分布式网络入侵检测防御关键技术的研究
|
摘要
“分布式网络入侵检测防御关键技术的研究”根据网络向“分布式”发展、入侵方式以“分布式入侵”为主要威胁、单点检测系统向分布式检测系统转换的特征,对分布式网络入侵检测的关键技术进行了较为全面和深入的研究。针对有线网络中常见的分布式拒绝服务攻击、新兴的攻击方式、分布式无线网络的协议安全漏洞和基于信任的安全防御问题进行了分析和研究。以协议分析、理论推导、仿真验证为主要方法,借鉴国内外高端的研究工作,针对分布式网络入侵检测防御的关键问题提出了相应的解决方法,且通过对实际网络及网络入侵的仿真证明了可行性、有效性和优越性。主要研究内容和创新性成果如下:
1.提出了基于树结构的完全分布式入侵检测系统Tree-DIDS。
现有分布式入侵检测系统存在着单点失效和通信成本之间的矛盾,Tree-DIDS用完全分布式体系结构配合三种通信策略协调了这个矛盾;数据存储采用树结构,改变了常用的线性结构,实现了检测、溯源、防御的统一;双异常检测比现有的单一流量异常检测更准确。仿真和性能分析证明了Tree-DIDS系统的可行性和优越性。
2.提出了低速率拒绝服务攻击的三级检测算法。
低速率拒绝服务攻击是新兴的网络入侵方式,现有的检测技术由于针对性过强而提高了检测成本。针对低速率拒绝服务攻击的三级检测算法以分级结构对网络状态进行监视,逐级发现异常,逐级确认异常,仅在必要时启动低速率检测,以此降低网络检测成本,且可实现网络常规异常的检测和攻击性质确认。通过仿真与性能分析证明了该算法与现有的检测方法比较更具有实用性。
3.提出了短时分析算法实现低速率拒绝服务攻击的实时检测和防御。
现有的最常用的频域变换检测低速率攻击方法计算复杂度较高,检测时间略长,短时分析算法通过短时过界率以更低的计算复杂度,在更短时间内检测低速率攻击;现有的研究没有提出参数估计的方法,短时分析算法用修正的自相关函数实现了攻击参数的估计,估计的参数用于改进现有的防御技术。仿真和性能分析证明了短时分析技术可以实现低速率拒绝服务攻击的实时检测和防御。
4.分析了一种分布式无线网络标准,发现了该标准存在的2种安全漏洞,提出了3种相应的安全修正协议。
ECMA-368标准定义的超宽带网络是一种无线分布式网络,目前还没有关于该标准中握手机制安全漏洞的研究。研究通过对该标准的握手机制的分析,发现了当中存在的2种安全漏洞,且相应地提出了防伪造报文、距离测度及增强容忍度3种安全修正协议,完善了ECMA-368的安全机制。仿真和性能分析证明了3种修正协议可在不显著增加成本的情况下弥补安全漏洞,且不会引发新的攻击。
5.在无线分布式网络中建立了跨层信任网络,提出了基于信任领地的安全路由协议TT-DSR。
现有的信任网络研究一般都侧重于一个网络层次,基于无线分布式网络建立的跨层信任网络解决了信任值在不同网络层次传递的问题;信任领地概念的提出改变了现有用单一信任值表征信任程度的状况,用集合、图和关系的方法研究了信任领地建立和扩展的方法,提出了基于信任领地的安全路由协议TT-DSR。仿真结果证明了TT-DSR不仅可以实现路由安全,且在路由过程中可更新信任领地。
入侵检测和安全防御是非常重要且极为复杂的问题,鉴于网络的多态性、入侵的丰富性,只能选取其中的几个关键技术进行研究。研究受到国家863计划“网络安全”(No.2008AA011004)、2008年华为基金项目“短距无线安全研究”、2009年华为基金项目“网络级统一安全防御方案和关键技术”的资金支持,其中2项华为基金已经通过验收,受到合作方好评。
Since distributed networks has promising future, distributed attacks become the main threaten and intrusion detection system has been transferred from single point to distributed system, the thesis named as "Research of the Key Techniques of Intrusion Detection and Protection for Distributed Networks" focuses on the distributed intrusion detection system and the secure problems in distributed networks. Distributed denial of service attacks, low-rate denial of service attacks, vulnerabilities of ECMA-368(European Computer Manufacturers Association) standard and trust wireless distributed networks are discussed. By analyzing of the protocols, reasoning in theories and testifying by simulating, the solutions are provided and the related works by other researchers are also used for references. The main contributions of this thesis are as follow:
1. A Tree-Based Intrusion Detection System is proposed to detect distributed intrusions.
Tree-DIDS keeps the balance between single point failure and transmission cost that is not solved by current DIDS(Distributed Intrusion Detection System). Data are stored as tree data structure rather than linearity. Traffic tree intergrates detection, sources tracing and protection. Double anomalies help to detect the intrusion accurately. The simulation results and performance analysis show that Tree-DIDS works effectively.
2. Three-Level algorithm is proposed to detect low-rate DoS.
As a typically new-style DoS(Denial of Service) attack, current detection techniques against low-rate DoS need higher overhead. Considering the application of networks, three-level low-rate DoS detection system helps to detect DoS attacks and distinguish low-rate DoS from flooding DoS, and finally confirms whether low-rate DoS exists. The most complex algorithm is left behind to reduce detecting overhead. The simulation results and performance analysis show that three-level detection works practically compared with current detection systems.
3. Short-time analysis algorithm is proposed to detect and protect low-rate DoS attacks in real time.
Short-time analysis algorithm helps to detect low-rate DoS attacks in real time with lower complexities and shorter time comparing with frequency transfer method. Modified autocorrelation implements period estimation, which is not discussed in current research. The estimated period could be used to defense against low-rate DoS attacks. The simulation results and performance analysis show that short-time analysis algorithm can detect and prevent low-rate DoS in real time.
4. By analyzing ECMA-368, two secure problems are found and three secure protocols are proposed.
UWB networks specified by ECMA-368 and ECMA-369 are distributed among devices. There is no research on secure problems of handshake mechanism in ECMA-368. The thesis outlines two scenarios where they are possible to produce DoS and DDoS attacks to ECMA-368 standard, meanwhile, three modified secure protocols are given respectively. The simulation results and performance analysis shows the DoS attacks are prevented by consuming limited sources when adding three secure protocols into former standard. No new attack is produced by new secure protocols.
5. A cross-layer trust network is built to protect distributed wireless networks, and a secure route protocol is provided based on trust territories.
Cross-layer trust network is constructed to implement trust values' transmitting among network layers. The concept of trust territories is provided to change the way to describe trust. Sets, graphs and relations are used to build and extend trust territories. A secure route protocol based on trust territories named as TT-DSR is provided. The simulation results and performance analysis shows secure and shorter route is selected in TT-DSR, meanwhile trust territories are extended.
