基于人工免疫的入侵检测方法研究
|
摘要
随着计算机网络的广泛应用,人们越来越重视网络安全问题。入侵检测是信息安全保护体系中的一个重要组成部分,确保计算机网络资源的安全性。入侵检测问题可归结为将合法授权行为(自体)同非法授权行为(非自体)区别开来,这和免疫系统十分相似。近些年来,基于免疫的入侵检测成为入侵检测领域的热点研究问题,它的突出特点是利用免疫系统的原理、体系结构和有关算法来实现对入侵行为的检测。本文针对目前入侵检测研究中存在的可扩展性和自适应性较差,且不能有效地检测未知入侵行为的问题,将免疫系统中的否定选择算法应用到入侵检测领域。
本文研究了基于否定选择的入侵检测方法。这种方法具体包括三个部分:
(1)定义一个“自我”集;
(2)产生一个有效检测元集合,其中每一个元素都不能与“自我”集中的任何元素相匹配;
(3)用产生的有效检测元检测入侵行为。
由于本文提出的入侵检测方法应用了混合检测的思想,因此该方法兼有误用检测和异常检测的优点。实验表明本文给出的入侵检测方法不但检测率高,误检率低,而且能够有针对性地检测出已知类型的未知入侵行为,同时还具有自适应性强的特点。
With wide use of computer network, people are paying more and more attention to network security problem. Intrusion detection is an essential component of information security protection system, which guarantees the security of the network resource. The problem of intrusion detection may boil down to the differentiation between the valid authorized use of computer system (self) and the invalid authorized use of computer system (nonself), which is similar to immune system. In recent years, the researchers who apply themselves to intrusion detection study have focused on intrusion detection technology based on immunology, whose prominent characteristic is to detect intrusion by immune system theories, architecture and algorithms. The main shortcomings of current intrusion detection study include poor expansibility, poor adaptability and incapability of detecting unknown attacks. Aiming at these deficiencies, this paper applies negative selection algorithm in immune system to intrusion detection field.
In this paper, a new method based on negative selection is studied to detect intrusion. This method includes three parts:
(1) Define a "self set;
(2) Initialize the set of valid detectors whose element can not match any element of the "self set;
(3) Use the valid detectors initialized above to detect intrusion.
Because the method proposed in this paper applys the idea of the composite detection, it has the advantages of Misuse Detection and Anomaly Detection. The experiment results show that the method proposed in this paper has high True Positive Rate and low False Positive Rate, is able to detect the unknown intrusion whose type is known with pertinency and has a certain extent adaptability.
本文研究了基于否定选择的入侵检测方法。这种方法具体包括三个部分:
(1)定义一个“自我”集;
(2)产生一个有效检测元集合,其中每一个元素都不能与“自我”集中的任何元素相匹配;
(3)用产生的有效检测元检测入侵行为。
由于本文提出的入侵检测方法应用了混合检测的思想,因此该方法兼有误用检测和异常检测的优点。实验表明本文给出的入侵检测方法不但检测率高,误检率低,而且能够有针对性地检测出已知类型的未知入侵行为,同时还具有自适应性强的特点。
With wide use of computer network, people are paying more and more attention to network security problem. Intrusion detection is an essential component of information security protection system, which guarantees the security of the network resource. The problem of intrusion detection may boil down to the differentiation between the valid authorized use of computer system (self) and the invalid authorized use of computer system (nonself), which is similar to immune system. In recent years, the researchers who apply themselves to intrusion detection study have focused on intrusion detection technology based on immunology, whose prominent characteristic is to detect intrusion by immune system theories, architecture and algorithms. The main shortcomings of current intrusion detection study include poor expansibility, poor adaptability and incapability of detecting unknown attacks. Aiming at these deficiencies, this paper applies negative selection algorithm in immune system to intrusion detection field.
In this paper, a new method based on negative selection is studied to detect intrusion. This method includes three parts:
(1) Define a "self set;
(2) Initialize the set of valid detectors whose element can not match any element of the "self set;
(3) Use the valid detectors initialized above to detect intrusion.
Because the method proposed in this paper applys the idea of the composite detection, it has the advantages of Misuse Detection and Anomaly Detection. The experiment results show that the method proposed in this paper has high True Positive Rate and low False Positive Rate, is able to detect the unknown intrusion whose type is known with pertinency and has a certain extent adaptability.
