基于簇的移动自组网入侵检测系统研究与设计
摘要
随着无线通信技术的快速发展与移动终端性能的提高,移动自组网在军用和民用领域得到广泛应用,人们对于移动自组网安全性、可靠性要求随之俱增。因此,移动自组网的网络安全问题成为当前网络方向研究热点之一。
移动自组网具有介质开放、拓扑结构高度动态等独特特征,特别是各节点缺乏物理保护,易被捕获,导致攻击从内部产生,而传统密钥设置与认证等方案无法对抗此类攻击,因此入侵检测作为移动自组网安全防范的第二道设施,是其获得高抗毁性的必要手段。
移动自组网入侵检测系统能否高效,系统体系结构是关键问题。通过分析移动自组网网络拓扑结构,决定将簇结构用于移动自组网入侵检测系统中。同时针对现有移动自组网分簇算法的不足之处,提出基于按需加权的NTDR(DWNTDR),并模拟和比较各分簇算法,该算法综合考虑了影响移动自组网性能的节点度,速度等多种因素,更适合移动自组网入侵检测系统。
对于入侵检测系统来说,入侵检测输出信息显得格外重要。因此根据移动自组网独特特性及本移动自组网入侵检测系统需要,并参照IDMEF数据模型,提出并设计了AdhocIDMEF数据模型,以适应移动自组网和本移动自组网入侵检测系统。
在详细分析移动自组网安全需求、总结当前该领域研究现状以及以上研究的基础上,设计了一种基于簇的移动自组网多层分布式入侵检测系统CMDIDS-MANETs。该入侵检测系统能够有效提高移动自组网安全性和系统资源利用率,增强系统对分布式攻击的协同检测能力和入侵检测率,并降低网络通信负荷和减少误报率。
With the rapid development of wireless communication technology as well as the improved performance of mobile terminal, Mobile Ad Hoc Networks (MANETs) have been widely used in military and civil, and the requirements for security and reliability of MANETs increase steadily. Therefore, the network security in MANETs has become an interesting research topic.
The nature of MANETs such as the open medium, dynamically changing network topology and so on, especially the nodes with inadequate physical protection are receptive to being captured, then attacks come from within the network by a compromised node, but the traditional key management and authentication, etc. security solutions can't confront these attacks, so as the second line of defense, intrusion detection is the necessary means of getting the high survivability.
The IDS system architecture in MANETs is the. key problem for IDS's efficiency in MANETs. By a analysis on topologic structure in MANETs, we decided to use clustering structure in IDS in MANETs. At the same time, we proposes a improved NTDR, on-demand weight NTDR(DWNTDR), based on the question and lack of the existing clustering algorithms. The algorithm has synthetically considered the degree and velocity, etc. factor of MANETs, which is proved by simulation to have better adaptability for MANETs with its dynamic topologic structure, and being suitable for IDS in MANETs.
Export information of IDS is very important for IDS, So due to the unique characteristics of MANETs and requests of IDS in MANETs and refering to the IDMEF data model, we put forward and designed AdhocIDMEF data model to fit the MANETs and IDS in MANETs.
It gives a thorough analysis on the of security requirements of MANETs and summarize research in the field and research above, then a cluster-based multilayer distributed intrusion detection system in MANETs has been introduced (CMDIDS-MANETs). This system can enhance the security, resource utilization ratio, collaborative detection capability of intrusion detection and detection rate, and can also reduce the communication load and alarm ratio.
移动自组网具有介质开放、拓扑结构高度动态等独特特征,特别是各节点缺乏物理保护,易被捕获,导致攻击从内部产生,而传统密钥设置与认证等方案无法对抗此类攻击,因此入侵检测作为移动自组网安全防范的第二道设施,是其获得高抗毁性的必要手段。
移动自组网入侵检测系统能否高效,系统体系结构是关键问题。通过分析移动自组网网络拓扑结构,决定将簇结构用于移动自组网入侵检测系统中。同时针对现有移动自组网分簇算法的不足之处,提出基于按需加权的NTDR(DWNTDR),并模拟和比较各分簇算法,该算法综合考虑了影响移动自组网性能的节点度,速度等多种因素,更适合移动自组网入侵检测系统。
对于入侵检测系统来说,入侵检测输出信息显得格外重要。因此根据移动自组网独特特性及本移动自组网入侵检测系统需要,并参照IDMEF数据模型,提出并设计了AdhocIDMEF数据模型,以适应移动自组网和本移动自组网入侵检测系统。
在详细分析移动自组网安全需求、总结当前该领域研究现状以及以上研究的基础上,设计了一种基于簇的移动自组网多层分布式入侵检测系统CMDIDS-MANETs。该入侵检测系统能够有效提高移动自组网安全性和系统资源利用率,增强系统对分布式攻击的协同检测能力和入侵检测率,并降低网络通信负荷和减少误报率。
With the rapid development of wireless communication technology as well as the improved performance of mobile terminal, Mobile Ad Hoc Networks (MANETs) have been widely used in military and civil, and the requirements for security and reliability of MANETs increase steadily. Therefore, the network security in MANETs has become an interesting research topic.
