基于混沌时间序列和SVM的入侵检测系统研究
|
摘要
针对目前愈加频繁出现的分布式、多目标、多阶段的组合式网络攻击事件ˋ以及下一代互联网可能会出现的未知安全问题ˋ提高入侵检测系统的检出效率和智能化势在必行?
本文系统研究了混沌时间序列分析的基本理论和一般方法ˋ提出了应用混沌时间序列分析方法来进行报警信息混沌时间序列预测ˋ把混沌技术成功地应用到入侵检测系统ˋ实现了对特征库中各特征量根据报警信息时间序列的预测进行优化和更新ˋ不仅提高了入侵检测系统对已有特征量对应攻击的识别效率ˋ还可以通过预测新的特征量来识别同一种攻击方法的许多变种以及全新攻击包。
本文深入研究了支持向量机理论及其应用ˋ提出了一个支持向量机分类器ˋ实现了支持向量机的两类分类和多类分类ˋ并将该分类器用于入侵检测ˋ建立了基于支持向量机的入侵检测模型?结合网络流量异常检测的特点ˋ讨论了异常检测的特征选择问题ˋ提出了网络流量的对称性?协议分布?异常报文统计以及包长度统计变量等具有代表性的特征参数?描述了数据的预处理方法?实验结果表明ˋ基于支持向量机的网络异常检测方法不仅可以有效地检测各种高强度的扫描行为ˋ同时误报警率较低。
本文详细研究了特征分析理论ˋ提出了一种新的基于自适应特征加权的特征选择方法ˋ并将其用于入侵特征的提取ˋ将属性选择技术和SVM分类有机地结合,有效地降低了算法的时间复杂度和空间复杂度ˋ改变了以往参数试值的局面?实验结果表明ˋ分类精度有了明显提高ˋ同时ˋ训练时间明显改善ˋ测试时间也有效减少ˋ使模型具有迅速响应的能力ˋ有效提高了入侵检测系统的准确性和实时性?
In view of the unknown security issues which the next generation internet may encounter,as well as the increasingly frequent distributed, multi-objective, multi-stage network attacks confronting us nowadays, it is imperative to enhance the detection efficiency and intelligence of Intrusion Detection System.
With the development of chaos theory and research on its applicationˋnonlinear time series analysis has become a major research hotspot of nonlinear information processing, and has been widely applied to interrelated engineering region. Studing the basic theories and general methods of chaotic time series analysis deeply and systematically, the method of chaotic time series analysis is proposed to predict alerm information, by which the chaos technology is applied to Intrusion Detection System successfully. Then we can optimize and update the eigenvector according to predicting the alarm information chaotic time series. The efficiency of identify the attack of existing eigenvector will not only be improved; many variation of the same attack method and new attack packets can also be identified by predicting new eigenvector.
Studing the basic theories and its application of Support Vector Machine deeply, we present a classification model based on SVM and complete the SVM’s binary classification and multi-class classification. Putting it into IDS, an intrusion detection model based on SVM is built. In combination with the feature of network traffic anomaly detection, we study the problem of feature selection in anomaly detection and the representative characteristic parameters of network traffic is proposed, such as the symmetry, protocol distribution, abnormal packet statistics as well as the length of packet statistics,with the data pre-processing method described. The experiment results show that the network anomaly detection based on SVM can not only detect a variety of high-intensity behavior of the scan effectively, but also has a lower FAR. Studying technology of feature analysis, a new method of feature selection based on adaptive feature weighted is presented, and it is applied into the intrusion feature selection with the technique of feature selection and the technique of SVM classification combined. The method can reduce the time complexity and space complexity and the situation of parameter trying is improved. The experiment results show that the detection precision rises obviously, meanwhile, the training time and the test time are also improved variously. The model has the ability to respond quickly, improving the accuracy and real-time effectively of the Intrusion Detection System.
本文系统研究了混沌时间序列分析的基本理论和一般方法ˋ提出了应用混沌时间序列分析方法来进行报警信息混沌时间序列预测ˋ把混沌技术成功地应用到入侵检测系统ˋ实现了对特征库中各特征量根据报警信息时间序列的预测进行优化和更新ˋ不仅提高了入侵检测系统对已有特征量对应攻击的识别效率ˋ还可以通过预测新的特征量来识别同一种攻击方法的许多变种以及全新攻击包。
本文深入研究了支持向量机理论及其应用ˋ提出了一个支持向量机分类器ˋ实现了支持向量机的两类分类和多类分类ˋ并将该分类器用于入侵检测ˋ建立了基于支持向量机的入侵检测模型?结合网络流量异常检测的特点ˋ讨论了异常检测的特征选择问题ˋ提出了网络流量的对称性?协议分布?异常报文统计以及包长度统计变量等具有代表性的特征参数?描述了数据的预处理方法?实验结果表明ˋ基于支持向量机的网络异常检测方法不仅可以有效地检测各种高强度的扫描行为ˋ同时误报警率较低。
本文详细研究了特征分析理论ˋ提出了一种新的基于自适应特征加权的特征选择方法ˋ并将其用于入侵特征的提取ˋ将属性选择技术和SVM分类有机地结合,有效地降低了算法的时间复杂度和空间复杂度ˋ改变了以往参数试值的局面?实验结果表明ˋ分类精度有了明显提高ˋ同时ˋ训练时间明显改善ˋ测试时间也有效减少ˋ使模型具有迅速响应的能力ˋ有效提高了入侵检测系统的准确性和实时性?
In view of the unknown security issues which the next generation internet may encounter,as well as the increasingly frequent distributed, multi-objective, multi-stage network attacks confronting us nowadays, it is imperative to enhance the detection efficiency and intelligence of Intrusion Detection System.
With the development of chaos theory and research on its applicationˋnonlinear time series analysis has become a major research hotspot of nonlinear information processing, and has been widely applied to interrelated engineering region. Studing the basic theories and general methods of chaotic time series analysis deeply and systematically, the method of chaotic time series analysis is proposed to predict alerm information, by which the chaos technology is applied to Intrusion Detection System successfully. Then we can optimize and update the eigenvector according to predicting the alarm information chaotic time series. The efficiency of identify the attack of existing eigenvector will not only be improved; many variation of the same attack method and new attack packets can also be identified by predicting new eigenvector.
Studing the basic theories and its application of Support Vector Machine deeply, we present a classification model based on SVM and complete the SVM’s binary classification and multi-class classification. Putting it into IDS, an intrusion detection model based on SVM is built. In combination with the feature of network traffic anomaly detection, we study the problem of feature selection in anomaly detection and the representative characteristic parameters of network traffic is proposed, such as the symmetry, protocol distribution, abnormal packet statistics as well as the length of packet statistics,with the data pre-processing method described. The experiment results show that the network anomaly detection based on SVM can not only detect a variety of high-intensity behavior of the scan effectively, but also has a lower FAR. Studying technology of feature analysis, a new method of feature selection based on adaptive feature weighted is presented, and it is applied into the intrusion feature selection with the technique of feature selection and the technique of SVM classification combined. The method can reduce the time complexity and space complexity and the situation of parameter trying is improved. The experiment results show that the detection precision rises obviously, meanwhile, the training time and the test time are also improved variously. The model has the ability to respond quickly, improving the accuracy and real-time effectively of the Intrusion Detection System.