Intrusion detection and security protection are very important and complex topics. Considering networks'polymorphisms and abundance intrusions, only a few key points are discussed. The research are supported by the National High Technology Research and Development Program("863 "Program) of China named "network securities"(No.2008AA011004), huawei foundation named "the research of short distance wireless security" in 2008 and huawei foundation named "the research of security defense in networks layer" in 2009. The last two projects have passed the acceptance of experts in huawei company.
1.提出了基于树结构的完全分布式入侵检测系统Tree-DIDS。
现有分布式入侵检测系统存在着单点失效和通信成本之间的矛盾,Tree-DIDS用完全分布式体系结构配合三种通信策略协调了这个矛盾;数据存储采用树结构,改变了常用的线性结构,实现了检测、溯源、防御的统一;双异常检测比现有的单一流量异常检测更准确。仿真和性能分析证明了Tree-DIDS系统的可行性和优越性。
2.提出了低速率拒绝服务攻击的三级检测算法。
低速率拒绝服务攻击是新兴的网络入侵方式,现有的检测技术由于针对性过强而提高了检测成本。针对低速率拒绝服务攻击的三级检测算法以分级结构对网络状态进行监视,逐级发现异常,逐级确认异常,仅在必要时启动低速率检测,以此降低网络检测成本,且可实现网络常规异常的检测和攻击性质确认。通过仿真与性能分析证明了该算法与现有的检测方法比较更具有实用性。
3.提出了短时分析算法实现低速率拒绝服务攻击的实时检测和防御。
现有的最常用的频域变换检测低速率攻击方法计算复杂度较高,检测时间略长,短时分析算法通过短时过界率以更低的计算复杂度,在更短时间内检测低速率攻击;现有的研究没有提出参数估计的方法,短时分析算法用修正的自相关函数实现了攻击参数的估计,估计的参数用于改进现有的防御技术。仿真和性能分析证明了短时分析技术可以实现低速率拒绝服务攻击的实时检测和防御。
4.分析了一种分布式无线网络标准,发现了该标准存在的2种安全漏洞,提出了3种相应的安全修正协议。
ECMA-368标准定义的超宽带网络是一种无线分布式网络,目前还没有关于该标准中握手机制安全漏洞的研究。研究通过对该标准的握手机制的分析,发现了当中存在的2种安全漏洞,且相应地提出了防伪造报文、距离测度及增强容忍度3种安全修正协议,完善了ECMA-368的安全机制。仿真和性能分析证明了3种修正协议可在不显著增加成本的情况下弥补安全漏洞,且不会引发新的攻击。
5.在无线分布式网络中建立了跨层信任网络,提出了基于信任领地的安全路由协议TT-DSR。
现有的信任网络研究一般都侧重于一个网络层次,基于无线分布式网络建立的跨层信任网络解决了信任值在不同网络层次传递的问题;信任领地概念的提出改变了现有用单一信任值表征信任程度的状况,用集合、图和关系的方法研究了信任领地建立和扩展的方法,提出了基于信任领地的安全路由协议TT-DSR。仿真结果证明了TT-DSR不仅可以实现路由安全,且在路由过程中可更新信任领地。
入侵检测和安全防御是非常重要且极为复杂的问题,鉴于网络的多态性、入侵的丰富性,只能选取其中的几个关键技术进行研究。研究受到国家863计划“网络安全”(No.2008AA011004)、2008年华为基金项目“短距无线安全研究”、2009年华为基金项目“网络级统一安全防御方案和关键技术”的资金支持,其中2项华为基金已经通过验收,受到合作方好评。
Since distributed networks has promising future, distributed attacks become the main threaten and intrusion detection system has been transferred from single point to distributed system, the thesis named as "Research of the Key Techniques of Intrusion Detection and Protection for Distributed Networks" focuses on the distributed intrusion detection system and the secure problems in distributed networks. Distributed denial of service attacks, low-rate denial of service attacks, vulnerabilities of ECMA-368(European Computer Manufacturers Association) standard and trust wireless distributed networks are discussed. By analyzing of the protocols, reasoning in theories and testifying by simulating, the solutions are provided and the related works by other researchers are also used for references. The main contributions of this thesis are as follow:
1. A Tree-Based Intrusion Detection System is proposed to detect distributed intrusions.
Tree-DIDS keeps the balance between single point failure and transmission cost that is not solved by current DIDS(Distributed Intrusion Detection System). Data are stored as tree data structure rather than linearity. Traffic tree intergrates detection, sources tracing and protection. Double anomalies help to detect the intrusion accurately. The simulation results and performance analysis show that Tree-DIDS works effectively.
2. Three-Level algorithm is proposed to detect low-rate DoS.
As a typically new-style DoS(Denial of Service) attack, current detection techniques against low-rate DoS need higher overhead. Considering the application of networks, three-level low-rate DoS detection system helps to detect DoS attacks and distinguish low-rate DoS from flooding DoS, and finally confirms whether low-rate DoS exists. The most complex algorithm is left behind to reduce detecting overhead. The simulation results and performance analysis show that three-level detection works practically compared with current detection systems.
3. Short-time analysis algorithm is proposed to detect and protect low-rate DoS attacks in real time.
Short-time analysis algorithm helps to detect low-rate DoS attacks in real time with lower complexities and shorter time comparing with frequency transfer method. Modified autocorrelation implements period estimation, which is not discussed in current research. The estimated period could be used to defense against low-rate DoS attacks. The simulation results and performance analysis show that short-time analysis algorithm can detect and prevent low-rate DoS in real time.
4. By analyzing ECMA-368, two secure problems are found and three secure protocols are proposed.
UWB networks specified by ECMA-368 and ECMA-369 are distributed among devices. There is no research on secure problems of handshake mechanism in ECMA-368. The thesis outlines two scenarios where they are possible to produce DoS and DDoS attacks to ECMA-368 standard, meanwhile, three modified secure protocols are given respectively. The simulation results and performance analysis shows the DoS attacks are prevented by consuming limited sources when adding three secure protocols into former standard. No new attack is produced by new secure protocols.
5. A cross-layer trust network is built to protect distributed wireless networks, and a secure route protocol is provided based on trust territories.
Cross-layer trust network is constructed to implement trust values' transmitting among network layers. The concept of trust territories is provided to change the way to describe trust. Sets, graphs and relations are used to build and extend trust territories. A secure route protocol based on trust territories named as TT-DSR is provided. The simulation results and performance analysis shows secure and shorter route is selected in TT-DSR, meanwhile trust territories are extended.
Intrusion detection and security protection are very important and complex topics. Considering networks'polymorphisms and abundance intrusions, only a few key points are discussed. The research are supported by the National High Technology Research and Development Program("863 "Program) of China named "network securities"(No.2008AA011004), huawei foundation named "the research of short distance wireless security" in 2008 and huawei foundation named "the research of security defense in networks layer" in 2009. The last two projects have passed the acceptance of experts in huawei company.