The nature of MANETs such as the open medium, dynamically changing network topology and so on, especially the nodes with inadequate physical protection are receptive to being captured, then attacks come from within the network by a compromised node, but the traditional key management and authentication, etc. security solutions can't confront these attacks, so as the second line of defense, intrusion detection is the necessary means of getting the high survivability.
The IDS system architecture in MANETs is the. key problem for IDS's efficiency in MANETs. By a analysis on topologic structure in MANETs, we decided to use clustering structure in IDS in MANETs. At the same time, we proposes a improved NTDR, on-demand weight NTDR(DWNTDR), based on the question and lack of the existing clustering algorithms. The algorithm has synthetically considered the degree and velocity, etc. factor of MANETs, which is proved by simulation to have better adaptability for MANETs with its dynamic topologic structure, and being suitable for IDS in MANETs.
Export information of IDS is very important for IDS, So due to the unique characteristics of MANETs and requests of IDS in MANETs and refering to the IDMEF data model, we put forward and designed AdhocIDMEF data model to fit the MANETs and IDS in MANETs.
It gives a thorough analysis on the of security requirements of MANETs and summarize research in the field and research above, then a cluster-based multilayer distributed intrusion detection system in MANETs has been introduced (CMDIDS-MANETs). This system can enhance the security, resource utilization ratio, collaborative detection capability of intrusion detection and detection rate, and can also reduce the communication load and alarm ratio.
引文
[1] Barry M. Leiner, Donald. L. Nielson, et al. Issues in Packet Radio Network Design. Proceedings of the IEEE, 1987, 75 (1): 6~20
[2] G. Lauer. Advanced protocols for the SURAN packet radio network. Proceeding of the SHAPE Packet Radio Symposium, 1989.
[3] 肖永康,山秀明,任勇.无线Adhoc网络及其研究难点.电信科学,2002,(6):12~14
[4] 黄烟波,胡波.基于簇的移动Ad hoc网多层分布式入侵检测.微电子学与计算机,2006,23(9):218~222
[5] Paul Brutch, Calvin Ko. Challenges in Intrusion Detection for Wireless Ad-hoc Networks. In: Proceeding of Symposium on Applications and the Internet Workshops, 2003. 27~31
[6] 程艾芝.无线网络的现状研究.微处理机,2005,(6):28~30
[7] 李威.无线Ad hoc网络.电信建设,2004,(4):10~14
[8] 郑少仁,王海涛,赵志峰,等.Ad Hoc网络技术.北京:人民邮电出版社,2005.242~243
[9] 易平,蒋嶷川,张世永,等.移动ad hoc网络安全综述.电子学报,2005,(5):893~897
[10] 柳楠,韩芳溪,张维勇,等.移动Ad hoc网络中的特殊攻击.计算机工程与设计,2005,26(6):1486~1537
[11] Hugo Miranda, Lu'ls Rodrigues. Preventing selfishness in open mobile ad hoc networks [EB/OL]. http://www.newcastle.research.ec.org/cabernet/workshops/radicals/2002/Papers/Bertinoro/21.pdf.
