基于免疫原理的入侵检测模型及算法研究
|
摘要
网络的安全问题越来越受到人们的重视。研究人员围绕如何有效检测出系统和网络中的异常行为进行了大量深入性的探讨。由于生物免疫系统承担着与入侵检测系统类似的任务并且能够比较圆满地完成检测异常、保护生物体正常工作的任务,因而研究如何将生物免疫原理应用于入侵检测从而设计出高性能的入侵检测系统具有一定的理论价值和很重要的实际意义。这也使得基于免疫原理的入侵检测成为近年来入侵检测领域的一个研究热点,它的突出特点就是利用生物体免疫系统的原理、规则和机制来实现对入侵行为的检测和反应。
本文首先介绍了网络安全以及入侵检测的国内外现状和发展趋势,接着阐述了生物免疫系统及其免疫学的基础知识,在此基础上,结合理论分析与仿真实验对生物免疫系统的正选择算法和负选择算法进行了对比研究。理论分析和仿真实验结果都表明,在抽样集很大的情况下,负选择算法具有较高的性价比。入侵检测需要处理网络中的海量数据,因此负选择方法适用于基于免疫学的入侵检测系统的研究。
论文对入侵检测问题的负选择方法进行了全面、系统的形式化描述,针对负选择方法检测效率不如正选择方法的问题,首次提出结合马氏距离,改进负选择方法来提高检测效率。先从理论上分析此方法的可行性,然后利用仿真实验来证明。
自主设计并实现了一个基于免疫学的入侵检测系统原型,并从数据收集、特征提取、模式构造、检测入侵、报告响应、系统优化等方面阐述了相应的实现思想。论文采用实际网络环境中收集的数据集对原型系统进行了测试。实验结果表明,此系统可以很好地检测出网络中的异常行为,达到了预期目标。
People pay more attention to the network security. Researchers have made a great deal of useful discussion on how to detect the abnormal of the system in networks. Because biology immune system has the similar ability as intrusion detection system, and can accomplish the task of abnormity detection and protecting the organism to work in gear, it is valuable in theory to some extent and important in practice significance for the researchers to apply the biology immune theory on intrusion detection and the design higher performance intrusion detection system. It makes the immune-based intrusion detection a key research area in intrusion detection system, exploring natural immunological theories, mechanisms and principles for detecting and reacting to intrusions.
Firstly, network security and the development of intrusion detection at home and aboard are introduced. After reviews of the biological immune system and immunological material necessary for this dissertation, positive and negative selection approaches are compared, by both theoretical analyses and experiments. It comes to the conclusion that negative approach can achieve better results at low cost. As great amount of packets pass through networks, negative selection approach is more feasible for intrusion detection.
Comprehensive formalization and new analysis of the negative selection model are developed. In allusion to the low detection rates of negative selection compared with positive selection, Mahalanobis distance is introduced. It is used to improve negative selection in order to increase the detection rates. Theory analysis is given and then experiments are proved it.
An immune-based intrusion detection system prototype is designed and implemented, and the referential realizing idea of data collection, character extraction, mode construction, detecting intrusion, reporting and responding, system optimizing are expounded. Our intrusion detection system is tested with data sets generated by a realistic context, and the experimental results disclaim its effectiveness in detection of network attacks as supposed.
本文首先介绍了网络安全以及入侵检测的国内外现状和发展趋势,接着阐述了生物免疫系统及其免疫学的基础知识,在此基础上,结合理论分析与仿真实验对生物免疫系统的正选择算法和负选择算法进行了对比研究。理论分析和仿真实验结果都表明,在抽样集很大的情况下,负选择算法具有较高的性价比。入侵检测需要处理网络中的海量数据,因此负选择方法适用于基于免疫学的入侵检测系统的研究。
论文对入侵检测问题的负选择方法进行了全面、系统的形式化描述,针对负选择方法检测效率不如正选择方法的问题,首次提出结合马氏距离,改进负选择方法来提高检测效率。先从理论上分析此方法的可行性,然后利用仿真实验来证明。
自主设计并实现了一个基于免疫学的入侵检测系统原型,并从数据收集、特征提取、模式构造、检测入侵、报告响应、系统优化等方面阐述了相应的实现思想。论文采用实际网络环境中收集的数据集对原型系统进行了测试。实验结果表明,此系统可以很好地检测出网络中的异常行为,达到了预期目标。
People pay more attention to the network security. Researchers have made a great deal of useful discussion on how to detect the abnormal of the system in networks. Because biology immune system has the similar ability as intrusion detection system, and can accomplish the task of abnormity detection and protecting the organism to work in gear, it is valuable in theory to some extent and important in practice significance for the researchers to apply the biology immune theory on intrusion detection and the design higher performance intrusion detection system. It makes the immune-based intrusion detection a key research area in intrusion detection system, exploring natural immunological theories, mechanisms and principles for detecting and reacting to intrusions.