引文
[1]R. Richardson. CSI/FBI Computer Crime Survey[C]//CSI/FBI 12th Annual Computer Crime and Security,2006:1-30.
[2]Pontes, E.; Guelfi, A.E. IDS 3G—Third generation for intrusion detection:Applying forecasts and return on security investment to cope with unwanted traffic[J]//Internet Technology and Secured Transactions,2009. ICITST 2009. International Conference for,2009: 1-6.
[3]C. Labovitz, D. McPherson, S. Iekel-Johnson, and M. Hollyman. Internet Traffic Trends-A View from 67 ISPs[OL]. NANOG,2008.Available: http://www.nanog.org/meetings/nanog43/presentations/Labovitz internetstats N43.pdf
[4]李德全.拒绝服务攻击[M].北京:电子工业出版社,2007.
[5]徐恪,徐明伟,吴建平.分布式拒绝服务攻击研究综述[J].小型微型计算机系统,2004,25(3):337-336.
[6]孙长华,刘斌.分布式拒绝服务攻击研究新进展综述[J].电子学报,2009,37(7):1562-1570.
[7]张前忠.分布式防火墙与入侵检测系统的联动技术研究[D],南京:南京理工大学,2008.
[8]姜建国.分布式入侵检测系统与信息融合技术的研究与实践[D].四川:四川大学,2003.
[9]S.R.Snapp,J.Brentano, G.V.Dias etc.DIDS (distributed intrusion detection system)-motivation,architecture, and an early Prototype[C]//Proeeedings of 14th National Computer Security Conferenee. Washington, D.C., October1991:167-176.
[10]Steven R. Snupp, James Brentano, Gihan V. Dias etc. A system for distributed intrusion detection[C]//Compcon Spring'91. Digest of Papers, San Francisco, CA,1991:170-176.
[11]Jing Xu, Yongzhong Li. A New Distributed Intrusion Detection Model Based on Immune Mobile Agent[C]//2009 Asia-Pacific Conference on Information 处理. Shenzhen,China,2009: 461-465.
[12]MO Xiu-liang, WANG Chun-dong, WANG Huai-bin. A Distributed Intrusion Detection System Based on Mobile Agents[C]//Biomedical Engineering and Informatics,2009. BMEI'09. 2nd International Conference on, Tianjin, China,2009:1-5.
[13]F. Abdoli and M. Kahani. Ontology-based Distributed Intrusion Detection System[C]// Proceedings of the 14th International CSI Computer Conference (CSICC'09). Tehran, Oct. 2009:65-70.
[14]Amir Vahid Dastjerdi, Kamalrulnizam Abu Bakar, Sayed Gholam Hassan Tabatabaei. Distributed Intrusion Detection in Clouds Using Mobile Agents[C]//2009 Third International Conference on Advanced Engineering Computing and Applications in Sciences. Sliema, Oct. 2009:175-181.
[15]Ugur Akyazi A. Sima Etaner Uyar. Distributed Intrusion Detection using Mobile Agents against DDoS Attacks[C]//Computer and Information Sciences,2008. ISCIS'08.23rd International Symposium on, Istanbul, Oct.2008:1-6.
[16]Nita Patil, Chhaya Das, Shreya Patankar etc. Analysis of Distributed Intrusion Detection Systems using Mobile Agents[C]//First International Conference on Emerging Trends in Engineering and Technology, Nagpur, Maharashtra,2008:1255-1260.
[17]Xiaohong Qu, Zhijie Liu, Xiaoyao Xie. Research on Distributed Intrusion Detection System Based on Protocol Analysis[C]//Anti-counterfeiting, Security, and Identification in Communication,2009. ASID 2009.3rd International Conference on, Hong Kong, Aug. 2009:421-424.
[18]Stefan Axelsson. The base-rate fallacy and the difficulty of intrusion detection[J]// Information and System Security,3(3),2000:186-205.
[19]Martin Chovanec, Liberios Vokorkos, and Ing. Jan Perhac. SECURITY ARCHITECTURE BASED ON MULTILAYER DISTRIBUTED INTRUSION DETECTION SYSTEM[C]//5th International Symposium on Applied Computational Intelligence and Informatics,Timisoara, Romania, May 2009:301-306.
[20]王海龙,胡宁,龚正虎.Bot_CODA:僵尸网络协同检测体系结构[J].通信学报,2009,30(10A):15-22.
[21]Safaa Zaman and Fakhri Karray. Collaborative Architecture for Distributed Intrusion Detection System[C]//Proceedings of the 2009 IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA 2009),Ottawa, ON,July 2009:1-7.
[22]Adam Grzech. Optimization of Two-level Topological Structure of Distributed Intrusion Detection System[C]//19th International Conference on Systems Engineering, Las Vegas, NV, Aug.2008:337-342.
[23]Adam Grzech, Mariusz Kazmierski. Distributed Intrusion Detection Systems of Computer Communication Networks[C]//New Technologies, Mobility and Security,2008, Tangier, Nov. 2008:1-5.
[24]Adam Grzech. Intelligent Distributed Intrusion Detection Systems of Computer Communication Systems[C]//2009 First Asian Conference on Intelligent Information and Database Systems. Dong Hoi,April 2009:1-6.
[25]Yan Luo, Ke Xiang, Jie Fan etc. Distributed Intrusion Detection with Intelligent Network Interfaces for Future Networks[C]//IEEE ICC 2009 proceedings, Dresden, June 2009:1-5.
[26]Noah Guilbault and Ratan Guha. Experiment Setup for Temporal Distributed Intrusion Detection System on Amazon's Elastic Compute Cloud[C]//ISI 2009, Richardson, TX, USA, June 2009:300-303.
[27]Desheng Fu, Shu Zhou, Ping Guo. The Design and Implementation of a Distributed Network Intrusion Detection System Based on Data Mining[C]//World Congress on Software Engineering, Xiamen,2009:446-451.
[28]史志才,季振洲.分布式网络入侵检测技术研究[J].计算机工程,2005,31(13):112-114.
[29]Andreas Fuchsberger. Intrusion Detection Systems and Intrusion Prevention Systems[J]. Information Security Technical Report 2005,10:134-139.
[30]Zhichun Li, Yan Chen, Aaron Beach.Towards Scalable and Robust Distributed Intrusion Alert Fusion with Good Load Balancing[C]//SIGCOMM'06 Workshops, Pisa, Italy, September 2006.
[31]Ashok Kumar Tummala and Parimal Patel. Distributed IDS using Reconfigurable Hardware[C]//Parallel and Distributed Processing Symposium,2007. IPDPS 2007. IEEE International, Long Beach, CA,March 2007:1-6.
[32]Eugene H. Spafford, Diego Zamboni. Intrusion detection using autonomous agents[C]// Computer Networks, October 2000:547-570.
[33]Jai Balasubramaniyan, Jose Omar Garcia-Fernandez, E. H. Spafford etc. An architecture for intrusion detection using autonomous agents[C]//Computer Security Applications Conference,1998, Proceedings,14th Annual, Phoenix, AZ,1998:13-24.