[12] 王海涛,郑少仁.移动Ad Hoc网络中的安全问题.中国数据通信,2002,(8):65~68
[13] 蒋廷耀,杨景华,李庆华.移动Ad hoc网络安全技术研究进展.计算机应用研究,2005,(2):1~4
[14] 王松,王卫红,张繁.一种新的移动ad-hoc网络异常入侵检测技术.浙江工业大学学报,2004,32(6):696~699
[15] Lingdong Zhou, Zygmunt J. Haas. Securing ad hoc networks. IEEE Networks Special Issue on Network Security, 1999, 13 (6): 24~30
[16] Jiejun Kong, Petms Zerfos, et al. Providing robust and ubiquitous security support for mobile Ad-Hoc networks. IEEEE 9th International Conference on Network Protocols (ICNP' 01). Riverside, California, 2001. 251~260
[17] Jean-Pierre, Hubaux, Levente Buttyan, et al. The quest for security in mobile Ad Hoc networks. Proc of the 2001ACM International Symposiumon Mobile ad hoc networking&computing 2001. Long Beach, CA, USA, 2001. 146~155
[18] Srdjan Capkun, Levente Nuttyan, Jean-Pierre Hubaux. Selforganized Public-key Management for mobile ad hoc networks. IEEE Transactions on mobile computing, 2003, 2 (1): 52~64
[19] NAsokan, Philip Ginzboorg. Key agreement in ad hoc networks. Computer Communications, 2000, 23 (17) : 1627~1637
[20] P Dasgupta, S Gokhale. Distributed authentication for Peer to Peer networks. IEEE Workshop on Security and Assurance in Ad hoc Networks. Orlando, FL, January 28, 2003. 347~353
[21] Srdjan Capkun, Jean-Pierre Hubaux, Levente Buttyan. Mobility helps Security in Ad Hoc networks. The Fourth ACM International Symposiumon Mobile Ad Hoc Networking and Computing. Annapolis, Maryland, USA, June, 2003. 46~56
[22] Levente Buttyan, Jean-Pierre Hubaux. Enforcing service availability in mobile Ad-Hoc WANs. Proc of the IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC). Boston, MA, USA, August 2000. 87~96
[23] L Buttyn, J-P Hubaux. Stimulating cooperation in self-organizing mobile Ad Hoc networks. Mobile Networks and Applications, 2003, 8 (5): 579~592
[24] Sheng Zhong, Jiang Chen, Yang Richard Yang. Sprite: A Simple, Cheat-proof, Credit-based system formobile Ad-Hoc networks. Proc of the Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM2003). SanFrancisco, CA, April, 2003. 1987~1997
[25] Sergio Marti, T J Giuli, et al. Mitigating routing misbehavior in mobil ad hoc networks. Proc of the Sixth International Conference on Mobile Computing and Networking (Mobicom2000). Boston, August 2000. 255~265
[26] Sonja Buchegger, Jean-Yves Le Boudec. Performance analysis of the CONFIDANT protocol: Cooperation of nodes-fairness in distributed Ad-Hoc networks. Proc of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC2002). EPF LLausanne, Switzerland, 2002. 226~236
[27] 易平,钟亦平,张世永.移动ad hoc网络中DOS攻击及防御机制.计算机研究与发展,2005,4(24):697~704
[28] Chin-Yang Tseng, Poornima Balasubramanyam, CalvinKo. A Specification Based Intrusion Detection System for AODV. In: Proceedings of the ist ACM workshop on Security of ad hoc and sensor networks, ACM Press, Fairfax, Virginia, USA, 2003. 125~134
[29] Sergio Marti, T.J. Giuli, Kevin Lai. Mitigating Routing Misbehavior in Mobile Ad Hoc Networks. In: Proceedings of the Sixth Annual International Conference on Mobile Communication and Networking, Boston, Massachussetts, 2000.
[30] Wenke Lee, Sal Stolfo. A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security, 2000, 3 (4):227~261
[31] 蒋建春,冯登国.网络入侵检测原理与技术(第一版).北京:国防工业出版社,2001.57~63
[32] Bo Sun, Kui Wu. Alert Aggregation in Mobile Ad Hoc Networks. In Proceedings of the 2003 ACM workshop on Wireless security, San Diego, USA, 2003. 69~78
[33] Yongguang Zhang, Wenke Lee. Intrusion Detection in Wireless Ad Hoc Networks. In: Proceedings of the 6th annual international conference on Mobile Computing and Networking (MobiCom'2000), Boston, Massachusetts, U.S.A, 2000. 275~283
[34] Oleg Kachirski, Ratan Guha. Intrusion Detection Using Mobile Agent in Ad-Hoc Networks. In: Proceedings of the IEEE Workshop on Knowledge Media Networking (KMN'02), Washington, 2002. 153~159
[35] Albers, Patrick, Olivier Camp. Security in Ad hoc Networks: a general Intrusion detection architecture enhancing trust based approaches. In: Proceedings of the First International Workshop on Wireless Information Systems, 2002.