引文
[1] C Williamson. Internet Traffice Measurement[J]. IEEE Internet Computing,2001,70-74
[2] Marina Fomenkov, Ken Keys, David Moore,et al,Longitudinal Study of Internet Traffic in 1998-2003[EB/OL], http://www.caida.org/out-reach/papers/2003/nlanr/.
[3]于新宇,基于网络异常流量的入侵检测系统研究[D],上海?上海交通大学,2006
[4] Cisco Systems Inc. NetFlow Services solutions Guide[EB/OL] , http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/nfwhite.htm
[5] MING-HSIANG T, A Dynamic Architecture for Distributing Geographic Information Services on the Internet[D], Colorado:University of Colorado,2001
[6]邹柏贤,刘强等,基于ARMA模型的网络流量预测[J],计算机研究与发展,2002,(12)
[7]段江娇,基于模型的时间序列数据挖掘[D],上海:复旦大学,2008,(03)
[8] A.D.Doulamis,N.D.Doulamisand5.D.Kollias,An Adaptable Neural-Network Model for Recursive Nonlinear Traffic Predietion and Modeling of MPEG Video Sources[J],IEEE Trans.on Neur.Netw.,2003,14(l):150-165
[9]卿斯汉,蒋建春,马恒太等,入侵检测技术研究综述,通信学报, 2004,25(7):20-29
[10] Katherine E.Price, Host-Based Misuse Detection and Conventional Operating Systems’Audit Data Collection,Master thesis,USA:Purdue University,1997,12
[11] T.F.Lunt, Detecting Intruders in Computer Systems, In:Proceeding of 1993 Conference on Auditing and Computer Technology,1993
[12] Jung Won Kim, Integrating Artificial Immune Algorithms for Intrusion Detection,PhD thesis,UK: Department of Computer Science,University of London,2002
[13] B.Mykerjee,L.T.Hberlein,K.N.Levitt. Network Intrusion Detection, IEEE Network,1994,8(3):26-41
[14] T.D.Garvery,T.F.Lunt. Model Based Intrusion Detection, In:Proeeeding of the 14th National Computer Security Conference, Washington,DC,October,1991:372-385
[15] C.Ko.Exeeution Monitoring of Security-Critical Programs in a Distributed System: A Specification-Based Approach. In: Proceeding of IEEE Symposium on Security and Privacy,1997,134-144
[16] K.Ilgu,R.A.Kemmerer,P.A.Porras. State Transition Analysis: Rule-Based Intrusion Detection Approach,IEEE Transactions on Software Engineering,1995,21(3):181-199
[17] N.Habra,B. Le Charlier,A.Mounji,et al,Software Architecture and Rule-Based Language for Universal Audit Trail Analysis,Proceeding of the Second European Symposium on Research in Computer Security(ESORICS),Toulouse,France,November,1992
[18] S.Kumar,Classification and Detection of Computer Intrusion,PhD thesis,USA: Department of Computer Science,Purdue University,August,1995
[19] [美]Rebeccca Gurley Bace著,陈明奇,吴秋新,张振涛等译,入侵检测.北京:人民邮电出版社,2001
[20] Javitx H.S.,Valdez A.,The SRI IDES Statistical Anomaly Detector, Proceeding of IEEE Symposium on Research in Security and Privacy. Oakland,CA,May,1991,316-376
[21] Anderson D.,T.F.Lunt,H.Javitz,et al,Detecting Unusual Program Behavior Using the Statistical Component of Next-generation Intrusion Detection Expert system(NIDES) , Technical Report SRI-CSL-95-96. Computer Science Laboratory,SRI Internaional. Menlo Park.CA. May,1995
[22] Linda Lankewiez and Mark Benard,Real-time Anomaly Detection Using a Nonparametric Pattern Recognition Approach,Proceedings of the Seventh Computer Security Applications Conference,SanAnionio,December,1991
[23] Linda Lankewiez. A Non-parametric Ppattern recognition to Anomaly Detection. PhD thesis,Tulane University,DePt.of Computer Science,1992
[24] Ye N.X. , A Scalable Clustering Techniques for Intrusion Signature Recognition,Proc of 2nd Amiual IEEE Systems,Man,and Cybernetics Information Assurance Workshop. West Point,NewYork. 2001
[25]罗敏,基于聚类和支持向量机的网络入侵检测研究:[D].武汉:武汉大学,2003
[26] Min Luo,Lina Wang,Huanguo Zhang,etc,A Research on Intrusion Detection Based on Unsupervised Clustering and Spport Vector Machine,Proceedings of Fifth Intematinal Conference on Information and Communications Security(ICICS’2003). Huhhot. Lecture Notes in Computer Science(LNCS Vol.2836),Springer-Verlag,2003,325-336
[27] Luo Min,Zhang Huan-guo,Wang Li-na,Research and Implementation of Unsupervised Clustering-Based Intrusion Detection,Wuhan University Journal of Natural Scienees,2003,18(3A):803-807
[28]罗敏,王丽娜,张焕国,基于无监督聚类的入侵检测方法,电子学报,2003,31(11):1713-1716
[29]刘勇国,元启发式聚类算法及其在入侵检测的应用研究[D],上海:上海交通大学,2005
[30]唐正军,李建华,入侵检测技术,北京:清华大学出版社,2004
[31] Debar H.,Becke M.,Siboni D. A,Neural Network Component for an Intrusion Detection System,Proceeding of the IEEE Computer Society Symposium on Researchin Security and Privacy.1992
[32] TanK,The Application of Neural Networks to UNIX Computer Security, Proceeding of the IEEE International Conference on Neural Networks,1995,1:476-481
[33] Cannady J.,Artificial Neural Networks for Misuse Detection,National Information Systems Security Conference(NISSC,98). Arlington,VA,Oetober,1998,l:443-456
[34] Ghosh A.,Schwartzbard A,A Study Using Neual Networks for Anomaly Detection and Misuse Detection,Proceeding of the Eighth USENIX Security Symposium,1999
[35] Richard P. , Lippmann and Robert K. , Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks, ComPuter Networks,2000,34(4):597-603
[36] Teng HS,Chen K,Lu S C-Y,Adaptive Real-time Anomaly Detection Using Induetively Generated Sequential Pattern,Proceedings of the IEEE Symposium on Security and Privacy,Oakland,CA,May,1990:278-284
[37] Forrest S,Hofmeyr S,Somayaji A.,Computer Immunology, Communieations of the ACM,1997,40(10):88-96
[42] A Chittur,Model Generation for an Intrusion Detection System Using Genetic Algorithms[EB/OL] , http://www.cs.columbia.edu/ids/publications/gaids-thesisol.pdf,2001-11
[43] L Wei,The Integration of Security Sensors into the Intelligent Inirusion Detection System(IIDS) in a Cluster Environment,Master’S Project Report. Department of Computer Science,Mississippi State University,2002.