引文
[1] 蒋建春,冯登国.网络入侵检测原理与技术.北京:国防工业出版社,2001:49-52页
[2] D. L. Chao and S. Forrest. Information Immune Systems. International Conference on Artificial Immune Systems (ICARIS), Canterbury, 2002. 132-140P
[3] Leandro Nunes de Castro. An Introduction to the Articial Immune System. Proceedings of the 5th International Conference on Artificial Neural Networks and Genetic Algorithms (ICANNGA), the Liehtenstein Palace, 2001. 87-98P
[4] Steven A. Hofmeyr, Stephanie Forrest. Architecture for an Artificial Immune System. Evolutionary Computation. 2000, 8(4): 443-473P
[5] S. Forrest, Alan s. Perelson, Lawrence Allen. Self-Nonself Discrimination in a Computer. In proceedings of the 1994 IEEE symposium on Researchin Security and priracy, Los Alamitos, CA, 1994. IEEE Computer Society Press, 202-212P, 188-198P, 202-212P
[6] S. Forrest, S. Hofmeyr, and A. Somayaji. Computer Immunology. Communications of the ACM. 1997, 40(10): 88-96P
[7] Stephanie Forrest, Thomas A. Longstaff steven A. Hornieyr. A sense of self for Unix Processes. In Proceeding of the 1996 IEEE Symposium on secutity and Privacy, Oakland, California, USA, 1996. IEEE Computer Society Press, 120-129P
[8] Jeffrey O. Kephart. A Biologically Inspired Immune System for Computers. Rodney Brooks and Pattie Maes. Proceedings of the Fourth International Workshop on the Synthesis and Simulation of Living Systems, Cambridge, MA/London, 1994. MIT Press, 210-218P
[9] A. Somaya ji, S. Hofmeyr, S. Forrest. Principles of a Computer Immune System. Proceedings of New Security Paradigms Workshop, New York, USA, 1998. 75-82P
[10] 刘振鹏,李继民,常胜等.基于“邻接点”技术提高计算机免疫系统GECISM可靠性的方法.微电子学与计算机.2003,20(3):26-28页
[11] 王凤先,常胜,刘振鹏等.一种计算机免疫系统的总体结构模型.2002年全国开放式分布与并行计算学术会议论文,武汉,2002.华中科技大学出版社,72-76页
[12] 张海峰,梁意文,代文.计算机免疫识别规则的演化挖掘.计算机工程.2001, 27(11):102-103页
[13] 白晓冰,曹阳,张维明等.基于人工免疫模型的网络入侵检测系统.计算机工程与应用.2002(9):133-135页
[14] 戴志锋,何军.一种基于主机分布式安全扫描的计算机免疫系统模型.计算机应用.2001,21(10):24-27页
[15] 张彦超,阙喜戎,王文东.一种基于免疫原理的网络入侵检测模型.计算机工程与应用.2002(10):159-161页
[16] 梁意文,康立山.一种基于用户行为的 Self 集构造和演化方法.计算机应用研究.2001(9):7-9页
[17] 梁意文,潘海军,康立山.免疫识别器构造的多级演化.小型微型计算机系统.2002,23(4):441-443页
[18] 姜梅,丁秋林.一种基于生物免疫系统的计算机抗病毒新技术.计算机应用研究.2001(6):69-71页
[19] 侯朝桢,张雅静.基于 multi—agent 的仿生物免疫:计算机抗病毒研究新思路.北京理工大学学报.2002,22(3):270-273页
[20] Malady Andress.杨涛等译.计算机安全原理.机械工业出版社,2002:1-16页
[21] J. P. Anderson. Computer Security Threat Monitoring and Surveillance. Technical report James P Anderson Co., Fort Washington, Pennsylvania, April, 1980: 10-11P
[22] Denning D E. An intrusion detection model. IEEE Transaction on Software Engineering. 1987, 2(13): 222-232P, 224-228P, 230-232P
[23] Eugene Spafford. Crisis and aftermath. Communication of ACM. 1989, 32(6):678-687P
[24] Teresa L, Jagannafhan R, Lee R, et al. IDES: The enhanced prototype, a real-time intrusion detection system. Menlo Park, CA: SRI International, Computer Science Lab, 1988: 1-48P
[25] S. E. Smaha. Haystack: An Intrusion Detection System. Orlando ed. In Proceedings of the IEEE Fourth Aerospace Computer Security Applications Conference, Washington, 1988. IEEE Computer Society Press, December 1988: 37-44P
[26] Sebring M. M, Shellbouse E, Hanna M E, et al. Expert system in intrusion detection: a case study. MD: 11~(th) National Computer Security Conference, Baltimore, 1998: 1-28P
[27] Heberlein L T. A network security monitor. Proceeding of the IEEE Symposium on Research in Security and Privacy, Orlando, CA, 1990. IEEE Computer Society Press, 296-304P