[34]Diego Zamboni, E. H. Spafford. AAFID2 users guide[M]. Department of Computer Sciences.1998.
[35]Peter G. Neumann, Phillip A. Porras. Experience with EMERALD to Date[OL]. http://www.sdl.sri.com/cgi-bin/WebObjects/SDL.woa/wa/Publications.Apr 1999.
[36]Phillip A. Porras, Peter G. Neumann. EMERALD:Event monitoring enabling responses to anomalous live disturbances[C]//Proceedings of the 20th National Information Systems Security Conference. Oct,1997:1-15.
[37]Phillip A. Porras, Peter G. Neumann. EMERALD Conceptual Overview Statement[C]// First USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, 1996:73-80.
[38]Rajeev Gopalakrishna. A framework for distributed intrusion detection using interest-driven cooperating agents[C]//Proceedings of Recent Advances in Intrusion Detection (RAID),2001:1-23.
[39]邓琦浩.分布式主动协同入侵检测研究与实践[D],河南:解放军信息工程大学,2005.
[40]Ramaprabhu Janakiraman, Marcel Waldvogel, Qi Zhang. Indra:A peer-to-peer approach to network intrusion detection and prevention[C]//Proc,2003 IEEE WET ICE Workshop on Enterprise Security, Linz, Austria. Jun 2003:226-231.
[41]Steven Northcutt. Network intrusion detection-an analyst's handbook[M]. New Riders, ndianapolis, USA,1999.
[42]Jun Gao, Weiming Hu, Xiaoqin Zhang etc. Adaptive Distributed Intrusion Detection Using Parametric Model[C]//2009 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology-Workshops. Milan, Italy,2009:675-678.
[43]Yu Chen, Kai Hwang. Collaborative change detection of DDoS attacks on community and ISP Networks[C]//Collaborative Technologies and Systems,2006. CTS 2006. International Symposium on, May 2006:401-410.
[44]Yu Chen, Kai Hwang,Wei-Shinn Ku. Collaborative detection of DDoS attacks over multiple network domains[J]//Parallel and Distributed Systems, IEEE Transactions on,18, Issue:12, Dec.2007:1649-1662.
[45]Michelle Delio. New Breed of Attack Zombies Lurk[OL]. http://www.wired.com/science/discoveries/news/2001/05/43697:wired,2001.
[46]Aleksandar Kuzmanovic and Edward W. Knightly.Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants)[C]//SIGCOMM'03, Karlsruhe, Germany, August 2003:75-87.
[47]LUO,X. and CHANG, R. K. C.On a New Class of Pulsing Denial-of-Service Attacks and the Defense[C]//Network and Distributed System Security Symposium (NDSS'05), San Diego, CA.February 2005:1-19.
[48]Mina Guirguis,Azer Bestavros, Ibrahim Matta. Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resouces[C]//Proceedings of the 12th IEEE International Conference on Network Protocols (ICNP'04), Oct.2004:184-195.
[49]吴志军,张东.低速率DDoS攻击的仿真和特征提取[J].通信学报,2008,29(6):97-93.
[50]R. Srikant. The Mathematics of Internet Congestion Control[J]//Automatic Control, IEEE Transactions on,50, Issue:1,2005:134-135.
[51]何炎祥,刘陶,曹强等.低速率拒绝服务攻击研究综述[J].计算机科学与探索,2008,2(1):1-19.
[52]Aleksandar Kuzmanovic and Edward W. Knightly.Low-Rate TCP-Targeted Denial of Service Attacks and Counter Strategies [J]//IEEE/ACM TRANSACTIONS ON NETWORKING, VOL.14, NO.4, AUGUST 2006:683-697.
[53]MINA GUIRGUIS, AZER BESTAVROS,IBRAH1M MATTA etc. Reduction of Quality (RoQ) Attacks on Internet End-Systems[C]//INFOCOM 2005.24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE, March 2005:vol.2 1362-1373.
[54]MINA GUIRGUIS, AZER BESTAVROS, IBRAHIM MATTA etc.Reduction of Quality (RoQ) Attacks on Dynamic Load Balancers:Vulnerability Assessment and Design Tradeoffs[C]//IEEE INFOCOM 2007 proceedings, Anchorage, AK,May 2007,857-866.
[55]MINA GUIRGUIS,AZER BESTAVROS, IBRAHIM MATTA.On the Impact of Low-Rate Attacks[C]//IEEE ICC 2006 proceedings, Istanbul,June 2006:2316-2322.
[56]Xiapu Luo, Rocky K. C. Chang, and Edmond W. W. Chan. Performance Analysis of TCP/AQM Under Denial-of-Service Attacks[C]//Proceedings of the 13th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS'05) Sept.2005:97-104.
[57]Xiapu Lou,Edmond w.w.Chan and Rockey k.c.Chang. Vanguard:a new detection scheme for a Class of TCP-targeted Denial-of-Service Attacks[C]//Network Operations and Management Symposium,2006. NOMS 2006.10th IEEE/IFIP, Vancouver, BC, April 2006: 507-518.
[58]Yu Chen, Kai Hwang. Spectral analysis of TCP flows for defense against Reduction-of-Quality attacks [C]//IEEE International Conference on Communications 2007, ICC 2007 proceedings,ICC-2007, Glasgow, Scotland,2007:24-28.
[59]YU CHEN, KAI HWANG, and YU-KWONG KWOK.Collaborative Defense against Periodic Shrew DDoS Attacks in Frequency Domain [J]//ACM Transactions on Information and System Security (TISSEC) on May 3,2005:1-30.
[60]Hao Chen, Yu Chen. A Novel Embedded Accelerator for Online Detection of Shrew DDoS Attacks[C]//International Conference on Networking, Architecture, and Storage, Chongqing June 2008:365-372.
[61]吴志军,岳猛.低速率拒绝服务LDoS攻击性能的研究[J].通信学报,2008,29(6):87-95.
[62]蔡晶,吴志军.基于频谱分析的低速率TCP攻击检测[J].中国民航大学学报,2007年7月:30-32.
[63]姚翼雄,刘颖,吴志军.一种新型拒绝服务攻击的研究[J].学术研究,2007年6月.
[64]魏蔚,董亚波,鲁东明,金光.低速率拒绝服务攻击的检测响应机制[J].浙江大学学 报,2008,42(5):757-762.
[65]Petros Efstathopoulos. Practical Study of a Defense Against Low-Rate TCP-Targeted DoS Attack[J]//Internet Technology and Secured Transactions,2009. London:ICITST,2009:1-6.
[66]Chia-Wei Chang, Seungjoon Lee, Bill Lin and Jia Wang. The Taming of The Shrew: Mitigating Low-Rate TCP-Targeted Attack[C]//2009 29th IEEE International Conference on Distributed Computing Systems, Montreal, Quebec, Canada,2009:137-145.