Firstly, network security and the development of intrusion detection at home and aboard are introduced. After reviews of the biological immune system and immunological material necessary for this dissertation, positive and negative selection approaches are compared, by both theoretical analyses and experiments. It comes to the conclusion that negative approach can achieve better results at low cost. As great amount of packets pass through networks, negative selection approach is more feasible for intrusion detection.
Comprehensive formalization and new analysis of the negative selection model are developed. In allusion to the low detection rates of negative selection compared with positive selection, Mahalanobis distance is introduced. It is used to improve negative selection in order to increase the detection rates. Theory analysis is given and then experiments are proved it.
An immune-based intrusion detection system prototype is designed and implemented, and the referential realizing idea of data collection, character extraction, mode construction, detecting intrusion, reporting and responding, system optimizing are expounded. Our intrusion detection system is tested with data sets generated by a realistic context, and the experimental results disclaim its effectiveness in detection of network attacks as supposed.
引文
[1]Forrest S,Perelson A S,Allen L,et al.Self-nonself Discrimination in a Computer[A].Proceedings of the 1994 IEEE symposium on Research in Security and Privacy[C].Los Alamitos,CA,1994:1-15.
[2]Helman,Forrest S.An Efficient Algorithm for Generating Random Antibody String[R].Technical Report CS-94-07,The University of New Mexico,Albuquerque,NM,1994:23-87.
[3]中国IT认证实验室[DB/OL].http://www.chinaitlab.com.
[4]唐正军.网络入侵检测系统的设计与实现[M].北京:电子工业出版社.2002年4月.
[5]韩东海,王超,李群.入侵检测系统实例剖析[M].北京:清华大学出版社,2002年5月.
[6]Kim J,Bentley P.The Artificial Immune Model for Network Intrusion Detection[A].7~(th)European Conference on Intelligent Techniques and Soft Computing[C].Aachen,Germany,1999.
[7]Me Michel.Intrusion Detection:A Bibliography[DB/OL].2001.
[8]Jiang Jianchun,Wei Fengchen,Sjhan.The Defense Framework For Large-scale Computer Information Security for Global Information Infrastructure[J].Data Security Study:68-78
[9]Lindqvist U,Porras P.Detecting Computer and Network Misuse Through the Production-based Expert System Toot Set[A].In Proceedings of the 1999 IEEE Symposium on Security and Privacy[C].California,May,1999
[10]Sebring M,Shellhouse E,Hanna M.Expert Systems in Intrusion Detection:A Case Study[A].In Proceedings of the 11th National Computer Security Conference[C].October 1988.
[11]Jackson K,DuBois D,Stallings C.An expert system application for network intrusion detection[A].Proceedings of the 14th Department of Energy Computer Security Group Conference[C].1991.
[12]ligun K,Kemmerer R,Porras.State Transition Analysis:A Rule Based Intrusion Detection System[J].IEEE Transactions on Software Engineering.21,Mar,1995.
[13]Ghosh A K,Schwartzbard A,Schatz M.Learning Program Behavior Profiles for Intrusion Detection[A].1st USENIX Workshop on Intrusion Detection and Network Monitoring[C].1999.
[14]Porras P.STAT:A State Transition Analysis Tool for Intrusion Detection[D].Master's thesis, Computer Science Department, University of California, Santa Barbara, 1992.
[15] Kin J, Bentley P J. A Model of Gene Library Evolution in the Dynamic Clonal Selection Algorithm [A]. Proceedings of the First International Conference on Artificial Immune Systems (ICARIS) [C]. Canterbury. September 11,2002: 175-182.
[16] Kemmerer, Richard A. Computer Security: Encyclopedia of Software Engineering [J]. 1994, New York, John Wiley and Sons: 1153-1164.
[ 17] Mukhe, Biswanath L, Heberlein. Network Intrusion Detection [J].IEEE Network 8.3, 1994: 26-41.
[18] Helman P, Liepins G E. Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse [J]. IEEE Transactions on Software Engineering, vol. 19, 1998: 886-901.