[28] Mark Crosbie, Gene Spafford. Defending a computer system using autonomous agents. Purdue University: COAST Laboratory, Department of Computer Science, 1994: 40-42P
[29] S. A. Flofmeyr, S. Forrest, and A. Somayaji. Intrusion detect using Sequences of system calls. Journal of Computer Security. 1998, 8(6):151-180P
[30] Wenke L, S J Stolfo. Data Mining Approaches for Intrusion Detection. Proceedings of the 7th USENIX Security Symopsium, San Antonio, Texas: the USENIX Association, 1998. 26-29P
[31] Anup K. Ghosh and Aaron Schwartzbard. A study in using neural networks for anomaly and misuse detection. In Proceedings of 8thUSENIX Security, Washington, D. C, USA, August, 1999. 23-26P
[32] Anup K. Ghosh and Aaron Schwartzbard. A study in using neural networks for anomaly and misuse detection. In Proceedings of 8th USENIX Security, Washington, D. C, USA, August, 1999. 23-26P
[33] Gilham T A, Jagannathan J. A real time intrusion detection system. Menlo Park, CA: SRI International, Computer Science Lab, 1992:2-20P
[34] 鲁云平.基于免疫原理的网络入侵检测技术研究.重庆大学硕士学位论文.2003:69-78页
[35] 张颖,王辉.一种与入侵检测互动的Intemel安全防范系统.计算机工程与应用.2003(7):110-115页
[36] 胡华平等.面向大规模网络的入侵检测与预警系统研究.国防科技大学学报.2003,25(1):1005-1013页.
[37] 阮耀平.计算机系统入侵检测模型与方法.计算机工程.2001,63(9):113-121页
[38] 凌军,曹阳,尹建华等.一种实时入侵检测专家系统的设计与实现.计 算机工程与应用.2002,41(9):102-109页
[39] 郭瑜,孙毅,万芳.一个基于专家系统的入侵检测系统的实现.系统工程与电子技术.2001,23(12):84-85页
[40] J. D. Farmer, N. H. Packarcl. The immune systems, adaptation, and machine learning. Physica. 1986, vol. 22: 187-204P
[41] J. Kim, et al. The human immune system and network intrusion detection. 7~(th) European Congress on Intelligent Techniques and Soft Computing (EUFIT' 99), Achen, Germany, September 12-19, 1999. 67-75P
[42] Y.Ishida, et al. Fully distributed diagnosis by PDP learning algorithm: towards immune network PDP model. Proceedings of IJCNN' 90, San Diego, 1990. 127-134P
[43] H. Bersini and F. J. Varela. Hints for adaptive problem solving gleaned from immune networks. Proceedings of the First Workshop on Parallel Problem Solving from Nature, Springer-Verlag, 1990. 67-75P
[44] R Deaton, M Garzon, J A Rose, R C Murphy, SE Stevens, D R Franceschetti. DNA Based Artificial Immune System for Self-Nonself Discrimination. Proceedings of the 1997 IEEE International Conference on Systems, Orlando, Florida, August, 1997. 87-96P
[45] D. Dasgupta. Immune-based intrusion detection system: a general framework. Proceedings of the 22nd national information systems security conference(NISSC), Virginia, USA, 1999. 177-186P
[46] Ayara, Timmis, de Lemos, de Castro, Duncan. Negative Selection: How to Generate Detectors. Proceedings of 1~(st) International Conference on Artificial Immune Systems (ICARIS-2002), University of Kent at Canterbury, UK, September, 2002. 76-85P
[47] J. Kim, P. J. Bentley. Immune memory in the dynamic clonal selection algorithm. Proceedings of the First International Conference on Artificial Immune Systems (ICARIS-2002), University of Kent at Canterbury, UK, September 9-11, 2002. 57-65P
[48] J. Kim and Peter Bentley. Immune Memory and Gene Library Evolution in the Dynamic Clonal Selection Algorithm. Kluwer Academic Publishers, Hingham, MA, USA, 2004: 361-391P
[49] Jungwon Kim and Peter Bentley. The Artificial Immune Model for Network Intrusion Detection. In 7th European Conference on Intelligent Techniques and Soft Computing (EUFIT'99), Aachen, Germany, 1999. 77-85P