[67]Gabriel Macia-Fernandez, Jesus E. Diaz-Verdejo,and Pedro Garcia-Teodoro. Mathematical Model for Low-Rate DoS Attacks Against Application Servers[J]//IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL.4, NO.3, SEPTEMBER 2009:519-530.
[68]韩纪庆,张磊,郑铁然编著.语音信号处理[M].北京:清华大学出版社,2004年9月:43-55.
[69]赵力编著.语音信号处理[M].北京:机械工业出版社,2007年3月:35-41.
[70]G. Yang, M. Gerla, and M. Y. Sanadidi. Defense against lowrate tcp-targeted denial-of-service attacks[C]//ISCC'04:Proceedings of the Ninth International Symposium on Computers and Communications 2004 Volume 2 (ISCC"04), Washington, DC, USA, 2004:345-350.
[71]ZHANG Y,MAO Z M,WANG J.Low-rate tcp-targeted dos attack disrupts internet routing[C]//Proc 14th Annual Network&Distributed System Security Symposium (NDSS'07). San Diego,CA,USA,2007:1-15.
[72]V. Paxson and M. Allman. Computing TCP's retransmission timer. Internet RFC 2988, 2000. RFC Editor United States.
[73]M. Allman and V. Paxson. On estimating end-to-end network path properties[C]// Proceedings of ACM SIGCOMM 1999, Cambridge, MA,1999:263-274.
[74]Wei W.A novel mechanism to defend against low-rate denial-of-service attacks[M].United States:Springer Ver-lag, Heidelberg,Germany,2006,3975.
[75]Standard ECMA-368. High Rate Ultra Wideband PHY and MAC Standard. First Edition,December 2005[OL]. http://www.ecma-international.org.
[76]ECMA-369. MAC-PHY Interface for ECMA-368. First Edition,December 2005[OL]. http://www.ecma-international.org
[77]见晓春,吴振强,霍成义,张婕.同源SYN报文两次接收法防御SYN Flood攻击[J].计算机工程与设计,2008,29(6):1440-1442.
[78]梁峰,史杏荣,曲阜平.IEEE802.11i中四次握手过程的安全分析和改进[J].计算机工程,2007,33(3):149-152.
[79]张浩军.无线局域网认证安全基础架构研究与设计[D].河南:解放军信息工程大学,2006年.
[80]Floriano De Rango, Dionigi Cristian Lentini, Salvatore Marano. Static and dynamic 4-way handshake solutions to avoid denial of service attack in Wi-Fi protected access and IEEE 802.11i[J]. EURASIP Journal on Wireless Communications and Networking,vol.2006.2, Apr.2006:1-19.
[81]Songhe Zhao; Shoniregun, C.A.; Imafidon, C. Addressing the vulnerability of the 4-way handshake of 802.11i.In Digital Information Management,2008. ICDIM 2008[C]//Third International Conference on, London,Nov,2008:351-356.
[82]刘坤.无线局域网的安全性研究[D].上海:复旦大学,2008.
[83]C. He, J. C. Mitchell. Analysis of the 802.11i 4-way handshake[C]//Proceedings of the ACM Workshop on Wireless Security (WiSe'04), Philadelphia, Pa, USA, October 2004:43-50.
[84]Changhua He, John C. Mitchell. Analysis of security protocols for wireless networks [D]. Stanford University, Jan.2006.
[85]Jing Liu,Xinming Ye, Jun Zhang, Jun Li. Security Verification of 802.11i 4-Way Handshake Protocol [C]//Communications,2008. ICC'08. IEEE International Conference on, Beijing,May 2008:1642-1647.
[86]Nishi, R.; Hori, Y.; Sakurai, K. Key Distribution Scheme Using Matched Filter Resistant against DoS Attack[C]//Advanced Information Networking and Applications-Workshops, 2008. AINAW 2008.22nd International Conference on, Okinawa,March,2008:1534-1539.
[87]Randall R. Stewart, Qiaobing Xie. Stream control transmission protocol. Addison-Wesley Longman Publishing Co., Inc. Dec.2001
[88]白刚,王重钢,隆克平,程时端,陈俊亮.流控制传输协议SCTP及其性能分析与应用[J].北京邮电大学学报,2001,24(4):62-66.
[89]Joe, I.SCTP with an improved cookie mechanism for mobile ad-hoc networks[C]//Global Telecommunications Conference,2003. GLOBECOM'03. IEEE,2003:3678-3682.
[90]Alan O.Freier. The SSL Protocol v3.0[OL]. http://www.freesoft.org/CIE/Topics/ssl-draft, March 1996.
[91]T.Dierks. The TLS Protocol Version 1.0[OL].http://www.faqs.org/rfcs/rfc2246.html, January 1999.
[92]PClaude Castelluccia, Einar Mykletun, PGene Tsudik Improving secure server performance by re-balancing SSL/TLS handshakes[C]//Proceedings of the 2006 ACM Symposium on Information, computer and communications security,Mar.2006.
[93]Luo Qing, Lin Yaping. Analysis and Comparison of Several Algorithms in SSL/TLS Handshake Protocol [C]//Information Technology and Computer Science,2009. ITCS 2009. International Conference on,2009:613-617.
[94]WAP Forum. Wireless App lication Protocol Wireless Transport Layer Security Specification Version 06[OL]. http://www. wapforum. org.
[95]李彬,王新梅.一种实用的WTLS握手协议[J].西北大学学报(自然科学版),2007,37(6):977-981.
[96]Bin Li. A Forward-Secrecy WTLS Handshake Protocol Based on XTR[C]//Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance, Jun.2009.
[97]陈伟,俞雷,张迎周.802.11协议中RTS/CTS机制的安全漏洞分析[J].计算机应用,2008,28(12):3183-3186.
[98]Jerschow, Y.I.; Scheuermann, B.; Mauve, M. Counter-Flooding:DoS Protection for Public Key Handshakes in LANs[C]//Networking and Services,2009. ICNS'09. Fifth International Conference on,2009:376-382.
[99]E. Pontes, A. Guelfi and E. Alonso. Forecasting for Return on Security Information Investment:New Approach on Trends in Intrusion Detection and Unwanted Internet Traffic[J]// Latin America Transactions, IEEE (Revista IEEE America Latina),Volume:7, Issue:4,2009: 438-445.
[100]于秉球,崔晓燕.浅析超宽带技术面临的挑战及应用前景[J].计算机与网络,564-565.
[101]Kazimierz Siwiak and Debra Mckeown.张中兆,沙学军译.超宽带无线电技术[M].北京:电子工业出版社,2005.
[102]IEEE Standard for Information technology—Telecommunications and Information exchange between systems—Local and metropolitan area networks-Specific requirements, Part 11, Amendment 10:Medium Access Control (MAC) Security Enhancements, IEEE Std 802.11i-2005.
[103]鲁兴虎.网络信任-虚拟与现实之间的挑战[M].南京:东南大学出版社,2003.