[19] Steven A, Hofmeyr. An Interpretative Introduction to the Immune System: Design Principles for the Immune System and other Distributed Autonomous Systems [J]. Oxford University Press, Eds, Cohen and Segel, 2000:23-39.
[20] Irmran J K. The Antibody Combining Region: Speculations on the hypothesis of general multi-specificity [J]. Theoretical Immunology, 1987.
[21] Chao D L, Forrest S. Information Immune Systems [A]. International Conference on Artificial Immune Systems (ICARIS) [C], 2002: 132-140.
[22] Leandro Nunes de Castro. An Introduction to the Articial Immune System [A]. Proceeding of the 5th International Conference on Artificial Neural Networks and Genetic Algorithms [C]. ICANNG,2001.
[23] Steven A, Hofineyr, Forrest Stephanie. Architecture for an Artificial Immune System.[J]. Evolutionary Computation, 1996, Vol 8, No 4: 443-473.
[24] Kim Jungwon, Peter Bentley. An Artificial Immune Model for Network Intrusion Detection[A]. 7th European Conference on Intelligent Techniques and Son Computing [C]. Aachen, Germany, 1999.
[25] Forrest S, Hofineyr S, Somayaji A. Computer Immunology (DRAFT) [J]. Communications of the ACM Vol. 40, No. 10 : 88-96.
[261 Stephanie Forrest, Steven A, Hofineyr.John Holland's Invisible Hand: An Artificial Immune System [DB]. 2000.
[27] Steven A, Hofineyr.An Interpretative Introduction to the Immune System. Design Principles for the Immune System and other Distributed Autonomous Systems[J].Oxford University
Press,Eds,Cohen I and Segel L.2000.
[28]Steven Andrew,Hofrneyr.An Immunological Model of Distributed Detection and Its Application to Computer Security[J].University ofNew Mexico,1999.
[29]Kim Jungwon,Peter J,Bentley.An Evaluation of Negative Selection in an Artificial Immune System[J].GECCO-2001,2001,San Francisco,CA:1320-1337.
[30]Warrender Christina,Forrest Stepharrie,Pearlmutt Barak.Detecting Intrusions Using System Calls Alternative Data Model[A].IEEE Symposium on Security and privacy[C].1999:133-145.
[31]Gorodetski V,Kotenko I,Skormin V.Integrated Multi-Agent Approach to Network security Assurance:Models of Agents' Community[J].Information Security for global information,2000.
[32]Stephen Northcutt.网络入侵检测分析员手册[M].北京:人民邮电出版社,2000.
[33]李千目,张艰,张宏.一种基于生物免疫学的入侵检测系统[J].计算机工程与应用,2003,(8):45-48.
[34]陈晓华,罗代升.数据挖掘在网络入侵检测中的应用[J].西南民族大学学报,2002,29(6):20-25.
[35]韩健,张乐,蔡瑞英.基于人工免疫算法的入侵检测系统[J].南京工业大学学报,2004,26(1):26-28.
[36]高发桂.负向选择和克隆在网络入侵检测应用上的研究[J].计算机工程与科学,2003,25(4):30-32.
[37]Stephanie Forrest,Steven A,Hofmeyr.An Artifical Immune System[DB].2000.
[38]Steven A,Hofmeyr.An Interpretative Introduction to the Immune System.Design Principles for the Immune System and other Distributed Autonomous Systems[J].Oxford University Press,Eds,1.Cohen and L.Segel,2000.
[39]Terry Escamilla.lntrusion Detection Network Security Beyond the Firewall[J].Wiley Computer Publishing,1998.
[40]杨向荣,宋擒豹,沈钧毅.基于数据挖掘的智能化入侵检测系统[J].计算机工程,2001,27(9):17-18.
[41]John E,Gafney,Jr Jacob W Ulvila.Evaluation of Intrusion Detectors:A Decision Theory Approach[A].Proceedings IEEE Symposium on Security and Privacy[C].May,2001,
Oakland,California,USA.IEEE Computer Society:132-134.
[42]潘志松,陈松灿,一种基于人工免疫原理的入侵检测系统模型[J].数据采集与处理,2003,18(1):12-14.
[43]刘大听,黄敏,王作刚.基于免疫学的入侵检测技术[J].计算机工程与应用,2002,22(2):173-176.