[44] F Neri,C Borsalino,Comparing Local Search with Tespect to Genetci Evolution to Detect Intrusion in Computer Networks,Proceedings of the 2000 GCongress on Evolutionary Computation,2000,(l):238-243.
[45] M.Crosbie and E.Spafford , Applying Genetic Programming to Intrusion Detection,Proceedings of the AAAI,NOV1995:l-8.
[46] Lane T. and Brodley C.E.,Sequence Matching and Learning in Anomaly Detection for Computer Security,Proceeding of AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management , AAAI Press ,1997:43-49
[47] Lane,T. and Brodley,C.E. Approaches to Online Learning and Concept Drift for User Identification in Computer Security. In: Proceeding of The Fourth Intemational Conference on Knowledge Diseovery and Data Ming. NewYork,1998:259-263
[48] Lane T. and Brodley C.E.,Temporal Sequence Learning and Data Reduetion for Anomaly Detection,ACM Transactions on Computer Security,1999,2(3):295-331
[49] Lane T. and Brodley C.E.,Data Reduction Techniques for Instance-Based Learning from Human/Computer Inierface Data,Proceeding of the Seventeenth International Conference on Machine Learning. 2000:519-526
[50] Ilgun K.,Kemmerer A.,Porras P.,State Transition Analysis: A Rule-Based Intrusion Detection Approach,IEEE Transactions on Software Engineering,1995,21(3):181-199
[51] Ilgun K.,A Real-Time Intrusion Detection System for UNIX,Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. Oakland: CA. 1993:16-28
[52] Kemmerer R. , A Model-Based Realtime Network Inirusion Detection System[R] ,Technical Report TRCS97-18,Computer Science DeP.,University of California Santa Barbara,1997
[53] G Vigna,R.Kemmerer,A Network-Based Intrusion Detection Approach, Proceeding of the 14th Annual Computer Security Conference. Arizona,December,1998
[54] Sandeep Kumar,Spafford E H.,A Pattern Matching Model for Misuse Inirusion Detection,17th National Computer Security Conference. Baltimore,MD,Oetober,1994,11-21
[55] Kumar S. and Spafford E.H.,An Application of Pattern Matching in Inirusion Detection[R],Tech. ReP. CSD-TR-94-013,Department of Computer Sciences,Purdue University,West Lafayette,IN,June,1994
[56] Sandeep Kumar,Classification and Detection of Computer Inirusions,PhD Thesis,USA: DePartment of Computer Sciences,Purdue,1995
[57] Garvey T,Lunt T.,Model-Based Intrusion Detection,Proceedings of the 14th National Computer Security Conference,October,l991,372-385
[58]韩东海,王超,李群,入侵检测系统实例剖析,清华大学出版社,2002,4
[59]杨武,方滨兴,云晓春等.一种支持SMP的高性能入侵检测通信机制研究.通信学报,2004,25(l):100-109.
[60] B.B.Mandelbrot , The Fraetal Geometry of Nature[M] , Freeman: SanFranciseo,1982
[61] D.Ruelle and E. Takens,On the Nature of Turbulence[J],Commun. Math. Phys.,1971,20:167
[62] N.H.Packard, J.P.Crutchfield, J.D.Fanners,et al,Geometry from a Time Series[J],Phys Rev Lett,1980,45:712-716
[63] F.Takens,Deteeting Strange Attractors in Fluid Turbulence,Berlin:Springer,1981:366-381
[64] H.Kantz,T.Schreiber,Nonlinear Time Series Analysis (Second Edition)[M], Cambridge: Cambridge University Press,2003
[65] H.Whitney,Differentiable Manifolds[J],Ann.Math.,1936,37:645
[66] F.Takens , Singular-Value Deposition and Embedding Dimension[J] , Phys.Rev.A,1987,36:340.
[67] M. Sauer,R. Brown,H.D.1.Abarbanel.,Determining Embedding Dimension for Phase Reconstruction Using a Geometrical Reconstruction[J],Phys Rev A,1992,45:3403-3411
[68] M. Sauer,J.A. Yorke,M.Casdagli,Embedology [J],J.Stat.Phys.,1991,65:579.
[69] M. Casdagli,S. Eubank ,J.D. Farmer and J.E. Gibson,State Space Reconstruction in the Presence of Noise[J],Physica D,1991,51:52
[70] J.F. Gibson,J.D. Farmer,M. Casdagli and S. Eubank,An Analytic Approach to Practical State Space Reconstruction[J],Physica D,1992,57:l.
[71] A.M. Fraser and H.L. Swinney,Independent Coordinates for Strange Attractors from Mutual Information [J],Phys.Rev.A,1986,33:1134
[72] K. Shin,K. Hammond,P.R. Wllite,Iterative SVD Method for Noise Reduction of Low-Dimensional Chaotic Time Series[J],Mecha.Syst.and Sign.Proce.,1999,13(l):115-124.
[73] J.D. Farmer,E. Ott and J.A. Yorke,The Dimension of Chaotic Attractors,Physica D7(198.3)pp.153
[74] H.S. Greenside,A. Wolf,J. Swift and T. Pignataro,Impracticality of a Boxcounting Algorithm for Calculating the Dimensionality of Strange Attractors,Fhys.Rev.A 25(1982)pp.3454
[75] P.Grassberger,Generlized Dimensions of Strange Attractors, Phys.lett.A97(1983) pp.227
[76] H.G.E. Hentschel and I. Procaccia,The Infinite Number of Generalized Dimensions of Fractals and Strange Attractors,Physica D 8(1983) pp.435
[77] P. Grassberger,I. Procaccia,Measuring the Strangeness of Strange Attractors,Phys D,1983,9:189-208
[78]王安良,杨春信,评价奇怪吸引子分形特征的Grassberger一Procaccia算法.物理学报,.2002,51(12):2719-2728
[79]党建武,黄建国,基于G.P算法的关联维计算中参数取值的研究,计算机应用研究.2004,(01):48-51
[80]李夕海,刘代志,张斌等,基于重采样的混沌时间序列相空间重构研究.信号处理. 2006,22(02):248-251
[81]王青.关联维数计算的方法研究.天津理工学院学报. 2005 ,20(04):62-65.
[82]周越,杨杰,求解关联维数的快速算法研究,电子学报, 2002 ,30(10):1526-1529
[83]温晓通,孟丽艳,朱劲松等,一种非线性时间序列的关联维数快速算法,北京师范大学学报(自然科学版), 2005,41(04):358-361
[84] M. Ding,C. Grebogi,E. Ott,T. Sauer,and J.A. Yorke,Plateau Onset for Correlation Dimension:When Does It Occur?[J],Phys.Rev.Lett.,1993,70(25):3872-3875
[85] P. Grassberger,I. Procaccia,Characterisation of Strange Attractors[J],Phys Rev Lett,1983,50:346-349
[86] J.P. Eekmann and D. Ruelle , Fundamental Limitations for Estimating Dimensions and LyaPunov Exponents in Dynamical Systems[J],Physica D,1992,56:185.