[50] J.Kim, and P. J. Bentley. Negative selection and nicking by an artificial immune system for network intrusion detection. Proceedings of Genetic and Evolutionary Computation Conference (GECCO'99), Orlando, Florida, July 12-17, 1999. 149-158P
[51] J. Kim, P. J. Bentley. Towards an artificial immune system for network intrusion detection: an investigation of clonal selection with a negative selection operator. Proceedings of the Congress on Evolutionary Computation(CEC-2001), Seoul, Korea, May27-20, 2001. 1244-1252P
[52] J. Kim. Integrating artificial immune algorithms for intrusion detection. PhD thesis, Department of Computer Science, University College London. 2002: 72-85P
[53] J. Kim, P. J. Bentley. A model of gene library evolution in the dynamic clonal selection algorithm. Proceedings of the First International Conference on Artificial Immune Systems (ICARIS), Canterbury, September 9-11, 2002. 175-182P
[54] S. A. Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD Dissertation, University of New Mexico. 1999: 125-132P
[55] A. Somayaji, S. Forrest. Automated response using system-call delays. Proceedings of the 9th USENIX Security Symposium, the USENIX Association, Berkeley, CA, 2000. 125-132P
[56] 冯力,管晓宏,郭三刚等.采用规划识别理论预测系统调用序列中的入侵企图.计算机学报,2004,27(8):1083-1091页
[57] P. D. Williams. Warthog: Toward an artificial immune system for detecting‘low and slow’information system attacks. Air Force Institute Technology M. S. thesis. 2001: 23-35P
[58] F. Gonzalez, D. Dasgupta, J. Gomez. The Effect of Binary Matching Rules in Negative Selection. Genetic and Evolutionary Computation Conference, Chicago, 2003. 135-143P
[59] S. Hofmeyr, S. Forrest. Immunity by Design: An Artificial Immune System. Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), Morgan Kaufmann, San Francisco, CA, 1999: 1289-1296P
[60] J. Kim, P. Bentley. Evaluating Negative Selection in an Artificial Immune System for Network Intrusion Detection. Genetic and Evolutionary Computation Conference 2001 (GECCO-2001), San Francisco, CA, July, 2001: 1330-1337P
[61] 冯艳华.基于免疫非我学习算法的入侵检测模型及方法研究.广西大学硕士学位论文.2006:38页
[62] 李涛.计算机免疫学.北京:电子工业出版社,2004:67-75页
[63] Wenke L, S J Stolfo, K W Mok. A data-mining framework for building intrusion detection models. The IEEE Symposium on Security and Privacy, Oakland, CA, 1999. 23-29P
[64] Mukkamala S, Janoski q Sung A. Intrusion Detection using Neural Networks and Support Vector Machines. In 2002 International Joint Conference on Neural Networks (IJCNN), Honolulu, HI, USA, May 2002, 1702-1707P
[65] Srinivas Mukkamala, Andrew H. Sung. Identifying Significant Feature for Network Forensic Analysis Using Artificial Intelligent Techniques. Internation Journal of Digital Evidence. 2003, Volume I (4): 33-39P
[66] LI Jie, GAO Xinho, JIAO Licheng. A CSA-Based Clustering Algorithm for Large Data Sets with Mixed Numeric and Categorical Values. In: Proceedings of the 5~(th) World Congress on Intelligent Control and Automation, Hangzhou, China, 2004. 2304-2307P
[67] 苏璞睿,李德全,冯登国.基于基因规划的主机异常检测方法.软件学报.2003,14(6):1120-1126页
[68] 李昆仑,黄厚宽.模糊多类支持向量机及其在入侵检测中的应用.计算机学报.2005,28(2):275-280页
[69] Weston J., Watkins C.. Multi-class support vector machines. Department of Computer Science, Royal Holloway University of London Technical Report, London, April, 1998. 24-28P