[44]Jungwon Kim.An Artificial Immune System for Network Intrusion Detection[A].7th European Congress on Intelligent Techniques and Soft Computing(EUFTI"99)[C].1999,Aachen,Germany:13-19.
[45]Kim Jungwon.An Artificial Immune Model for Network Intrusion Detection[A].Student Workshop,Genetic and Evolutionary Computation Conference(GECCO-99)[C].1999,Orlando,Florida:13-17.
[46]Harmer Paul Keneth,Williams Paul D,G regg H G unsch.An Artificial Immune System Architecture for Computer Security Applications[J].IEEE Transactions on Evolutionary Computation,2002,Vol 6 No.3:252-280.
[47]张彦超,阚喜戎,王文东.一种基于免疫机理的网络入侵检测模型[J].计算机工程与应用,2002,(10):159-161.
[48]赵俊忠,黄厚宽,田盛丰.免疫机制在计算机网络入侵检测中的应用研究[J].计算机研究与发展,2003,40(2):1293-1299.
[49]杨相荣,沈钧毅,罗浩.人工免疫原理在网络入侵检测中的应用[J].计算机工程,2003,29(3):27-29.
[50]Derek J S.The Cross-Reactive Immune Response:Analysis,Modeling and Application to Vaccine Design.PhD Dissertation[J].University of New Mexico,1997:122-125.
[51]D.Dasgupta,G.Fabio.An immunity-based technique to characterize intrusion in computer networks[J].IEEE transaction on evolutionary computer,vol.6,NO.3,JUNE 2002.
[52]Huang NE,Shen Z,Long SR.The empirical mode decomposition and the Hilbert spectrum for nonlinear and non-stationary time series analysis[J].Proc.of the Royal Society of London,1998,A(454):903-995.
[53]Flandrin P,Rilling G,Goncalves P.Empirical mode decomposition as a filter bank[J].IEEE Signal Processing Letters,2004,11(2):112-114.
[54]Deng Y J,Wang W,Qian CC,Dai DJ.Boundary-Processing technique in EMD method and Hilbert transform[J].Chinese Science Bulletin,2001,46(3):954-961(in Chinese with English abstract).
[55]Yang ZH,Huang D,Yang LH.A novel pitch period detection algorithm based on Hilbert-Huang transform[J].LNCS 3338,2004.586-593.
[56]Yang ZH,Qi DX,Yang LH.Signal period analysis based on Hilbert-Huang transform and its application to texture analysis.In:Proc.of the 3rd Int'l Conf.on Image and Graphics.Hong Kong:IEEE Computer Society Press,2004.430-433.
[57]Wang Wei-hong,Pei Kai,Jin Xiao-gang.Using Hilbert-Huang Transform to Characterize Intrusions in Computer Networks[A].Third International Conference on Natural Computation.August,2007,Haikou,Hainan,China.IEEE computer society:749-753.
[58]梅长林,范金城.数据分析方法[M].北京:高等教育出版社.2006.142-153.
[59]DARPA Intrusion Detection Evaluation(1999).[DB/OL].http://www.11.mit.edu/IST/ideval/index.html.
[2]Helman,Forrest S.An Efficient Algorithm for Generating Random Antibody String[R].Technical Report CS-94-07,The University of New Mexico,Albuquerque,NM,1994:23-87.
[3]中国IT认证实验室[DB/OL].http://www.chinaitlab.com.
[4]唐正军.网络入侵检测系统的设计与实现[M].北京:电子工业出版社.2002年4月.
[5]韩东海,王超,李群.入侵检测系统实例剖析[M].北京:清华大学出版社,2002年5月.
[6]Kim J,Bentley P.The Artificial Immune Model for Network Intrusion Detection[A].7~(th)European Conference on Intelligent Techniques and Soft Computing[C].Aachen,Germany,1999.
[7]Me Michel.Intrusion Detection:A Bibliography[DB/OL].2001.
[8]Jiang Jianchun,Wei Fengchen,Sjhan.The Defense Framework For Large-scale Computer Information Security for Global Information Infrastructure[J].Data Security Study:68-78
[9]Lindqvist U,Porras P.Detecting Computer and Network Misuse Through the Production-based Expert System Toot Set[A].In Proceedings of the 1999 IEEE Symposium on Security and Privacy[C].California,May,1999
[10]Sebring M,Shellhouse E,Hanna M.Expert Systems in Intrusion Detection:A Case Study[A].In Proceedings of the 11th National Computer Security Conference[C].October 1988.
