8(1):1-29
[31] Gaspar, A. and Collard, P. Two models of immunization for time dependent optimization. In Proceedings of the IEEE International Conference on Systems, Man and Cybernetics. 2000
[32] Kephart J., Sorkin G., Swimmer M., et al. Artificial Immune Systems and Their Applications. Spring-verlag. Chap. Blueprint for a computer immune system, 1998. 242-260
[33] Dasgupta D., Forrest S. Artificial immune Systems and their Applications. Spring-verlag. Chap. An anomaly detection algorithm inspired by the immune system, 1998. 262-277
[34]刘才铭,张雁,赵辉等.多级免疫检测器集在分布式入侵检测中的应用.电子科技大学学报. 2007, 36(6): 1179-1182
[35]倪建成,李志蜀,孙飞显等,基于免疫Multi-agent的网络入侵检测模型.计算机工程. 2007,33(8): 23-26
[36]谷雨,赵佳枢,张天军等.基于免疫多样性的分布式入侵检测算法,西安交通大学学报. 2006,40(10): 1052-1055
[37]马占飞1, 2 ,郑雪峰.基于生物免疫机理的分布式agent入侵检测系统模型.计算机应用研究. 2008,25(3): 895-898
[38] Machado, R.B., Boukerche, A., Sobral, J.B.M., et al. A Hybrid Artificial Immune and Mobile Agent Intrusion Detection Based Model for Computer Network Operations. in Proceedings of 19th IEEE International Parallel and Distributed Processing Symposium. Denver, Colorado, USA. 2005. 1-8
[39] Ruifan Li, Cong Wang, Xuyan Tu. A new immunity-based model for network intrusion detection. in Proceedings of the IEEE Networking, Sensing and Control. Taipei, Taiwan. 2005. 106-109
[40] Zeming Zhang, Wenjian Luo, Xufa Wang. Designing Abstract Immune Mobile Agents for Distributed Intrusion Detection. in International Conference on Neural Networks and Brain. Beijing, China. 2005. Vol.2: 748-753
[41]杨洋,张凤斌,姜恩龙等.关于克隆选择算法优化检测器的研究.哈尔滨理工大学学报. 2007, 12(5): 102-104
[42]符海东,赵建峰.基于粗集理论和人工免疫的入侵检测方法.计算机工程. 2008, 34(3): 194-196
[43]左瑞娟,武永华.基于克隆选择的模糊分类规则提取算法.智能系统学报. 2007, 2(4):74-79
[44]李涛,基于免疫的网络监控模型.计算机学报. 2006,29(9): 1515-1522
[45]张瑞武,夏靖波,罗赟骞.一种基于免疫原理的动态入侵检测模型.计算机工程. 2006,32(16): 160-162
[46]许春,李涛,刘孙俊等.基于免疫危险理论的新型网络入侵检测方法研究.南京邮电大学学报(自然科学版). 2006,26(5): 80-85
[47]罗一丹,蔡自兴,王勇等.基于免疫重构的阴性选择算法.计算机科学, 2008,35(3): 149-151
[48]王辉,王科俊,于立君等.一种基于模糊思想的变阈值免疫阴性选择算法.哈尔滨工程大学学报. 2007,28(11): 1222-1227
[49] Li Zhi-tang, Li Yao, Wang Li. A novel fuzzy anomaly detection algorithm based on artificial immune system. in Proceedings of the 8th International Conference on High-Performance Computing in Asia-Pacific Region. Beijing, China. 2005. IEEE CS Press
[50] Graham, J.H., Yu, Y. Computer system security threat evaluation based upon artificial immunity model and fuzzy logic. in IEEE International Conference on Systems, Man and Cybernetics. Hawaii, USA. 2005. Vol.2: 1297-1302
[51]张泽明,罗文坚,王煦法.一种基于人工免疫的多层垃圾邮件过滤算法.电子学报. 2006,34(9): 1616-1620
[52]陈强,郑德玲.一种实数编码的免疫学习算法.计算机工程. 2007,33(3): 15-17
[53]陶新民,陈万海,郭黎利.一种新的基于模糊聚类和免疫原理的入侵监测模型.电子学报. 2006,34(7): 1329-1332
[54] Ji-Qing Xian, Feng-Hua Lang, Xian-Lun Tang. A novel intrusion detection method based on clonal selection clustering algorithm. in Proceedings of International Conference on Machine Learning and Cybernetics. Guangzhou, China. 2005. Vol.6: 3905-3910
[55] Xun Yue, Zhongxian Chi, Yanyou Hao, et al. Incremental Clustering Algorithm of Data Stream Based on Artificial Immune Network. in The 6th World Congress on Intelligent Control and Automation. Dalian, China. 2006. Vol.1: 4021-4025
[56]白琳.基于免疫遗传聚类的异常检测系统.西安邮电学院学报. 2008,13(1): 103-108
[57]程永新,许家珆,陈科.一种新型入侵检测模型及其检测器生成算法.电子科技大学学报. 2006,35(2): 235-238
[58]张雅静.用于异常检测的基因免疫检测算法.计算机工程. 2006,32(3): 151-153