[2] D. L. Chao and S. Forrest. Information Immune Systems. International Conference on Artificial Immune Systems (ICARIS), Canterbury, 2002. 132-140P
[3] Leandro Nunes de Castro. An Introduction to the Articial Immune System. Proceedings of the 5th International Conference on Artificial Neural Networks and Genetic Algorithms (ICANNGA), the Liehtenstein Palace, 2001. 87-98P
[4] Steven A. Hofmeyr, Stephanie Forrest. Architecture for an Artificial Immune System. Evolutionary Computation. 2000, 8(4): 443-473P
[5] S. Forrest, Alan s. Perelson, Lawrence Allen. Self-Nonself Discrimination in a Computer. In proceedings of the 1994 IEEE symposium on Researchin Security and priracy, Los Alamitos, CA, 1994. IEEE Computer Society Press, 202-212P, 188-198P, 202-212P
[6] S. Forrest, S. Hofmeyr, and A. Somayaji. Computer Immunology. Communications of the ACM. 1997, 40(10): 88-96P
[7] Stephanie Forrest, Thomas A. Longstaff steven A. Hornieyr. A sense of self for Unix Processes. In Proceeding of the 1996 IEEE Symposium on secutity and Privacy, Oakland, California, USA, 1996. IEEE Computer Society Press, 120-129P
[8] Jeffrey O. Kephart. A Biologically Inspired Immune System for Computers. Rodney Brooks and Pattie Maes. Proceedings of the Fourth International Workshop on the Synthesis and Simulation of Living Systems, Cambridge, MA/London, 1994. MIT Press, 210-218P
[9] A. Somaya ji, S. Hofmeyr, S. Forrest. Principles of a Computer Immune System. Proceedings of New Security Paradigms Workshop, New York, USA, 1998. 75-82P
[10] 刘振鹏,李继民,常胜等.基于“邻接点”技术提高计算机免疫系统GECISM可靠性的方法.微电子学与计算机.2003,20(3):26-28页
[11] 王凤先,常胜,刘振鹏等.一种计算机免疫系统的总体结构模型.2002年全国开放式分布与并行计算学术会议论文,武汉,2002.华中科技大学出版社,72-76页
[12] 张海峰,梁意文,代文.计算机免疫识别规则的演化挖掘.计算机工程.2001, 27(11):102-103页
[13] 白晓冰,曹阳,张维明等.基于人工免疫模型的网络入侵检测系统.计算机工程与应用.2002(9):133-135页
[14] 戴志锋,何军.一种基于主机分布式安全扫描的计算机免疫系统模型.计算机应用.2001,21(10):24-27页
[15] 张彦超,阙喜戎,王文东.一种基于免疫原理的网络入侵检测模型.计算机工程与应用.2002(10):159-161页
[16] 梁意文,康立山.一种基于用户行为的 Self 集构造和演化方法.计算机应用研究.2001(9):7-9页
[17] 梁意文,潘海军,康立山.免疫识别器构造的多级演化.小型微型计算机系统.2002,23(4):441-443页
[18] 姜梅,丁秋林.一种基于生物免疫系统的计算机抗病毒新技术.计算机应用研究.2001(6):69-71页
[19] 侯朝桢,张雅静.基于 multi—agent 的仿生物免疫:计算机抗病毒研究新思路.北京理工大学学报.2002,22(3):270-273页
[20] Malady Andress.杨涛等译.计算机安全原理.机械工业出版社,2002:1-16页
[21] J. P. Anderson. Computer Security Threat Monitoring and Surveillance. Technical report James P Anderson Co., Fort Washington, Pennsylvania, April, 1980: 10-11P
[22] Denning D E. An intrusion detection model. IEEE Transaction on Software Engineering. 1987, 2(13): 222-232P, 224-228P, 230-232P
[23] Eugene Spafford. Crisis and aftermath. Communication of ACM. 1989, 32(6):678-687P
[24] Teresa L, Jagannafhan R, Lee R, et al. IDES: The enhanced prototype, a real-time intrusion detection system. Menlo Park, CA: SRI International, Computer Science Lab, 1988: 1-48P
[25] S. E. Smaha. Haystack: An Intrusion Detection System. Orlando ed. In Proceedings of the IEEE Fourth Aerospace Computer Security Applications Conference, Washington, 1988. IEEE Computer Society Press, December 1988: 37-44P
[26] Sebring M. M, Shellbouse E, Hanna M E, et al. Expert system in intrusion detection: a case study. MD: 11~(th) National Computer Security Conference, Baltimore, 1998: 1-28P
[27] Heberlein L T. A network security monitor. Proceeding of the IEEE Symposium on Research in Security and Privacy, Orlando, CA, 1990. IEEE Computer Society Press, 296-304P