[36] Ricardo Staciarini Puttini, Jean-Marc Percher, Ludovic Me. A Modular Architecture for Distributed IDS in MANET. In: Proceedings of the International Conference on Computational Science and Its Applications (ICCSA), Canada, 2003. 91~113
[37] 马传香,李庆华,王卉.入侵检测研究综述.计算机工程.2005,31(3):4~6
[38] Denning D E. An Intrusion-Detection Model. IEEE Transaction on Software Engineering, 1987, 13 (2): 222~232
[39] 郭晓淳,吴杰宏,刘放.入侵检测综述.沈阳航空工业学院学报.2001,18(14):67~69
[40] 周建国,曹庆国,赵庆军.计算机网络入侵检测系统的研究.计算机工程.2003,29(2):9~11
[41] 郑相全.无线自组网技术实用教程.北京:清华大学出版社,2004.116~118
[42] 吴迪,李晴,冯永新,王光兴.一种基于地理定位信息的Ad Hoc分簇算法.计算机工程与应用,2005,(14):138~152
[43] 王寒凝,王亚弟,费晓飞、韩继红.移动自组网中一种基于分簇的信任评估方案.计算机科学,2006,33(8):98~105
[44] Lin CHR, Gerla M. A distributed architecture for multimedia in dynamic wireless networks. IEEE Globecom. 1995. 1468~1472
[45] GerlaM, Tsai JTC. Multicluster, mobile, multimedia radio network. Wireless Networks, 1995,1 (3): 255~265
[46] Basagni S. Distributed clustering for Ad hoc networks. International Symposiun on Parallel Architectures, Algorithms and Networks, Perth. 1999. 310~315
[47] 于宏毅.无线移动自组网.北京:人民邮电出版社,2005.332~335
[48] 钟旺伟.统一通用入侵检测框架的研究与设计.微计算机信息.2006,22(9-3):128~130
[49] 董晓梅,于戈.分布式入侵检测与响应协作模型研究.计算机工程,2006,32(6):151~153
[50] 穆成坡,黄厚宽,田盛丰.入侵检测系统报警信息聚合与关联技术研究综述.计算机研究与发展.2006,43(1):1~8
[51] 冯立功.基于XML技术的IDMEF在分布式入侵检测系统中的应用.实用技术,2004,11(6):11~12
[52] 李涵,包立辉.基于聚类算法的异常入侵检测模型的研究与实现.计算机应用与软件,2006,23(10):126~133
[53] W Lee, S J Stolfo, KW Mok. A data mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy. 1999
[54] 宋世杰,胡华平,胡笑蕾,等.数据挖掘技术在网络型异常入侵检测系统中的应用.计算机应用,2003,23(12):20~23
[55] 吕志军,袁卫忠,仲海骏,等.基于数据挖掘的异常入侵检测系统研究.计算机科学,2004,23(10):61~65
[56] 李晓芳,姚远.入侵检测工具Snort的研究与使用.计算机应用与软件,2006,23(3):123~141
[57] 高平利,任金昌.基于Snort入侵检测系统的分析与实现.计算机应用与软件.2006,23(8):134~138
[58] 赵俊岚.XML编程中的DOM与SAX技术.计算机工程,2004,30(24):70~72
[2] G. Lauer. Advanced protocols for the SURAN packet radio network. Proceeding of the SHAPE Packet Radio Symposium, 1989.
[3] 肖永康,山秀明,任勇.无线Adhoc网络及其研究难点.电信科学,2002,(6):12~14
[4] 黄烟波,胡波.基于簇的移动Ad hoc网多层分布式入侵检测.微电子学与计算机,2006,23(9):218~222
[5] Paul Brutch, Calvin Ko. Challenges in Intrusion Detection for Wireless Ad-hoc Networks. In: Proceeding of Symposium on Applications and the Internet Workshops, 2003. 27~31
[6] 程艾芝.无线网络的现状研究.微处理机,2005,(6):28~30
[7] 李威.无线Ad hoc网络.电信建设,2004,(4):10~14
[8] 郑少仁,王海涛,赵志峰,等.Ad Hoc网络技术.北京:人民邮电出版社,2005.242~243
[9] 易平,蒋嶷川,张世永,等.移动ad hoc网络安全综述.电子学报,2005,(5):893~897
[10] 柳楠,韩芳溪,张维勇,等.移动Ad hoc网络中的特殊攻击.计算机工程与设计,2005,26(6):1486~1537
[11] Hugo Miranda, Lu'ls Rodrigues. Preventing selfishness in open mobile ad hoc networks [EB/OL]. http://www.newcastle.research.ec.org/cabernet/workshops/radicals/2002/Papers/Bertinoro/21.pdf.