[87] A.R. osbome and A. Provenzale,Finite Correlation Dimension for Stochastic Systems with Power-Law Spectra[J],Physiea D,1989,35(3):357-381.
[88] P.E. Rapp,A.M. Albano,T.I. Schmah,L.A. Farwell,Filtered Noise Can Mimic Low-Dimensional Chaotic Attractors[J],Phys.Rev.E,1993,47(4):2289-2297
[89] D.S. Broomhead , G.P. King , Extraeting Qualitative Dynamies from Expenmental Data[J],Physiea D,1986,20:217-236
[90] K. Hammond,P.R. Wllite,Surrogate Time Method of Low-Dimensional Chaotic Time Series[J],Sign.Proce,1999,13(3):125-136
[91] P.E.Rapp,L.S.Jennings,Surrogate Data Study of Chaotic Time Series,[J]. Phys.Rev.A,1989,42:360
[92] A.M.Fraser. Reconstrueting Attractors from Sealar Time Series:A Comparison of Singular System and Redundancy Criteria,[J]. Physica D,1989,34:391
[93] T. Schreiber,A. SebrnitZ,Surrogate Time Series[J],Physica D,2000,142:346-387
[94] A. Wolf,J.B. Swift,H.L. Swinney,et al,Determining Lyapunou Exponents from Time Series,Physica D,1985,16(2):285-317
[95] M.T. Rosenstein,J.J. Collins,L.C. De,A Practical Method for Calculating Largest Lyapunov Exponents from Small Data Sets,Physica D:Nonlinear Phenomena.1993,65(1-2):117-134.
[96] N.Tanaka,H.Okamoto and M.Naito,Esthaating the Active Dimension of the Dynamics in a Time Series Based on an Information Criterion[J],Physica D,2001,158(l):19-31
[97] M. Kermel,R. Brown,H.D.I. Abarbanel,Detennining Embedding Dimension for Phase Reconstruction Using a Geometrical Reconstruction[J],Phys Rev A,1992,45:3403-3411
[98] M.T. Rosenstrein,J.J. Collis and C.J. De luca,A Practical Mthod for Calculating Largest Lyapunov Exponents from Small Data Sets,Physica D,1993,65:117-134.
[99]陈惠民,蔡弘,李衍达,自相似业务?基于多分辩率采样和小波分析的Hurst参数估计方法[J].电子学报,1998,7.
[100] V. Paxson,S. Floyd,Wide Area Traffic: The Failure of Possion Modeling[J], IEEE/ACM Trans on Networking. 1995,3(3):226-244
[101]谭晓玲,梅成刚,刘兰,网络业务流的自相似特性研究[J],现代计算机,2005.8.
[102]吴美美.网络流量特性分析及预测研究[D],天津:天津大学,2008
[103]乔芃喆. Snort-轻量级网络入侵检测系统,郑州牧业工程高等专科学校学报,2006,5(26):35-36
[104]宋劲松,网络入侵检测分析,发现和报告攻击,北京:国防工业出版社,2004:116-122
[105] A.F. Arboleda,Snort Development Diagrams [EB/OL] , http://afrodita.unicauca.edu.co/~cbedon/snort/snortdevdiagrams.pdf. ,2005.04.14.
[106] M. Sebring,Expert System in Intrusion,Proceedings of the 11th National Computer Security Conference,Washington,1988:74-81
[107] Cannady,Artificial Neural Networks for Misuse Detection,Proceedings of the 21st National Information Systems Security Conference,Arlington,1998:5-8.
[108] W. Lee,S. Stolfo,Data Mining Approaches for Instrusion Detection, http://www.usenix.org/publications/library/proceedings/. 2005
[109] S.A. Hofmeyr,S. Forrest. Immunity by Design,An Artificial Immune System , Proceedings of the Genetic and Evolutionary Computation Conference. Francisco,2004:1289-1296.
[110] Sinclair , An Application of Machine Learning to Network Intrusion Detection[C],Proceedings of the 15th Annual Computer Security Applications Conference,2003
[111] Maloof, Selecting Examples for Partial Memory Learning[J] , Machine Learning,2000,41(1):27-52
[112] Nasraoui,Gonzalez,A Scalable Artificial Immune System Model for Dynamic Unsupervised Learning[C],Proc of GECCO’03,Chcago,USA,2003:219-230.
[113] Agarwal,Joshi,A New Framework for Learning Classifier Models in Data Mining(A Case-Study in Network Intrusion Detection)[C],Proc of the 1th SIAM Int Conf on Data Mining,2003
[114] Nasamui,Dasgupta. A Novel Artificial Immune System Approach to Robust Data Miming[C],Proc of GECCO’02,New York. 2002:256-363.
[115] Wenke Lee,J Stolfo,A Frammework for Constructing Features and Moddels for Intrusion Detction System. Information and System,Security,2000(4): 227-261
[116]谭小彬,王卫平,计算机系统入侵检测的隐马尔可夫模型[J],计算机研究与发展,2003,40(2):245-250
[117] J.D. Farmer,J.J. Sidorowich,Predicting Chaotic Time Series,Physical Review Letters,1987,59(8):845-848
[118]袁坚,混沌理论及其在电子工程中的应用研究[D],四川:电子科技大学,1997
[119] T.Y. Li,J.A. York,Period Three Implies Chaos,Amer,Math,Monthly,1975,(82):985-992.
[120] Kristopher Kendall,A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems,Department of Electrical Engineering and Computer Science,May 21, 1999
[121] A. Smola , Regression Estimation with Support Vector Learning Machines[M.S.dissertation],Technology University of Munchen,1996.
[122]吴建平,杨星卫,遥感数据监督分类中训练样本的纯化[J],国土资源遥感,1996,26(2):36-41
[123]田盛丰,黄厚宽,李洪波,基于支持向量机的手写体相似字识别[J],中文信息学报.2000,14(3):37-41
[124] YAO Yu,YU Ge,GAO Fu-xiang,A Neural Network Approach for Misuse and Anomaly Intrusion Deteetion,Wuhan University Journal of Natural Sciences,2005,10(1): 115-118
[125] N. Cristianini and J. Shawe-Taylor,An Introduction to Support Vector Machines and Other Kernel methods, Cambridge University Press,UK,2000
[126] A. Smola and B. Schǎkopf, On a Kernel-Based Method for Pattern Recognition , Regression , Approximation and operator in version. Algorithmica,1998,22:211-231
[127] V. Vapnik,Statistical Learning Theory,Wiley,1998
[128]李辉,管晓宏,咎鑫,韩崇昭,基于几支持向量机的网络入侵检测,计算机研究与发展, 2003,40(6):799-808
[129]柳金甫,应用随机过程,北京:中国铁道出版社,2000
[130]许劲松,覃俊,一种基于支持向量机的入侵检测模型,计算机仿真, 2005,5(4):43-46
[131] Wun-Hwa Chen,Sheng-Hsun Hsu,Hwang-Pin Shen,Applieation of SVM and ANN for intrusion detection,Computers&Operations Research,2005,32(2):2617-2634
[132] BarbaraDaniel, WuNingning, JajodiaSushil, Detecting Novel Network Intrusions Using Bayes Estimators. In Proceedings of the 1st SIAM International Conference on Data Mining(SDM’01),2001
[133] NelloCristianini,John Shawe-Tayor,支持向量机导论,李国正,王猛,曾华军译,北京:电子工业出版社,2004
[134]边肇祺,张学工,模式识别(第二版)[M],北京:清华大学出版社,2000.1
[135]杜树新,吴铁军,模式识别中的支持向量机方法[J],浙江大学学报(工学版), 2003,37(5) : 521-527
[136] N.Aronszajn,Theory of Reproducing Kernels,Transactions of the American Mathematical Society,1950,68(l):337-404
[137] ColinCampbell,An Introduction to Kernel Methods,Radial Basis Function Networks: Design and applications,2000,2(1):45-56
[138]薛毅,最优化原理与方法,北京:北京工业大学出版社,2003.