[104]付才,洪帆,洪亮,彭冰,崔永泉.基于信任保留的移动Ad Hoc网络安全路由协议TPSRP[J].计算机学报,2007,30(10):1853-1864.
[105]Adnane, A.; Bidan, C.; de Sousa, R.T. Trust-Based Countermeasures for Securing OLSR Protocol [C]//Computational Science and Engineering,2009, Vancouver, BC, Aug. 2009:745-752.
[106]De Sousa, R.T.; Adnane, A.H.; Bidan, C.; Me, L. On the Vulnerabilities and Protections of the OLSR ad hoc Routing Protocol from the point of view of Trust[J]//Latin America Transactions, IEEE (Revista IEEE America Latina),7, Issue:5, Sept.2009:594-602.
[107]Bo Wang, Chuanhe Huang, Wenzhong Yang, Tong Wang. An Individual Behavior-Based Trust Routing Model for Ad Hoc Networks[C]//Multimedia Information Networking and Security,2009. MINES'09, Hubei, Nov.2009:454-457.
[108]Manickam, J.M.L.; Shanmugavel, S. Fuzzy Based Trusted Ad hoc On-demand Distance Vector Routing Protocol for MANET[C]//Advanced Computing and Communications,2007. ADCOM 2007. Guwahati, Assam, Dec.2007:414-421.
[109]Xiaoqi Li, M.R. Lyu, Jiangchuan Liu. A trust model based routing protocol for secure ad hoc networks[C]//Aerospace Conference,2004. Proceedings. March 2004, Vol.2,1286-1295.
[110]Zhiyuan Liu, Shejie Lu, Jun Yan. Secure Routing Protocol based Trust for Ad Hoc Networks[C]//Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing,2007. SNPD 2007, Qingdao,2007:279-283.
[111]崔国华,卢社阶,刘志远,耿永军.Ad hoc网络中基于多径路由协议的信誉机制[J].通信学报,2008,29(5):56-64.
[112]Hothefa Sh.Jassim; Yussof, Salman; Kiong, Tiong Sieh etc. A routing protocol based on trusted and shortest path selection for mobile ad hoc network[C]//Communications (MICC), 2009 IEEE 9th Malaysia International Conference on, Kuala Lumpur, Malaysia, Dec.2009:547-554.
[113]Pushpa, A.Menaka. Trust based secure routing in AODV routing protocol[C]//Internet Multimedia Services Architecture and Applications (IMSAA), Bangalore, India, Dec.2009:1-6.
[114]Ayachi, M.A.; Bidan, C.; Abbes, T.; Bouhoula, A. Misbehavior Detection Using Implicit Trust Relations in the AODV Routing Protocol[C]//Computational Science and Engineering, 2009. CSE'09. Vancouver, BC, Aug.2009:802-808.
[115]Johnson D B,Maltz D A. Dynamic source routing in ad hoc wireless networks[J]. Mobile Computing,1996,12 (6):153-181.
[116]Pirzada, A.A.; Datta, A.; McDonald, C. Trust-based routing for ad-hoc wireless networks[C]//Networks,2004. (ICON 2004). Proceedings. Nov.2004:326-330 vol.1.
[117]Gilaberte, R.L.; Herrero, L.P.; A secure routing protocol for ad hoc networks based on trust[C]//Networking and Services,2007. ICNS. Athens, June 2007:9-9
[118]王翠荣,高齐新,王慧.基于模糊逻辑和遗传算法的可信路由协议[J].哈尔滨工程大学学报,2006,27(6):868-873.
[119]Kun Wang, Meng Wu, Subin Shen. A Trust Evaluation Method for Node Cooperation in Mobile Ad Hoc Networks [C]//Information Technology:New Generations,2008, Las Vegas, NV, April 2008:1000-1005.
[120]周贤伟,吴启武.基于可信度的MANET路由协议综合评估[J].计算机工程,2009,35 (6):20-22.
[121]Huang Chuanhe, Cheng Yong, Shi Wenming, Zhou Hao. A trusted routing protocol for wireless mobile ad hoc networks[C]//Wireless, Mobile and Sensor Networks,2007. CCWMSN07. IET Conference on, Shanghai, China,Dec.2007:406-409.
[122]Chatterjee, P.; Sengupta, I. A Trust based Auction oriented Routing Model for Ad Hoc Networks[C]//Advance Computing Conference,2009. IACC 2009. IEEE International, Patiala, March 2009:874-877.
[123]孙玉星,黄松华,陈力军,谢立.基于贝叶斯决策的自组网推荐信任度修正模型[J].软件学报,2009,20(9):2574-2586.
[124]黄清元,曾迎之,苏金树.ASR:一种自适应移动自组网安全路由协议[J].计算机研究与发展,2008,45(12):2087-2094.
[125]Balakrishnan, V.; Varadharajan, V.; Lucs, P.; Tupakula, U.K. Trust Enhanced Secure Mobile Ad-Hoc Network Routing[C]//Advanced Information Networking and Applications Workshops,2007, AINAW'07, Niagara Falls, Ont. May 2007:27-33.
[126]郭伟,熊忠伟,徐仁佐.MANET主观路由信任研究[J].计算机科学.2009,36(9):63-66.
[127]Yan Sun, Wei Yu, Zhu Han etc. Trust Modeling and Evaluation in Ad Hoc Networks[C]// IEEE GLOBECOM 2005 proceedings.2005:1862-1867.
[128]Yan Lindsay Sun, Wei Yu, Zhu Han etc. Information Theoretic Framework of Trust Modeling and Evaluation for Ad Hoc Networks[J]. IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL.24, NO.2, FEBRUARY 2006.305-317.
[129]Yan (Lindsay) Sun,Zhu Han, K. J. Ray Liu.Defense of Trust Management Vulnerabilities in Distributed Networks[J].IEEE Communications Magazine.46, Issue:2 February 2008,112-119.
[130]Kun Wang, Meng Wu, Pengrui Xia, Subin Shen. A Secure Trust-based Location-Aided Routing for Ad Hoc networks [C]//Communications and Networking in China,2008. ChinaCom 2008, Hangzhou, Aug.2008:835-839.
[131]秦丰林,葛连升,刘琚,段海新.移动自组网的匿名路由协议研究综述[J].小型微型计算机系统,2009,30(11):2169-2175.
[132]Min-Hua Shao,Shin-Jia Huang. Trust Enhanced Anonymous Routing in Mobile Ad-Hoc Networks[C]//Parallel and Distributed Computing, Applications and Technologies,2008. PDCAT 2008, Otago, Dec.2008:335-341.
[133]Sisheng Chen, Li Xu, Zhide Chen. Secure Anonymous Routing in Trust and Clustered Wireless Ad Hoc Networks[C]//Communications and Networking in China,2007. CHINACOM'07. Shanghai, Aug.2007:994-998.