[28] Mark Crosbie, Gene Spafford. Defending a computer system using autonomous agents. Purdue University: COAST Laboratory, Department of Computer Science, 1994: 40-42P
[29] S. A. Flofmeyr, S. Forrest, and A. Somayaji. Intrusion detect using Sequences of system calls. Journal of Computer Security. 1998, 8(6):151-180P
[30] Wenke L, S J Stolfo. Data Mining Approaches for Intrusion Detection. Proceedings of the 7th USENIX Security Symopsium, San Antonio, Texas: the USENIX Association, 1998. 26-29P
[31] Anup K. Ghosh and Aaron Schwartzbard. A study in using neural networks for anomaly and misuse detection. In Proceedings of 8thUSENIX Security, Washington, D. C, USA, August, 1999. 23-26P
[32] Anup K. Ghosh and Aaron Schwartzbard. A study in using neural networks for anomaly and misuse detection. In Proceedings of 8th USENIX Security, Washington, D. C, USA, August, 1999. 23-26P
[33] Gilham T A, Jagannathan J. A real time intrusion detection system. Menlo Park, CA: SRI International, Computer Science Lab, 1992:2-20P
[34] 鲁云平.基于免疫原理的网络入侵检测技术研究.重庆大学硕士学位论文.2003:69-78页
[35] 张颖,王辉.一种与入侵检测互动的Intemel安全防范系统.计算机工程与应用.2003(7):110-115页
[36] 胡华平等.面向大规模网络的入侵检测与预警系统研究.国防科技大学学报.2003,25(1):1005-1013页.
[37] 阮耀平.计算机系统入侵检测模型与方法.计算机工程.2001,63(9):113-121页
[38] 凌军,曹阳,尹建华等.一种实时入侵检测专家系统的设计与实现.计 算机工程与应用.2002,41(9):102-109页
[39] 郭瑜,孙毅,万芳.一个基于专家系统的入侵检测系统的实现.系统工程与电子技术.2001,23(12):84-85页
[40] J. D. Farmer, N. H. Packarcl. The immune systems, adaptation, and machine learning. Physica. 1986, vol. 22: 187-204P
[41] J. Kim, et al. The human immune system and network intrusion detection. 7~(th) European Congress on Intelligent Techniques and Soft Computing (EUFIT' 99), Achen, Germany, September 12-19, 1999. 67-75P
[42] Y.Ishida, et al. Fully distributed diagnosis by PDP learning algorithm: towards immune network PDP model. Proceedings of IJCNN' 90, San Diego, 1990. 127-134P
[43] H. Bersini and F. J. Varela. Hints for adaptive problem solving gleaned from immune networks. Proceedings of the First Workshop on Parallel Problem Solving from Nature, Springer-Verlag, 1990. 67-75P
[44] R Deaton, M Garzon, J A Rose, R C Murphy, SE Stevens, D R Franceschetti. DNA Based Artificial Immune System for Self-Nonself Discrimination. Proceedings of the 1997 IEEE International Conference on Systems, Orlando, Florida, August, 1997. 87-96P
[45] D. Dasgupta. Immune-based intrusion detection system: a general framework. Proceedings of the 22nd national information systems security conference(NISSC), Virginia, USA, 1999. 177-186P
[46] Ayara, Timmis, de Lemos, de Castro, Duncan. Negative Selection: How to Generate Detectors. Proceedings of 1~(st) International Conference on Artificial Immune Systems (ICARIS-2002), University of Kent at Canterbury, UK, September, 2002. 76-85P
[47] J. Kim, P. J. Bentley. Immune memory in the dynamic clonal selection algorithm. Proceedings of the First International Conference on Artificial Immune Systems (ICARIS-2002), University of Kent at Canterbury, UK, September 9-11, 2002. 57-65P
[48] J. Kim and Peter Bentley. Immune Memory and Gene Library Evolution in the Dynamic Clonal Selection Algorithm. Kluwer Academic Publishers, Hingham, MA, USA, 2004: 361-391P
[49] Jungwon Kim and Peter Bentley. The Artificial Immune Model for Network Intrusion Detection. In 7th European Conference on Intelligent Techniques and Soft Computing (EUFIT'99), Aachen, Germany, 1999. 77-85P