[139]邓乃扬,田英杰,数据挖掘中的新方法-支持向量机,北京:科学出版社,2004.
[140] B. Scholkopf,A. Smola,R.C. Williamson,et al,New support Vector Algorithms, Neural Computation,2000,12(5):1207-1245
[141] C.C. Chang,C.J. Lin, Training v-Support Vector Classifiers:Theory and Algorithms,Neural Computation,2001,13:2119-2147
[142] D.Tax,R.Duin,Data Domain Description by Support vector,Proceedings of ESANN,1999:251-256
[143]罗守山,入侵检测,北京:北京邮电大学出版社,2004,4
[144] Jon Postel,DARPA,Transmission Control Protocol,DARPA Internet Program Protocol Specif ication[C] , Cacifornia: Information Sciences Institute ,1981,7 -52
[145] Licoln Laboratory, Massachusetts Institute of Technology,DARPA Intrusion Detection Evaluation[ EB/ OL ], http:// www1ll1mit1edu/ IST/ideval/index.html , 2003-09-16
[146]温志贤,李小勇,基于支持向量机的网络流量异常检测[J],西北师范大学学报,2005(3)
[147] Tanenbaum A S,计算机网络(第四版)[M] ,潘爱民译,北京:清华大学出版社,2004:437-472.
[148]陈硕,安常青,李学农,分布式入侵检测系统及其认知能力[J],软件学报. 2001,2:225-232
[149]柴志成,一种基于SVM的网络异常流量检测新方法[J],贵阳学院学报,2008(3):23-26.
[150]程光,龚俭,丁伟,基于抽样测量的高速网络实时异常检测模型[J],软件学报, 2003,14:594-599
[151] S. Mukkamala,G.I. Janoski and A.H. Sung,Intrusion Detection Using Support Vector Machines,In Proceedings of the High Performance Computing SymPosium,April 2002:178~183.
[152] S. Sigmoid, Sung A.H. , Artificial Intelligent Techniques for Intrusion Detection[C],2003 Page(s):1266 - 1271 vol.
[153]王学民,应用多元分析[M],上海?上海财经大学出版社,2009.
[154]朱建平,应用多元统计分析[M],北京?科学出版社,2006.
[155] Isabelle Gyuon,Andre Elisseeff,An Introduction to Variable and Feature Selection,Journal of Machine Learning Research,Mar. 2003:1157-1182
[156] H S. Andrew,Identify Important Features for Intrusion Ddetection Using Support Vector Machines and Neural Networks,IEEE Proceedings of the 2003 Symposium on Application and the Internet,2003:209-217
[2] Marina Fomenkov, Ken Keys, David Moore,et al,Longitudinal Study of Internet Traffic in 1998-2003[EB/OL], http://www.caida.org/out-reach/papers/2003/nlanr/.
[3]于新宇,基于网络异常流量的入侵检测系统研究[D],上海?上海交通大学,2006
[4] Cisco Systems Inc. NetFlow Services solutions Guide[EB/OL] , http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/nfwhite.htm
[5] MING-HSIANG T, A Dynamic Architecture for Distributing Geographic Information Services on the Internet[D], Colorado:University of Colorado,2001
[6]邹柏贤,刘强等,基于ARMA模型的网络流量预测[J],计算机研究与发展,2002,(12)
[7]段江娇,基于模型的时间序列数据挖掘[D],上海:复旦大学,2008,(03)
[8] A.D.Doulamis,N.D.Doulamisand5.D.Kollias,An Adaptable Neural-Network Model for Recursive Nonlinear Traffic Predietion and Modeling of MPEG Video Sources[J],IEEE Trans.on Neur.Netw.,2003,14(l):150-165
[9]卿斯汉,蒋建春,马恒太等,入侵检测技术研究综述,通信学报, 2004,25(7):20-29
[10] Katherine E.Price, Host-Based Misuse Detection and Conventional Operating Systems’Audit Data Collection,Master thesis,USA:Purdue University,1997,12
[11] T.F.Lunt, Detecting Intruders in Computer Systems, In:Proceeding of 1993 Conference on Auditing and Computer Technology,1993
[12] Jung Won Kim, Integrating Artificial Immune Algorithms for Intrusion Detection,PhD thesis,UK: Department of Computer Science,University of London,2002
[13] B.Mykerjee,L.T.Hberlein,K.N.Levitt. Network Intrusion Detection, IEEE Network,1994,8(3):26-41
[14] T.D.Garvery,T.F.Lunt. Model Based Intrusion Detection, In:Proeeeding of the 14th National Computer Security Conference, Washington,DC,October,1991:372-385
[15] C.Ko.Exeeution Monitoring of Security-Critical Programs in a Distributed System: A Specification-Based Approach. In: Proceeding of IEEE Symposium on Security and Privacy,1997,134-144
[16] K.Ilgu,R.A.Kemmerer,P.A.Porras. State Transition Analysis: Rule-Based Intrusion Detection Approach,IEEE Transactions on Software Engineering,1995,21(3):181-199
[17] N.Habra,B. Le Charlier,A.Mounji,et al,Software Architecture and Rule-Based Language for Universal Audit Trail Analysis,Proceeding of the Second European Symposium on Research in Computer Security(ESORICS),Toulouse,France,November,1992
[18] S.Kumar,Classification and Detection of Computer Intrusion,PhD thesis,USA: Department of Computer Science,Purdue University,August,1995
[19] [美]Rebeccca Gurley Bace著,陈明奇,吴秋新,张振涛等译,入侵检测.北京:人民邮电出版社,2001
[20] Javitx H.S.,Valdez A.,The SRI IDES Statistical Anomaly Detector, Proceeding of IEEE Symposium on Research in Security and Privacy. Oakland,CA,May,1991,316-376
[21] Anderson D.,T.F.Lunt,H.Javitz,et al,Detecting Unusual Program Behavior Using the Statistical Component of Next-generation Intrusion Detection Expert system(NIDES) , Technical Report SRI-CSL-95-96. Computer Science Laboratory,SRI Internaional. Menlo Park.CA. May,1995
[22] Linda Lankewiez and Mark Benard,Real-time Anomaly Detection Using a Nonparametric Pattern Recognition Approach,Proceedings of the Seventh Computer Security Applications Conference,SanAnionio,December,1991
[23] Linda Lankewiez. A Non-parametric Ppattern recognition to Anomaly Detection. PhD thesis,Tulane University,DePt.of Computer Science,1992
[24] Ye N.X. , A Scalable Clustering Techniques for Intrusion Signature Recognition,Proc of 2nd Amiual IEEE Systems,Man,and Cybernetics Information Assurance Workshop. West Point,NewYork. 2001
[25]罗敏,基于聚类和支持向量机的网络入侵检测研究:[D].武汉:武汉大学,2003