[134]Qian Zhou, Lemin Li, Sheng Wang, Shizhong Xu, Wei Tan. A Novel Approach to Manage Trust in Ad Hoc Networks[C]//Convergence Information Technology,2007, Gyeongju, searchabstract Nov.2007:295-300.
[135]Begriche, Y.; Labiod, H. A bayesian statistical model for a multipath trust-based reactive ad hoc routing protocol[C]//Information, Communications and Signal Processing,2009. ICICS 2009. Macau,Dec.2009:1-8.
[136]Pirzada, A.A.; Mcdonald, C.; Datta, A. Performance comparison of trust-based reactive routing protocols[J]//Mobile Computing, IEEE Transactions on,5, Issue:6,2006:695-710.
[137]郑也夫.信任论[M].北京:中国广播电视出版社,2006.
[138]萨利·毕培,杰里米·克迪著周海琴译.信任-企业和个人成功的基础[M].北京:经济管理出版社,2006.
[2]Pontes, E.; Guelfi, A.E. IDS 3G—Third generation for intrusion detection:Applying forecasts and return on security investment to cope with unwanted traffic[J]//Internet Technology and Secured Transactions,2009. ICITST 2009. International Conference for,2009: 1-6.
[3]C. Labovitz, D. McPherson, S. Iekel-Johnson, and M. Hollyman. Internet Traffic Trends-A View from 67 ISPs[OL]. NANOG,2008.Available: http://www.nanog.org/meetings/nanog43/presentations/Labovitz internetstats N43.pdf
[4]李德全.拒绝服务攻击[M].北京:电子工业出版社,2007.
[5]徐恪,徐明伟,吴建平.分布式拒绝服务攻击研究综述[J].小型微型计算机系统,2004,25(3):337-336.
[6]孙长华,刘斌.分布式拒绝服务攻击研究新进展综述[J].电子学报,2009,37(7):1562-1570.
[7]张前忠.分布式防火墙与入侵检测系统的联动技术研究[D],南京:南京理工大学,2008.
[8]姜建国.分布式入侵检测系统与信息融合技术的研究与实践[D].四川:四川大学,2003.
[9]S.R.Snapp,J.Brentano, G.V.Dias etc.DIDS (distributed intrusion detection system)-motivation,architecture, and an early Prototype[C]//Proeeedings of 14th National Computer Security Conferenee. Washington, D.C., October1991:167-176.
[10]Steven R. Snupp, James Brentano, Gihan V. Dias etc. A system for distributed intrusion detection[C]//Compcon Spring'91. Digest of Papers, San Francisco, CA,1991:170-176.
[11]Jing Xu, Yongzhong Li. A New Distributed Intrusion Detection Model Based on Immune Mobile Agent[C]//2009 Asia-Pacific Conference on Information 处理. Shenzhen,China,2009: 461-465.
[12]MO Xiu-liang, WANG Chun-dong, WANG Huai-bin. A Distributed Intrusion Detection System Based on Mobile Agents[C]//Biomedical Engineering and Informatics,2009. BMEI'09. 2nd International Conference on, Tianjin, China,2009:1-5.
[13]F. Abdoli and M. Kahani. Ontology-based Distributed Intrusion Detection System[C]// Proceedings of the 14th International CSI Computer Conference (CSICC'09). Tehran, Oct. 2009:65-70.
[14]Amir Vahid Dastjerdi, Kamalrulnizam Abu Bakar, Sayed Gholam Hassan Tabatabaei. Distributed Intrusion Detection in Clouds Using Mobile Agents[C]//2009 Third International Conference on Advanced Engineering Computing and Applications in Sciences. Sliema, Oct. 2009:175-181.
[15]Ugur Akyazi A. Sima Etaner Uyar. Distributed Intrusion Detection using Mobile Agents against DDoS Attacks[C]//Computer and Information Sciences,2008. ISCIS'08.23rd International Symposium on, Istanbul, Oct.2008:1-6.
[16]Nita Patil, Chhaya Das, Shreya Patankar etc. Analysis of Distributed Intrusion Detection Systems using Mobile Agents[C]//First International Conference on Emerging Trends in Engineering and Technology, Nagpur, Maharashtra,2008:1255-1260.
[17]Xiaohong Qu, Zhijie Liu, Xiaoyao Xie. Research on Distributed Intrusion Detection System Based on Protocol Analysis[C]//Anti-counterfeiting, Security, and Identification in Communication,2009. ASID 2009.3rd International Conference on, Hong Kong, Aug. 2009:421-424.
[18]Stefan Axelsson. The base-rate fallacy and the difficulty of intrusion detection[J]// Information and System Security,3(3),2000:186-205.
[19]Martin Chovanec, Liberios Vokorkos, and Ing. Jan Perhac. SECURITY ARCHITECTURE BASED ON MULTILAYER DISTRIBUTED INTRUSION DETECTION SYSTEM[C]//5th International Symposium on Applied Computational Intelligence and Informatics,Timisoara, Romania, May 2009:301-306.
[20]王海龙,胡宁,龚正虎.Bot_CODA:僵尸网络协同检测体系结构[J].通信学报,2009,30(10A):15-22.
[21]Safaa Zaman and Fakhri Karray. Collaborative Architecture for Distributed Intrusion Detection System[C]//Proceedings of the 2009 IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA 2009),Ottawa, ON,July 2009:1-7.
[22]Adam Grzech. Optimization of Two-level Topological Structure of Distributed Intrusion Detection System[C]//19th International Conference on Systems Engineering, Las Vegas, NV, Aug.2008:337-342.
[23]Adam Grzech, Mariusz Kazmierski. Distributed Intrusion Detection Systems of Computer Communication Networks[C]//New Technologies, Mobility and Security,2008, Tangier, Nov. 2008:1-5.
[24]Adam Grzech. Intelligent Distributed Intrusion Detection Systems of Computer Communication Systems[C]//2009 First Asian Conference on Intelligent Information and Database Systems. Dong Hoi,April 2009:1-6.
[25]Yan Luo, Ke Xiang, Jie Fan etc. Distributed Intrusion Detection with Intelligent Network Interfaces for Future Networks[C]//IEEE ICC 2009 proceedings, Dresden, June 2009:1-5.
[26]Noah Guilbault and Ratan Guha. Experiment Setup for Temporal Distributed Intrusion Detection System on Amazon's Elastic Compute Cloud[C]//ISI 2009, Richardson, TX, USA, June 2009:300-303.
[27]Desheng Fu, Shu Zhou, Ping Guo. The Design and Implementation of a Distributed Network Intrusion Detection System Based on Data Mining[C]//World Congress on Software Engineering, Xiamen,2009:446-451.
[28]史志才,季振洲.分布式网络入侵检测技术研究[J].计算机工程,2005,31(13):112-114.
[29]Andreas Fuchsberger. Intrusion Detection Systems and Intrusion Prevention Systems[J]. Information Security Technical Report 2005,10:134-139.