[59] Weon, I.Y., Doo Heon Song, Chang-Hoon Lee, et al. A memory-based learning approach to reduce false alarms in intrusion detection. in the 7th International Conference on Advanced Communication Technology. Phoenix Park, Republic of Korea. 2005. Vol.1: 241-245
[60] Ostaszewski, M., Seredynski, F., Bouvry, P. A nonself space approach to network anomaly detection. in 20th International Parallel and Distributed Processing Symposium. Rhodes Island, Greece. 2006. IEEE Computer Society Press
[61] Yu-Fang Zhang, Gui-Hua Sun, Zhong-Yang Xiong. A Novel Method of Intrusion Detection Based on Artificial Immune System. in International Conference on Machine Learning and Cybernetics. Dalian, China. 2006. 1602-1608
[62] Tieshan Zhao, Zengzhi Li, Zemin Wang, et al. An Adaptive Intrusion Detection Algorithm Based on Improved Dynamic Clonal Selection Algorithms. in 6th International Conference on Intelligent Systems Design and Applications. Jinan, China. 2006. Vol.2: 1073-1076
[63] Sarafijanovic, S., Le Boudec, J.-Y. An artificial immune system approach with secondary response for misbehavior detection in mobile ad hoc networks. IEEE Transactions on Neural Networks, 2005, 16(5): 1076-1087
[64] Hongxia Xie, Zhengyun Hui. An Intrusion Detection Architecture for Ad Hoc Network Based on Artificial Immune System. in 7th International Conference onParallel and Distributed Computing, Applications and Technologies. Taipei, Taiwan. 2006. 1-4
[65] Guang-Yu Du, Tian-Shu Huang, Bing-Jie Zhao, et al. Dynamic self-defined immunity model base on data mining for network intrusion detection. in Proceedings of International Conference on Machine Learning and Cybernetics. Guangzhou, China. 2005. Vol.6: 3866-3870
[66] Markowska-Kaczmar, U., Kordas, B. Negative Selection based method for Multi-Class problem classification. in 6th International Conference on Intelligent Systems Design and Applications. Jinan, China. 2006. Vol.2: 1165-1170
[67] Tao Lin, He-Xu Sun, Yu-Qing Peng, et al. Research on the Network Intrusion Detection Based on the Immune System. in International Conference on Machine Learning and Cybernetics. Dalian, China. 2006. 4479-4482
[68] Purui Su, Dengguo Feng. The Design of an Artificial Immune System. in International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies. Mauritius. 2006. 195-195
[69] Seredynski, F., Bouvry, P. Some Issues in Solving the Anomaly Detection Problem using Immunological Approach. in Proceedings of 19th IEEE International Parallel and Distributed Processing Symposium. Denver, Colorado. 2005
[70] M. Sebring, E. Shellhouse, M. Hanna, et al. Expert Systems in Intrusion Detection: A Case Study. In Proceedings of the lth National Computer Security Conference, October 1988
[71] K. Jackson, D. DuBois, and C. Stallings. An expert system application for network intrusion detection. Proceedings of the 14th Department of Energy Computer Security Group Conference, 1991
[72] A. Baur and W. Weiss. Audit Trail analysis Tool for systems with high demands regarding security and access control. Technical report, ZFE F2 SOF 42, Siemens Nixdorf Software, Munchen, Nov 1988
[73] Percus, J.K., Percus, O.E., Perelson, A.S. Predicting the size of the antibody-combining region from consideration of efficient self/nonself discrimination. In Proceedings of the National Academy of Science. 1993. 90: 1691-1695