[50] J.Kim, and P. J. Bentley. Negative selection and nicking by an artificial immune system for network intrusion detection. Proceedings of Genetic and Evolutionary Computation Conference (GECCO'99), Orlando, Florida, July 12-17, 1999. 149-158P
[51] J. Kim, P. J. Bentley. Towards an artificial immune system for network intrusion detection: an investigation of clonal selection with a negative selection operator. Proceedings of the Congress on Evolutionary Computation(CEC-2001), Seoul, Korea, May27-20, 2001. 1244-1252P
[52] J. Kim. Integrating artificial immune algorithms for intrusion detection. PhD thesis, Department of Computer Science, University College London. 2002: 72-85P
[53] J. Kim, P. J. Bentley. A model of gene library evolution in the dynamic clonal selection algorithm. Proceedings of the First International Conference on Artificial Immune Systems (ICARIS), Canterbury, September 9-11, 2002. 175-182P
[54] S. A. Hofmeyr. An immunological model of distributed detection and its application to computer security. PhD Dissertation, University of New Mexico. 1999: 125-132P
[55] A. Somayaji, S. Forrest. Automated response using system-call delays. Proceedings of the 9th USENIX Security Symposium, the USENIX Association, Berkeley, CA, 2000. 125-132P
[56] 冯力,管晓宏,郭三刚等.采用规划识别理论预测系统调用序列中的入侵企图.计算机学报,2004,27(8):1083-1091页
[57] P. D. Williams. Warthog: Toward an artificial immune system for detecting‘low and slow’information system attacks. Air Force Institute Technology M. S. thesis. 2001: 23-35P
[58] F. Gonzalez, D. Dasgupta, J. Gomez. The Effect of Binary Matching Rules in Negative Selection. Genetic and Evolutionary Computation Conference, Chicago, 2003. 135-143P
[59] S. Hofmeyr, S. Forrest. Immunity by Design: An Artificial Immune System. Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), Morgan Kaufmann, San Francisco, CA, 1999: 1289-1296P
[60] J. Kim, P. Bentley. Evaluating Negative Selection in an Artificial Immune System for Network Intrusion Detection. Genetic and Evolutionary Computation Conference 2001 (GECCO-2001), San Francisco, CA, July, 2001: 1330-1337P
[61] 冯艳华.基于免疫非我学习算法的入侵检测模型及方法研究.广西大学硕士学位论文.2006:38页
[62] 李涛.计算机免疫学.北京:电子工业出版社,2004:67-75页
[63] Wenke L, S J Stolfo, K W Mok. A data-mining framework for building intrusion detection models. The IEEE Symposium on Security and Privacy, Oakland, CA, 1999. 23-29P
[64] Mukkamala S, Janoski q Sung A. Intrusion Detection using Neural Networks and Support Vector Machines. In 2002 International Joint Conference on Neural Networks (IJCNN), Honolulu, HI, USA, May 2002, 1702-1707P
[65] Srinivas Mukkamala, Andrew H. Sung. Identifying Significant Feature for Network Forensic Analysis Using Artificial Intelligent Techniques. Internation Journal of Digital Evidence. 2003, Volume I (4): 33-39P
[66] LI Jie, GAO Xinho, JIAO Licheng. A CSA-Based Clustering Algorithm for Large Data Sets with Mixed Numeric and Categorical Values. In: Proceedings of the 5~(th) World Congress on Intelligent Control and Automation, Hangzhou, China, 2004. 2304-2307P
[67] 苏璞睿,李德全,冯登国.基于基因规划的主机异常检测方法.软件学报.2003,14(6):1120-1126页
[68] 李昆仑,黄厚宽.模糊多类支持向量机及其在入侵检测中的应用.计算机学报.2005,28(2):275-280页
[69] Weston J., Watkins C.. Multi-class support vector machines. Department of Computer Science, Royal Holloway University of London Technical Report, London, April, 1998. 24-28P