[12] 王海涛,郑少仁.移动Ad Hoc网络中的安全问题.中国数据通信,2002,(8):65~68
[13] 蒋廷耀,杨景华,李庆华.移动Ad hoc网络安全技术研究进展.计算机应用研究,2005,(2):1~4
[14] 王松,王卫红,张繁.一种新的移动ad-hoc网络异常入侵检测技术.浙江工业大学学报,2004,32(6):696~699
[15] Lingdong Zhou, Zygmunt J. Haas. Securing ad hoc networks. IEEE Networks Special Issue on Network Security, 1999, 13 (6): 24~30
[16] Jiejun Kong, Petms Zerfos, et al. Providing robust and ubiquitous security support for mobile Ad-Hoc networks. IEEEE 9th International Conference on Network Protocols (ICNP' 01). Riverside, California, 2001. 251~260
[17] Jean-Pierre, Hubaux, Levente Buttyan, et al. The quest for security in mobile Ad Hoc networks. Proc of the 2001ACM International Symposiumon Mobile ad hoc networking&computing 2001. Long Beach, CA, USA, 2001. 146~155
[18] Srdjan Capkun, Levente Nuttyan, Jean-Pierre Hubaux. Selforganized Public-key Management for mobile ad hoc networks. IEEE Transactions on mobile computing, 2003, 2 (1): 52~64
[19] NAsokan, Philip Ginzboorg. Key agreement in ad hoc networks. Computer Communications, 2000, 23 (17) : 1627~1637
[20] P Dasgupta, S Gokhale. Distributed authentication for Peer to Peer networks. IEEE Workshop on Security and Assurance in Ad hoc Networks. Orlando, FL, January 28, 2003. 347~353
[21] Srdjan Capkun, Jean-Pierre Hubaux, Levente Buttyan. Mobility helps Security in Ad Hoc networks. The Fourth ACM International Symposiumon Mobile Ad Hoc Networking and Computing. Annapolis, Maryland, USA, June, 2003. 46~56
[22] Levente Buttyan, Jean-Pierre Hubaux. Enforcing service availability in mobile Ad-Hoc WANs. Proc of the IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC). Boston, MA, USA, August 2000. 87~96
[23] L Buttyn, J-P Hubaux. Stimulating cooperation in self-organizing mobile Ad Hoc networks. Mobile Networks and Applications, 2003, 8 (5): 579~592
[24] Sheng Zhong, Jiang Chen, Yang Richard Yang. Sprite: A Simple, Cheat-proof, Credit-based system formobile Ad-Hoc networks. Proc of the Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM2003). SanFrancisco, CA, April, 2003. 1987~1997
[25] Sergio Marti, T J Giuli, et al. Mitigating routing misbehavior in mobil ad hoc networks. Proc of the Sixth International Conference on Mobile Computing and Networking (Mobicom2000). Boston, August 2000. 255~265
[26] Sonja Buchegger, Jean-Yves Le Boudec. Performance analysis of the CONFIDANT protocol: Cooperation of nodes-fairness in distributed Ad-Hoc networks. Proc of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC2002). EPF LLausanne, Switzerland, 2002. 226~236
[27] 易平,钟亦平,张世永.移动ad hoc网络中DOS攻击及防御机制.计算机研究与发展,2005,4(24):697~704
[28] Chin-Yang Tseng, Poornima Balasubramanyam, CalvinKo. A Specification Based Intrusion Detection System for AODV. In: Proceedings of the ist ACM workshop on Security of ad hoc and sensor networks, ACM Press, Fairfax, Virginia, USA, 2003. 125~134
[29] Sergio Marti, T.J. Giuli, Kevin Lai. Mitigating Routing Misbehavior in Mobile Ad Hoc Networks. In: Proceedings of the Sixth Annual International Conference on Mobile Communication and Networking, Boston, Massachussetts, 2000.