[26] Min Luo,Lina Wang,Huanguo Zhang,etc,A Research on Intrusion Detection Based on Unsupervised Clustering and Spport Vector Machine,Proceedings of Fifth Intematinal Conference on Information and Communications Security(ICICS’2003). Huhhot. Lecture Notes in Computer Science(LNCS Vol.2836),Springer-Verlag,2003,325-336
[27] Luo Min,Zhang Huan-guo,Wang Li-na,Research and Implementation of Unsupervised Clustering-Based Intrusion Detection,Wuhan University Journal of Natural Scienees,2003,18(3A):803-807
[28]罗敏,王丽娜,张焕国,基于无监督聚类的入侵检测方法,电子学报,2003,31(11):1713-1716
[29]刘勇国,元启发式聚类算法及其在入侵检测的应用研究[D],上海:上海交通大学,2005
[30]唐正军,李建华,入侵检测技术,北京:清华大学出版社,2004
[31] Debar H.,Becke M.,Siboni D. A,Neural Network Component for an Intrusion Detection System,Proceeding of the IEEE Computer Society Symposium on Researchin Security and Privacy.1992
[32] TanK,The Application of Neural Networks to UNIX Computer Security, Proceeding of the IEEE International Conference on Neural Networks,1995,1:476-481
[33] Cannady J.,Artificial Neural Networks for Misuse Detection,National Information Systems Security Conference(NISSC,98). Arlington,VA,Oetober,1998,l:443-456
[34] Ghosh A.,Schwartzbard A,A Study Using Neual Networks for Anomaly Detection and Misuse Detection,Proceeding of the Eighth USENIX Security Symposium,1999
[35] Richard P. , Lippmann and Robert K. , Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks, ComPuter Networks,2000,34(4):597-603
[36] Teng HS,Chen K,Lu S C-Y,Adaptive Real-time Anomaly Detection Using Induetively Generated Sequential Pattern,Proceedings of the IEEE Symposium on Security and Privacy,Oakland,CA,May,1990:278-284
[37] Forrest S,Hofmeyr S,Somayaji A.,Computer Immunology, Communieations of the ACM,1997,40(10):88-96
[42] A Chittur,Model Generation for an Intrusion Detection System Using Genetic Algorithms[EB/OL] , http://www.cs.columbia.edu/ids/publications/gaids-thesisol.pdf,2001-11
[43] L Wei,The Integration of Security Sensors into the Intelligent Inirusion Detection System(IIDS) in a Cluster Environment,Master’S Project Report. Department of Computer Science,Mississippi State University,2002.
[44] F Neri,C Borsalino,Comparing Local Search with Tespect to Genetci Evolution to Detect Intrusion in Computer Networks,Proceedings of the 2000 GCongress on Evolutionary Computation,2000,(l):238-243.
[45] M.Crosbie and E.Spafford , Applying Genetic Programming to Intrusion Detection,Proceedings of the AAAI,NOV1995:l-8.
[46] Lane T. and Brodley C.E.,Sequence Matching and Learning in Anomaly Detection for Computer Security,Proceeding of AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management , AAAI Press ,1997:43-49
[47] Lane,T. and Brodley,C.E. Approaches to Online Learning and Concept Drift for User Identification in Computer Security. In: Proceeding of The Fourth Intemational Conference on Knowledge Diseovery and Data Ming. NewYork,1998:259-263
[48] Lane T. and Brodley C.E.,Temporal Sequence Learning and Data Reduetion for Anomaly Detection,ACM Transactions on Computer Security,1999,2(3):295-331
[49] Lane T. and Brodley C.E.,Data Reduction Techniques for Instance-Based Learning from Human/Computer Inierface Data,Proceeding of the Seventeenth International Conference on Machine Learning. 2000:519-526
[50] Ilgun K.,Kemmerer A.,Porras P.,State Transition Analysis: A Rule-Based Intrusion Detection Approach,IEEE Transactions on Software Engineering,1995,21(3):181-199
[51] Ilgun K.,A Real-Time Intrusion Detection System for UNIX,Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. Oakland: CA. 1993:16-28
[52] Kemmerer R. , A Model-Based Realtime Network Inirusion Detection System[R] ,Technical Report TRCS97-18,Computer Science DeP.,University of California Santa Barbara,1997
[53] G Vigna,R.Kemmerer,A Network-Based Intrusion Detection Approach, Proceeding of the 14th Annual Computer Security Conference. Arizona,December,1998
[54] Sandeep Kumar,Spafford E H.,A Pattern Matching Model for Misuse Inirusion Detection,17th National Computer Security Conference. Baltimore,MD,Oetober,1994,11-21
[55] Kumar S. and Spafford E.H.,An Application of Pattern Matching in Inirusion Detection[R],Tech. ReP. CSD-TR-94-013,Department of Computer Sciences,Purdue University,West Lafayette,IN,June,1994
[56] Sandeep Kumar,Classification and Detection of Computer Inirusions,PhD Thesis,USA: DePartment of Computer Sciences,Purdue,1995
[57] Garvey T,Lunt T.,Model-Based Intrusion Detection,Proceedings of the 14th National Computer Security Conference,October,l991,372-385
[58]韩东海,王超,李群,入侵检测系统实例剖析,清华大学出版社,2002,4
[59]杨武,方滨兴,云晓春等.一种支持SMP的高性能入侵检测通信机制研究.通信学报,2004,25(l):100-109.
[60] B.B.Mandelbrot , The Fraetal Geometry of Nature[M] , Freeman: SanFranciseo,1982
[61] D.Ruelle and E. Takens,On the Nature of Turbulence[J],Commun. Math. Phys.,1971,20:167
[62] N.H.Packard, J.P.Crutchfield, J.D.Fanners,et al,Geometry from a Time Series[J],Phys Rev Lett,1980,45:712-716
[63] F.Takens,Deteeting Strange Attractors in Fluid Turbulence,Berlin:Springer,1981:366-381
[64] H.Kantz,T.Schreiber,Nonlinear Time Series Analysis (Second Edition)[M], Cambridge: Cambridge University Press,2003
[65] H.Whitney,Differentiable Manifolds[J],Ann.Math.,1936,37:645
[66] F.Takens , Singular-Value Deposition and Embedding Dimension[J] , Phys.Rev.A,1987,36:340.