[11]Jackson K,DuBois D,Stallings C.An expert system application for network intrusion detection[A].Proceedings of the 14th Department of Energy Computer Security Group Conference[C].1991.
[12]ligun K,Kemmerer R,Porras.State Transition Analysis:A Rule Based Intrusion Detection System[J].IEEE Transactions on Software Engineering.21,Mar,1995.
[13]Ghosh A K,Schwartzbard A,Schatz M.Learning Program Behavior Profiles for Intrusion Detection[A].1st USENIX Workshop on Intrusion Detection and Network Monitoring[C].1999.
[14]Porras P.STAT:A State Transition Analysis Tool for Intrusion Detection[D].Master's thesis, Computer Science Department, University of California, Santa Barbara, 1992.
[15] Kin J, Bentley P J. A Model of Gene Library Evolution in the Dynamic Clonal Selection Algorithm [A]. Proceedings of the First International Conference on Artificial Immune Systems (ICARIS) [C]. Canterbury. September 11,2002: 175-182.
[16] Kemmerer, Richard A. Computer Security: Encyclopedia of Software Engineering [J]. 1994, New York, John Wiley and Sons: 1153-1164.
[ 17] Mukhe, Biswanath L, Heberlein. Network Intrusion Detection [J].IEEE Network 8.3, 1994: 26-41.
[18] Helman P, Liepins G E. Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse [J]. IEEE Transactions on Software Engineering, vol. 19, 1998: 886-901.
[19] Steven A, Hofmeyr. An Interpretative Introduction to the Immune System: Design Principles for the Immune System and other Distributed Autonomous Systems [J]. Oxford University Press, Eds, Cohen and Segel, 2000:23-39.
[20] Irmran J K. The Antibody Combining Region: Speculations on the hypothesis of general multi-specificity [J]. Theoretical Immunology, 1987.
[21] Chao D L, Forrest S. Information Immune Systems [A]. International Conference on Artificial Immune Systems (ICARIS) [C], 2002: 132-140.
[22] Leandro Nunes de Castro. An Introduction to the Articial Immune System [A]. Proceeding of the 5th International Conference on Artificial Neural Networks and Genetic Algorithms [C]. ICANNG,2001.
[23] Steven A, Hofineyr, Forrest Stephanie. Architecture for an Artificial Immune System.[J]. Evolutionary Computation, 1996, Vol 8, No 4: 443-473.
[24] Kim Jungwon, Peter Bentley. An Artificial Immune Model for Network Intrusion Detection[A]. 7th European Conference on Intelligent Techniques and Son Computing [C]. Aachen, Germany, 1999.
[25] Forrest S, Hofineyr S, Somayaji A. Computer Immunology (DRAFT) [J]. Communications of the ACM Vol. 40, No. 10 : 88-96.
[261 Stephanie Forrest, Steven A, Hofineyr.John Holland's Invisible Hand: An Artificial Immune System [DB]. 2000.
[27] Steven A, Hofineyr.An Interpretative Introduction to the Immune System. Design Principles for the Immune System and other Distributed Autonomous Systems[J].Oxford University
Press,Eds,Cohen I and Segel L.2000.
[28]Steven Andrew,Hofrneyr.An Immunological Model of Distributed Detection and Its Application to Computer Security[J].University ofNew Mexico,1999.
[29]Kim Jungwon,Peter J,Bentley.An Evaluation of Negative Selection in an Artificial Immune System[J].GECCO-2001,2001,San Francisco,CA:1320-1337.
[30]Warrender Christina,Forrest Stepharrie,Pearlmutt Barak.Detecting Intrusions Using System Calls Alternative Data Model[A].IEEE Symposium on Security and privacy[C].1999:133-145.
[31]Gorodetski V,Kotenko I,Skormin V.Integrated Multi-Agent Approach to Network security Assurance:Models of Agents' Community[J].Information Security for global information,2000.
[32]Stephen Northcutt.网络入侵检测分析员手册[M].北京:人民邮电出版社,2000.
[33]李千目,张艰,张宏.一种基于生物免疫学的入侵检测系统[J].计算机工程与应用,2003,(8):45-48.
[34]陈晓华,罗代升.数据挖掘在网络入侵检测中的应用[J].西南民族大学学报,2002,29(6):20-25.
[35]韩健,张乐,蔡瑞英.基于人工免疫算法的入侵检测系统[J].南京工业大学学报,2004,26(1):26-28.