[74] Balthrop J., Esponda F., Forrest S., et al. Coverage and Generalization in an Artificial Immune System. In Proceedings of the Genetic and Evolutionary Computation Conference. (GECCO 2002), Morgan Kaufmann. New York, 2002. 3-10
[75] D’haeseleer, P. An immunological approach to change detection: Theoretical results. In Proceedings of the 9th IEEE Computer Security Foundations Workshop Los Alamitos, CA: IEEE Computer Society Press, 1996
[76] Helman, P. & Forrest, S. An Efficient Algorithm for Generating Random antibody Strings. Technical Report CS94-07, Dept. of Computer Science, University of New Mexico. 1994
[77] WierzchońS.T. Discriminative power of the receptors activated by k-contiguous bits rule, (Invited paper) Journal of Computer Science and Technology. Special Issue on Research Computer Science, 2000, 1(3): 1-13
[78] WierzchońS T. Generating optimal repertoire of antibody strings in an artificial immune system[A]. In: K?opotek M A, Michalewicz M, WierzchońS T, eds., Intelligent Information Systems[C]. Bystra, Poland, 2000. Heidelberg/New York: Physica-Verlag/Springer-Verlag, 2000. 119-133
[79] WierzchońS.T. Deriving a concise description of non-self patterns in an artificial immune system, New learning paradigms in soft computing, Physica-Verlag GmbH, Heidelberg, Germany, 2002
[80] Wang, W., Battiti, R. Identifying intrusions in computer networks with principal component analysis. in The First International Conference on Availability, Reliability and Security. Vienna, Austria. 2006. Vienna University of Technology Press
[81] León E, Nasraoui O, Gómez J. Anomaly detection based on unsupervised niche clustering with application to network intrusion detection[A]. In: Proceedings of the Congress of Evolutionary Computation[C]. Portland, Oregon, USA, 2004. Piscataway, New Jersey: IEEE Press, 2004. 502-508
[82] Nasraoui O, Cardona C, Rojas C, et al. TECNO-STREAMS: tracking evolving clusters in noisy data streams with a scalable immune system learning model[A]. In: Proc. of Third IEEE International Conference on Data Mining[C]. Melbourne, FL, 2003. Los Alamitos, CA: IEEE Computer Society Press, 2003. 235-242
[83] Zhao J B, Huang H K. An evolving intrusion detection system based on natural immune system[A]. In: Proceedings of IEEE Region 10 Conference on Computers, Communications, Control and Power Engineering[C]. Beijing, China, 2002. Beijing: Institute of Electrical and Electronics Engineers, Inc., 2002. 129-132
[84] Zhou J, Dipankar dasgupta. Augmented negative selection algorithm with variable-coverage detectors[A]. In: Proceedings of the Congress of Evolutionary Computation[C]. Portland, Oregon, USA, 2004. Piscataway, New Jersey: IEEE Press,2004. 1081-1088
[85] Dasgupta D, Gonzalez F. An immunity-based technique to characterize intrusions in computer networks[J]. Journal IEEE Transactions on Evolutionary Computation, 2002, 6(3): 281-291
[86] Fabio A, G, Dasgupta D. An immunogenetic technique to detect anomalies in network traffic[A]. In: Proceedings of the Genetic and Evolutionary Computation Conference[C]. New York, 2002. San Francisco, CA: Morgan Kaufmann Publishers, 2002. 1081-1088
[87] Gomez J, Gonzalez F, Kaniganti M, et al. An evolutionary approach to generate fuzzy anomaly (attack) signatures[A]. In: Proceedings of the Fourth Annual IEEE Information Assurance Workshop[C]. West point, NY, 2003. Piscataway, New Jersey: IEEE Press, 2003. 251-259