[67] M. Sauer,R. Brown,H.D.1.Abarbanel.,Determining Embedding Dimension for Phase Reconstruction Using a Geometrical Reconstruction[J],Phys Rev A,1992,45:3403-3411
[68] M. Sauer,J.A. Yorke,M.Casdagli,Embedology [J],J.Stat.Phys.,1991,65:579.
[69] M. Casdagli,S. Eubank ,J.D. Farmer and J.E. Gibson,State Space Reconstruction in the Presence of Noise[J],Physica D,1991,51:52
[70] J.F. Gibson,J.D. Farmer,M. Casdagli and S. Eubank,An Analytic Approach to Practical State Space Reconstruction[J],Physica D,1992,57:l.
[71] A.M. Fraser and H.L. Swinney,Independent Coordinates for Strange Attractors from Mutual Information [J],Phys.Rev.A,1986,33:1134
[72] K. Shin,K. Hammond,P.R. Wllite,Iterative SVD Method for Noise Reduction of Low-Dimensional Chaotic Time Series[J],Mecha.Syst.and Sign.Proce.,1999,13(l):115-124.
[73] J.D. Farmer,E. Ott and J.A. Yorke,The Dimension of Chaotic Attractors,Physica D7(198.3)pp.153
[74] H.S. Greenside,A. Wolf,J. Swift and T. Pignataro,Impracticality of a Boxcounting Algorithm for Calculating the Dimensionality of Strange Attractors,Fhys.Rev.A 25(1982)pp.3454
[75] P.Grassberger,Generlized Dimensions of Strange Attractors, Phys.lett.A97(1983) pp.227
[76] H.G.E. Hentschel and I. Procaccia,The Infinite Number of Generalized Dimensions of Fractals and Strange Attractors,Physica D 8(1983) pp.435
[77] P. Grassberger,I. Procaccia,Measuring the Strangeness of Strange Attractors,Phys D,1983,9:189-208
[78]王安良,杨春信,评价奇怪吸引子分形特征的Grassberger一Procaccia算法.物理学报,.2002,51(12):2719-2728
[79]党建武,黄建国,基于G.P算法的关联维计算中参数取值的研究,计算机应用研究.2004,(01):48-51
[80]李夕海,刘代志,张斌等,基于重采样的混沌时间序列相空间重构研究.信号处理. 2006,22(02):248-251
[81]王青.关联维数计算的方法研究.天津理工学院学报. 2005 ,20(04):62-65.
[82]周越,杨杰,求解关联维数的快速算法研究,电子学报, 2002 ,30(10):1526-1529
[83]温晓通,孟丽艳,朱劲松等,一种非线性时间序列的关联维数快速算法,北京师范大学学报(自然科学版), 2005,41(04):358-361
[84] M. Ding,C. Grebogi,E. Ott,T. Sauer,and J.A. Yorke,Plateau Onset for Correlation Dimension:When Does It Occur?[J],Phys.Rev.Lett.,1993,70(25):3872-3875
[85] P. Grassberger,I. Procaccia,Characterisation of Strange Attractors[J],Phys Rev Lett,1983,50:346-349
[86] J.P. Eekmann and D. Ruelle , Fundamental Limitations for Estimating Dimensions and LyaPunov Exponents in Dynamical Systems[J],Physica D,1992,56:185.
[87] A.R. osbome and A. Provenzale,Finite Correlation Dimension for Stochastic Systems with Power-Law Spectra[J],Physiea D,1989,35(3):357-381.
[88] P.E. Rapp,A.M. Albano,T.I. Schmah,L.A. Farwell,Filtered Noise Can Mimic Low-Dimensional Chaotic Attractors[J],Phys.Rev.E,1993,47(4):2289-2297
[89] D.S. Broomhead , G.P. King , Extraeting Qualitative Dynamies from Expenmental Data[J],Physiea D,1986,20:217-236
[90] K. Hammond,P.R. Wllite,Surrogate Time Method of Low-Dimensional Chaotic Time Series[J],Sign.Proce,1999,13(3):125-136
[91] P.E.Rapp,L.S.Jennings,Surrogate Data Study of Chaotic Time Series,[J]. Phys.Rev.A,1989,42:360
[92] A.M.Fraser. Reconstrueting Attractors from Sealar Time Series:A Comparison of Singular System and Redundancy Criteria,[J]. Physica D,1989,34:391
[93] T. Schreiber,A. SebrnitZ,Surrogate Time Series[J],Physica D,2000,142:346-387
[94] A. Wolf,J.B. Swift,H.L. Swinney,et al,Determining Lyapunou Exponents from Time Series,Physica D,1985,16(2):285-317
[95] M.T. Rosenstein,J.J. Collins,L.C. De,A Practical Method for Calculating Largest Lyapunov Exponents from Small Data Sets,Physica D:Nonlinear Phenomena.1993,65(1-2):117-134.
[96] N.Tanaka,H.Okamoto and M.Naito,Esthaating the Active Dimension of the Dynamics in a Time Series Based on an Information Criterion[J],Physica D,2001,158(l):19-31
[97] M. Kermel,R. Brown,H.D.I. Abarbanel,Detennining Embedding Dimension for Phase Reconstruction Using a Geometrical Reconstruction[J],Phys Rev A,1992,45:3403-3411
[98] M.T. Rosenstrein,J.J. Collis and C.J. De luca,A Practical Mthod for Calculating Largest Lyapunov Exponents from Small Data Sets,Physica D,1993,65:117-134.
[99]陈惠民,蔡弘,李衍达,自相似业务?基于多分辩率采样和小波分析的Hurst参数估计方法[J].电子学报,1998,7.
[100] V. Paxson,S. Floyd,Wide Area Traffic: The Failure of Possion Modeling[J], IEEE/ACM Trans on Networking. 1995,3(3):226-244
[101]谭晓玲,梅成刚,刘兰,网络业务流的自相似特性研究[J],现代计算机,2005.8.
[102]吴美美.网络流量特性分析及预测研究[D],天津:天津大学,2008
[103]乔芃喆. Snort-轻量级网络入侵检测系统,郑州牧业工程高等专科学校学报,2006,5(26):35-36
[104]宋劲松,网络入侵检测分析,发现和报告攻击,北京:国防工业出版社,2004:116-122
[105] A.F. Arboleda,Snort Development Diagrams [EB/OL] , http://afrodita.unicauca.edu.co/~cbedon/snort/snortdevdiagrams.pdf. ,2005.04.14.
[106] M. Sebring,Expert System in Intrusion,Proceedings of the 11th National Computer Security Conference,Washington,1988:74-81
[107] Cannady,Artificial Neural Networks for Misuse Detection,Proceedings of the 21st National Information Systems Security Conference,Arlington,1998:5-8.