[36]高发桂.负向选择和克隆在网络入侵检测应用上的研究[J].计算机工程与科学,2003,25(4):30-32.
[37]Stephanie Forrest,Steven A,Hofmeyr.An Artifical Immune System[DB].2000.
[38]Steven A,Hofmeyr.An Interpretative Introduction to the Immune System.Design Principles for the Immune System and other Distributed Autonomous Systems[J].Oxford University Press,Eds,1.Cohen and L.Segel,2000.
[39]Terry Escamilla.lntrusion Detection Network Security Beyond the Firewall[J].Wiley Computer Publishing,1998.
[40]杨向荣,宋擒豹,沈钧毅.基于数据挖掘的智能化入侵检测系统[J].计算机工程,2001,27(9):17-18.
[41]John E,Gafney,Jr Jacob W Ulvila.Evaluation of Intrusion Detectors:A Decision Theory Approach[A].Proceedings IEEE Symposium on Security and Privacy[C].May,2001,
Oakland,California,USA.IEEE Computer Society:132-134.
[42]潘志松,陈松灿,一种基于人工免疫原理的入侵检测系统模型[J].数据采集与处理,2003,18(1):12-14.
[43]刘大听,黄敏,王作刚.基于免疫学的入侵检测技术[J].计算机工程与应用,2002,22(2):173-176.
[44]Jungwon Kim.An Artificial Immune System for Network Intrusion Detection[A].7th European Congress on Intelligent Techniques and Soft Computing(EUFTI"99)[C].1999,Aachen,Germany:13-19.
[45]Kim Jungwon.An Artificial Immune Model for Network Intrusion Detection[A].Student Workshop,Genetic and Evolutionary Computation Conference(GECCO-99)[C].1999,Orlando,Florida:13-17.
[46]Harmer Paul Keneth,Williams Paul D,G regg H G unsch.An Artificial Immune System Architecture for Computer Security Applications[J].IEEE Transactions on Evolutionary Computation,2002,Vol 6 No.3:252-280.
[47]张彦超,阚喜戎,王文东.一种基于免疫机理的网络入侵检测模型[J].计算机工程与应用,2002,(10):159-161.
[48]赵俊忠,黄厚宽,田盛丰.免疫机制在计算机网络入侵检测中的应用研究[J].计算机研究与发展,2003,40(2):1293-1299.
[49]杨相荣,沈钧毅,罗浩.人工免疫原理在网络入侵检测中的应用[J].计算机工程,2003,29(3):27-29.
[50]Derek J S.The Cross-Reactive Immune Response:Analysis,Modeling and Application to Vaccine Design.PhD Dissertation[J].University of New Mexico,1997:122-125.
[51]D.Dasgupta,G.Fabio.An immunity-based technique to characterize intrusion in computer networks[J].IEEE transaction on evolutionary computer,vol.6,NO.3,JUNE 2002.
[52]Huang NE,Shen Z,Long SR.The empirical mode decomposition and the Hilbert spectrum for nonlinear and non-stationary time series analysis[J].Proc.of the Royal Society of London,1998,A(454):903-995.
[53]Flandrin P,Rilling G,Goncalves P.Empirical mode decomposition as a filter bank[J].IEEE Signal Processing Letters,2004,11(2):112-114.
[54]Deng Y J,Wang W,Qian CC,Dai DJ.Boundary-Processing technique in EMD method and Hilbert transform[J].Chinese Science Bulletin,2001,46(3):954-961(in Chinese with English abstract).
[55]Yang ZH,Huang D,Yang LH.A novel pitch period detection algorithm based on Hilbert-Huang transform[J].LNCS 3338,2004.586-593.
[56]Yang ZH,Qi DX,Yang LH.Signal period analysis based on Hilbert-Huang transform and its application to texture analysis.In:Proc.of the 3rd Int'l Conf.on Image and Graphics.Hong Kong:IEEE Computer Society Press,2004.430-433.
[57]Wang Wei-hong,Pei Kai,Jin Xiao-gang.Using Hilbert-Huang Transform to Characterize Intrusions in Computer Networks[A].Third International Conference on Natural Computation.August,2007,Haikou,Hainan,China.IEEE computer society:749-753.
[58]梅长林,范金城.数据分析方法[M].北京:高等教育出版社.2006.142-153.
[59]DARPA Intrusion Detection Evaluation(1999).[DB/OL].http://www.11.mit.edu/IST/ideval/index.html.