[88] Hou H, Dozier G. Comparing the performance of binary-coded detector and constraint-based detector[A]. In: Proceedings of the Congress of Evolutionary Computation[C]. Portland, Oregon, USA, 2004. Piscataway, New Jersey: IEEE Press, 2004. 772-777
[89] Baoguo Xu, Apin Zhang. Application of Support Vector Clustering Algorithm to Network Intrusion Detection. in 2nd International Conference on Neural Networks and Brain. Beijing, China. 2005. Vol.2: 1036-1040
[90] Dong Seong Kim, Ha-Nam Nguyen, Jong Sou Park. Genetic algorithm to improve SVM based network intrusion detection system. in 19th International Conference on Advanced Information Networking and Applications. Taipei, Taiwan. 2005. Vol.2: 155-158
[91] Wai-Tak Wong, Cheng-Yang Lai. Identifying Important Features for Intrusion Detection using Discriminant Analysis and Support Vector Machine. in 5th International Conference on Machine Learning and Cybernetics. Dalian, China. 2006. 3563-3567
[92] Dasgupta D, Gonzalez F. Evolving complex fuzzy classifier rules using a linear tree genetic algorithm. In the Proceedings of the Genetic and Evolutionary Computation Conference. San Francisco, 2001. San Francisco, CA: Morgan Kaufmann Publishers, 2001. 299-305
[93] D. Beasley, D.R. Bull, and R.R. Martin. A sequential niche technique for multimodal function optimization. Evolutionary Computation, 1993. 1(2):101-125
[94] Gonzalez L, Cannady J. A Self-adaptive Negative Selection approach for AnomalyDetection. In Proceedings of the Congress on Evolutionary Computation. Portland, Oregon, USA, 2004. Piscataway, New Jersey: IEEE Press, 2004. 1561-1568
[95] Mahfoud S W. Crowding and Preselection revisited [A]. In: Manner R, Manderick B, eds., Parallel Problem Solving from Nature– II [C]. Amsterdam, Netherlands: Elsevier Science, 1992. 27-36
[96] Hettich S, Blake C L, Merz C J. UCI Repository of machine learning databases[EB/OL]. Irvine, CA: University of California, Department of Information and Computer Science, 1998-03. http://www.ics.uci.edu/~mlearn/MLRepository.html
[97] Lincoln Laboratory. Massachusetts Institute of Technology. DARPA 99 Intrusion Detection Data Set[EB/OL]. 2001-04. http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html
[98] KDD Cup’99 data set.[EB/OL]. 1999. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[99] Weng Guang'an, Yu Shengsheng, Zhou Jingli. Multimodal Evolution Approach to Multidimensional Intrusion Detection. Journal of Southwest Jiaotong University. 2006, 14(3): 212-217
[100] Li, X.Y. Clustering and classification algorithm for computer intrusion detection: [Ph.D. thesis], Arizona State University. 2001
[101] Feng, Y., Wu, Z.F., Wu, K.G., et al. An Unsupervised Anomaly Intrusion Detection Algorithm Based On Swarm Intelligence. In: Proceedings of the Fourth International Conference on Machine Learning and Cybernetics, Guangzhou, August 2005
[102] Du, GY; Huang, TS; Zhao, BJ; et al. Dynamic self-defined immunity model base on data mining for network intrusion detection. In 4th International Conference on Machine Learning and Cybernetics. Wuhan, China, August, 2005
[103] Xun Yue, Zhong-xian Chi, Yan-you Hao, et al. Incremental Clustering Algorithm of Data Stream Based on Artificial Immune Network. In The Sixth World Congress on Intelligent Control and Automation (WCICA), Dalian, China. 2006. 4021-4025