[108] W. Lee,S. Stolfo,Data Mining Approaches for Instrusion Detection, http://www.usenix.org/publications/library/proceedings/. 2005
[109] S.A. Hofmeyr,S. Forrest. Immunity by Design,An Artificial Immune System , Proceedings of the Genetic and Evolutionary Computation Conference. Francisco,2004:1289-1296.
[110] Sinclair , An Application of Machine Learning to Network Intrusion Detection[C],Proceedings of the 15th Annual Computer Security Applications Conference,2003
[111] Maloof, Selecting Examples for Partial Memory Learning[J] , Machine Learning,2000,41(1):27-52
[112] Nasraoui,Gonzalez,A Scalable Artificial Immune System Model for Dynamic Unsupervised Learning[C],Proc of GECCO’03,Chcago,USA,2003:219-230.
[113] Agarwal,Joshi,A New Framework for Learning Classifier Models in Data Mining(A Case-Study in Network Intrusion Detection)[C],Proc of the 1th SIAM Int Conf on Data Mining,2003
[114] Nasamui,Dasgupta. A Novel Artificial Immune System Approach to Robust Data Miming[C],Proc of GECCO’02,New York. 2002:256-363.
[115] Wenke Lee,J Stolfo,A Frammework for Constructing Features and Moddels for Intrusion Detction System. Information and System,Security,2000(4): 227-261
[116]谭小彬,王卫平,计算机系统入侵检测的隐马尔可夫模型[J],计算机研究与发展,2003,40(2):245-250
[117] J.D. Farmer,J.J. Sidorowich,Predicting Chaotic Time Series,Physical Review Letters,1987,59(8):845-848
[118]袁坚,混沌理论及其在电子工程中的应用研究[D],四川:电子科技大学,1997
[119] T.Y. Li,J.A. York,Period Three Implies Chaos,Amer,Math,Monthly,1975,(82):985-992.
[120] Kristopher Kendall,A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems,Department of Electrical Engineering and Computer Science,May 21, 1999
[121] A. Smola , Regression Estimation with Support Vector Learning Machines[M.S.dissertation],Technology University of Munchen,1996.
[122]吴建平,杨星卫,遥感数据监督分类中训练样本的纯化[J],国土资源遥感,1996,26(2):36-41
[123]田盛丰,黄厚宽,李洪波,基于支持向量机的手写体相似字识别[J],中文信息学报.2000,14(3):37-41
[124] YAO Yu,YU Ge,GAO Fu-xiang,A Neural Network Approach for Misuse and Anomaly Intrusion Deteetion,Wuhan University Journal of Natural Sciences,2005,10(1): 115-118
[125] N. Cristianini and J. Shawe-Taylor,An Introduction to Support Vector Machines and Other Kernel methods, Cambridge University Press,UK,2000
[126] A. Smola and B. Schǎkopf, On a Kernel-Based Method for Pattern Recognition , Regression , Approximation and operator in version. Algorithmica,1998,22:211-231
[127] V. Vapnik,Statistical Learning Theory,Wiley,1998
[128]李辉,管晓宏,咎鑫,韩崇昭,基于几支持向量机的网络入侵检测,计算机研究与发展, 2003,40(6):799-808
[129]柳金甫,应用随机过程,北京:中国铁道出版社,2000
[130]许劲松,覃俊,一种基于支持向量机的入侵检测模型,计算机仿真, 2005,5(4):43-46
[131] Wun-Hwa Chen,Sheng-Hsun Hsu,Hwang-Pin Shen,Applieation of SVM and ANN for intrusion detection,Computers&Operations Research,2005,32(2):2617-2634
[132] BarbaraDaniel, WuNingning, JajodiaSushil, Detecting Novel Network Intrusions Using Bayes Estimators. In Proceedings of the 1st SIAM International Conference on Data Mining(SDM’01),2001
[133] NelloCristianini,John Shawe-Tayor,支持向量机导论,李国正,王猛,曾华军译,北京:电子工业出版社,2004
[134]边肇祺,张学工,模式识别(第二版)[M],北京:清华大学出版社,2000.1
[135]杜树新,吴铁军,模式识别中的支持向量机方法[J],浙江大学学报(工学版), 2003,37(5) : 521-527
[136] N.Aronszajn,Theory of Reproducing Kernels,Transactions of the American Mathematical Society,1950,68(l):337-404
[137] ColinCampbell,An Introduction to Kernel Methods,Radial Basis Function Networks: Design and applications,2000,2(1):45-56
[138]薛毅,最优化原理与方法,北京:北京工业大学出版社,2003.
[139]邓乃扬,田英杰,数据挖掘中的新方法-支持向量机,北京:科学出版社,2004.
[140] B. Scholkopf,A. Smola,R.C. Williamson,et al,New support Vector Algorithms, Neural Computation,2000,12(5):1207-1245
[141] C.C. Chang,C.J. Lin, Training v-Support Vector Classifiers:Theory and Algorithms,Neural Computation,2001,13:2119-2147
[142] D.Tax,R.Duin,Data Domain Description by Support vector,Proceedings of ESANN,1999:251-256
[143]罗守山,入侵检测,北京:北京邮电大学出版社,2004,4
[144] Jon Postel,DARPA,Transmission Control Protocol,DARPA Internet Program Protocol Specif ication[C] , Cacifornia: Information Sciences Institute ,1981,7 -52
[145] Licoln Laboratory, Massachusetts Institute of Technology,DARPA Intrusion Detection Evaluation[ EB/ OL ], http:// www1ll1mit1edu/ IST/ideval/index.html , 2003-09-16
[146]温志贤,李小勇,基于支持向量机的网络流量异常检测[J],西北师范大学学报,2005(3)
[147] Tanenbaum A S,计算机网络(第四版)[M] ,潘爱民译,北京:清华大学出版社,2004:437-472.
[148]陈硕,安常青,李学农,分布式入侵检测系统及其认知能力[J],软件学报. 2001,2:225-232
[149]柴志成,一种基于SVM的网络异常流量检测新方法[J],贵阳学院学报,2008(3):23-26.
[150]程光,龚俭,丁伟,基于抽样测量的高速网络实时异常检测模型[J],软件学报, 2003,14:594-599
[151] S. Mukkamala,G.I. Janoski and A.H. Sung,Intrusion Detection Using Support Vector Machines,In Proceedings of the High Performance Computing SymPosium,April 2002:178~183.
[152] S. Sigmoid, Sung A.H. , Artificial Intelligent Techniques for Intrusion Detection[C],2003 Page(s):1266 - 1271 vol.
[153]王学民,应用多元分析[M],上海?上海财经大学出版社,2009.
[154]朱建平,应用多元统计分析[M],北京?科学出版社,2006.
[155] Isabelle Gyuon,Andre Elisseeff,An Introduction to Variable and Feature Selection,Journal of Machine Learning Research,Mar. 2003:1157-1182
[156] H S. Andrew,Identify Important Features for Intrusion Ddetection Using Support Vector Machines and Neural Networks,IEEE Proceedings of the 2003 Symposium on Application and the Internet,2003:209-217