[30] Wenke Lee, Sal Stolfo. A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security, 2000, 3 (4):227~261
[31] 蒋建春,冯登国.网络入侵检测原理与技术(第一版).北京:国防工业出版社,2001.57~63
[32] Bo Sun, Kui Wu. Alert Aggregation in Mobile Ad Hoc Networks. In Proceedings of the 2003 ACM workshop on Wireless security, San Diego, USA, 2003. 69~78
[33] Yongguang Zhang, Wenke Lee. Intrusion Detection in Wireless Ad Hoc Networks. In: Proceedings of the 6th annual international conference on Mobile Computing and Networking (MobiCom'2000), Boston, Massachusetts, U.S.A, 2000. 275~283
[34] Oleg Kachirski, Ratan Guha. Intrusion Detection Using Mobile Agent in Ad-Hoc Networks. In: Proceedings of the IEEE Workshop on Knowledge Media Networking (KMN'02), Washington, 2002. 153~159
[35] Albers, Patrick, Olivier Camp. Security in Ad hoc Networks: a general Intrusion detection architecture enhancing trust based approaches. In: Proceedings of the First International Workshop on Wireless Information Systems, 2002.
[36] Ricardo Staciarini Puttini, Jean-Marc Percher, Ludovic Me. A Modular Architecture for Distributed IDS in MANET. In: Proceedings of the International Conference on Computational Science and Its Applications (ICCSA), Canada, 2003. 91~113
[37] 马传香,李庆华,王卉.入侵检测研究综述.计算机工程.2005,31(3):4~6
[38] Denning D E. An Intrusion-Detection Model. IEEE Transaction on Software Engineering, 1987, 13 (2): 222~232
[39] 郭晓淳,吴杰宏,刘放.入侵检测综述.沈阳航空工业学院学报.2001,18(14):67~69
[40] 周建国,曹庆国,赵庆军.计算机网络入侵检测系统的研究.计算机工程.2003,29(2):9~11
[41] 郑相全.无线自组网技术实用教程.北京:清华大学出版社,2004.116~118
[42] 吴迪,李晴,冯永新,王光兴.一种基于地理定位信息的Ad Hoc分簇算法.计算机工程与应用,2005,(14):138~152
[43] 王寒凝,王亚弟,费晓飞、韩继红.移动自组网中一种基于分簇的信任评估方案.计算机科学,2006,33(8):98~105
[44] Lin CHR, Gerla M. A distributed architecture for multimedia in dynamic wireless networks. IEEE Globecom. 1995. 1468~1472
[45] GerlaM, Tsai JTC. Multicluster, mobile, multimedia radio network. Wireless Networks, 1995,1 (3): 255~265
[46] Basagni S. Distributed clustering for Ad hoc networks. International Symposiun on Parallel Architectures, Algorithms and Networks, Perth. 1999. 310~315
[47] 于宏毅.无线移动自组网.北京:人民邮电出版社,2005.332~335
[48] 钟旺伟.统一通用入侵检测框架的研究与设计.微计算机信息.2006,22(9-3):128~130
[49] 董晓梅,于戈.分布式入侵检测与响应协作模型研究.计算机工程,2006,32(6):151~153
[50] 穆成坡,黄厚宽,田盛丰.入侵检测系统报警信息聚合与关联技术研究综述.计算机研究与发展.2006,43(1):1~8
[51] 冯立功.基于XML技术的IDMEF在分布式入侵检测系统中的应用.实用技术,2004,11(6):11~12
[52] 李涵,包立辉.基于聚类算法的异常入侵检测模型的研究与实现.计算机应用与软件,2006,23(10):126~133
[53] W Lee, S J Stolfo, KW Mok. A data mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy. 1999
[54] 宋世杰,胡华平,胡笑蕾,等.数据挖掘技术在网络型异常入侵检测系统中的应用.计算机应用,2003,23(12):20~23
[55] 吕志军,袁卫忠,仲海骏,等.基于数据挖掘的异常入侵检测系统研究.计算机科学,2004,23(10):61~65
[56] 李晓芳,姚远.入侵检测工具Snort的研究与使用.计算机应用与软件,2006,23(3):123~141
[57] 高平利,任金昌.基于Snort入侵检测系统的分析与实现.计算机应用与软件.2006,23(8):134~138
[58] 赵俊岚.XML编程中的DOM与SAX技术.计算机工程,2004,30(24):70~72