[104] Jiu-Ling Zhao, Jiu-Fen Zhao, Jian-Jun Li. Intrusion detection based on clustering genetic algorithm. In Proceedings of 2005 International Conference on Machine Learning and Cybernetics, Aug. 2005. Vol.(6): 3911-3914
[105] A. Ghoting and S. Parthasarathy. Facilitating Interactive Distributed Data Stream Processing and Mining. In Proceedings of the 18th IEEE International Parallel and Distributed Processing Symposium (IPDPS), 2004
[106] John Zhong Lei, Ali Ghorbani. Network Intrusion Detection Using an ImprovedCompetitive Learning Neural Network. In the Second Annual Conference on Communication Networks and Services Research (CNSR'04), 2004. 190-197
[107] H. G. Kayacik, A. N. Zincir-Heywood, M. I. Heywood. On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection. In the Second Annual Conference on Communication Networks and Services Research (CNSR'04), 2004. 181-189
[108] S. Mathew, D. Britt, R. Giomundo, et al. Real-time Multistage Attack Awareness through Enhanced Intrusion Alert Clustering. In Situation Management Workshop (SIMA 2005), MILCOM 2005 Atlantic City, NJ, October 2005. Vol.(3): 1801-1806
[109] Shi Zhong, Khoshgoftaar T.M., Nath S.V. A clustering approach to wireless network intrusion detection. In: 17th IEEE International Conference on Tools with Artificial Intelligence. 2005
[110] Yang J., Huang S.-H.S., Wan M.D. A clustering-partitioning algorithm to find TCP packet round-trip time for intrusion detection. In: 20th International Conference on Advanced Information Networking and Applications, 2006
[111] Zhong Yong, Qin Xiaolin, Dong-Mei Lin, An Intrusion Detection Method Based on Clustering Multidimensional Sets[A]. In Proceedings of Fourth International Conference on Machine Learning and Cybernetics [C]. DaLian, China, Aug. 2006
[112] Witcha Chimphlee, Abdul Hanan Abdullah, Mohd Noor Md Sap, et al. Anomaly-Based Intrusion Detection using Fuzzy Rough Clustering. In International Conference on Hybrid Information Technology, 2006. Vol.(1): 329-334
[113] Sang-Hyun Oh, Jin-Suk Kang, Yung-Cheol Byun, et al. Intrusion detection based on clustering a data stream. In: Third ACIS International Conference on Software Engineering Research, Management and Applications, 2005. 220-227
[114] G.S. Knight, L. Carosielli. Detecting Malicious Use With Unlabelled Data Using Clustering and Outlier Analysis. In 18th International Conference on Information Security, Athens. Kluwer Academic Publishers, May 2003
[115] Lee W. A data mining framework for constructing features and models for intrusion detection systems: [Ph.D. Thesis]. New York: Columbia University, 1999
[116] T. Xia, Guang-zhi Qu, Salim Hariri, et al. An efficient network intrusion detection method based on information theory and genetic algorithm. In 24th IEEE International Conference on Performance, Computing, and Communications, 2005. 11-17
[117] P. Scheunders. A genetic c-means clustering algorithm applied to color imagequantization. Pattern Recognition. 1997. 30(6): 859-866
[118]翁广安,余胜生,周敬利.一种新的多峰值进化异常入侵检测方法.小型微型计算机系统. 2008, 29(6)
[119]翁广安,余胜生,周敬利.改进的球形检测器入侵检测算法.华中科技大学学报(自然科学版). 2008, 36(4): 51-53
[120] Sergio de Paula, F., Nunes de Castro, L. et al. An intrusion detection system using ideas from the immune system. In: Proceedings of the 2004 IEEE Congress on Evolutionary Computation, Portland, Oregon. IEEE Press. 2004. 1059-1066