[30]Zhichun Li, Yan Chen, Aaron Beach.Towards Scalable and Robust Distributed Intrusion Alert Fusion with Good Load Balancing[C]//SIGCOMM'06 Workshops, Pisa, Italy, September 2006.
[31]Ashok Kumar Tummala and Parimal Patel. Distributed IDS using Reconfigurable Hardware[C]//Parallel and Distributed Processing Symposium,2007. IPDPS 2007. IEEE International, Long Beach, CA,March 2007:1-6.
[32]Eugene H. Spafford, Diego Zamboni. Intrusion detection using autonomous agents[C]// Computer Networks, October 2000:547-570.
[33]Jai Balasubramaniyan, Jose Omar Garcia-Fernandez, E. H. Spafford etc. An architecture for intrusion detection using autonomous agents[C]//Computer Security Applications Conference,1998, Proceedings,14th Annual, Phoenix, AZ,1998:13-24.
[34]Diego Zamboni, E. H. Spafford. AAFID2 users guide[M]. Department of Computer Sciences.1998.
[35]Peter G. Neumann, Phillip A. Porras. Experience with EMERALD to Date[OL]. http://www.sdl.sri.com/cgi-bin/WebObjects/SDL.woa/wa/Publications.Apr 1999.
[36]Phillip A. Porras, Peter G. Neumann. EMERALD:Event monitoring enabling responses to anomalous live disturbances[C]//Proceedings of the 20th National Information Systems Security Conference. Oct,1997:1-15.
[37]Phillip A. Porras, Peter G. Neumann. EMERALD Conceptual Overview Statement[C]// First USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, 1996:73-80.
[38]Rajeev Gopalakrishna. A framework for distributed intrusion detection using interest-driven cooperating agents[C]//Proceedings of Recent Advances in Intrusion Detection (RAID),2001:1-23.
[39]邓琦浩.分布式主动协同入侵检测研究与实践[D],河南:解放军信息工程大学,2005.
[40]Ramaprabhu Janakiraman, Marcel Waldvogel, Qi Zhang. Indra:A peer-to-peer approach to network intrusion detection and prevention[C]//Proc,2003 IEEE WET ICE Workshop on Enterprise Security, Linz, Austria. Jun 2003:226-231.
[41]Steven Northcutt. Network intrusion detection-an analyst's handbook[M]. New Riders, ndianapolis, USA,1999.
[42]Jun Gao, Weiming Hu, Xiaoqin Zhang etc. Adaptive Distributed Intrusion Detection Using Parametric Model[C]//2009 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology-Workshops. Milan, Italy,2009:675-678.
[43]Yu Chen, Kai Hwang. Collaborative change detection of DDoS attacks on community and ISP Networks[C]//Collaborative Technologies and Systems,2006. CTS 2006. International Symposium on, May 2006:401-410.
[44]Yu Chen, Kai Hwang,Wei-Shinn Ku. Collaborative detection of DDoS attacks over multiple network domains[J]//Parallel and Distributed Systems, IEEE Transactions on,18, Issue:12, Dec.2007:1649-1662.
[45]Michelle Delio. New Breed of Attack Zombies Lurk[OL]. http://www.wired.com/science/discoveries/news/2001/05/43697:wired,2001.
[46]Aleksandar Kuzmanovic and Edward W. Knightly.Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants)[C]//SIGCOMM'03, Karlsruhe, Germany, August 2003:75-87.
[47]LUO,X. and CHANG, R. K. C.On a New Class of Pulsing Denial-of-Service Attacks and the Defense[C]//Network and Distributed System Security Symposium (NDSS'05), San Diego, CA.February 2005:1-19.
[48]Mina Guirguis,Azer Bestavros, Ibrahim Matta. Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resouces[C]//Proceedings of the 12th IEEE International Conference on Network Protocols (ICNP'04), Oct.2004:184-195.
[49]吴志军,张东.低速率DDoS攻击的仿真和特征提取[J].通信学报,2008,29(6):97-93.
[50]R. Srikant. The Mathematics of Internet Congestion Control[J]//Automatic Control, IEEE Transactions on,50, Issue:1,2005:134-135.
[51]何炎祥,刘陶,曹强等.低速率拒绝服务攻击研究综述[J].计算机科学与探索,2008,2(1):1-19.
[52]Aleksandar Kuzmanovic and Edward W. Knightly.Low-Rate TCP-Targeted Denial of Service Attacks and Counter Strategies [J]//IEEE/ACM TRANSACTIONS ON NETWORKING, VOL.14, NO.4, AUGUST 2006:683-697.
[53]MINA GUIRGUIS, AZER BESTAVROS,IBRAH1M MATTA etc. Reduction of Quality (RoQ) Attacks on Internet End-Systems[C]//INFOCOM 2005.24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE, March 2005:vol.2 1362-1373.
[54]MINA GUIRGUIS, AZER BESTAVROS, IBRAHIM MATTA etc.Reduction of Quality (RoQ) Attacks on Dynamic Load Balancers:Vulnerability Assessment and Design Tradeoffs[C]//IEEE INFOCOM 2007 proceedings, Anchorage, AK,May 2007,857-866.
[55]MINA GUIRGUIS,AZER BESTAVROS, IBRAHIM MATTA.On the Impact of Low-Rate Attacks[C]//IEEE ICC 2006 proceedings, Istanbul,June 2006:2316-2322.
[56]Xiapu Luo, Rocky K. C. Chang, and Edmond W. W. Chan. Performance Analysis of TCP/AQM Under Denial-of-Service Attacks[C]//Proceedings of the 13th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS'05) Sept.2005:97-104.
[57]Xiapu Lou,Edmond w.w.Chan and Rockey k.c.Chang. Vanguard:a new detection scheme for a Class of TCP-targeted Denial-of-Service Attacks[C]//Network Operations and Management Symposium,2006. NOMS 2006.10th IEEE/IFIP, Vancouver, BC, April 2006: 507-518.
[58]Yu Chen, Kai Hwang. Spectral analysis of TCP flows for defense against Reduction-of-Quality attacks [C]//IEEE International Conference on Communications 2007, ICC 2007 proceedings,ICC-2007, Glasgow, Scotland,2007:24-28.
[59]YU CHEN, KAI HWANG, and YU-KWONG KWOK.Collaborative Defense against Periodic Shrew DDoS Attacks in Frequency Domain [J]//ACM Transactions on Information and System Security (TISSEC) on May 3,2005:1-30.
[60]Hao Chen, Yu Chen. A Novel Embedded Accelerator for Online Detection of Shrew DDoS Attacks[C]//International Conference on Networking, Architecture, and Storage, Chongqing June 2008:365-372.
[61]吴志军,岳猛.低速率拒绝服务LDoS攻击性能的研究[J].通信学报,2008,29(6):87-95.
[62]蔡晶,吴志军.基于频谱分析的低速率TCP攻击检测[J].中国民航大学学报,2007年7月:30-32.
[63]姚翼雄,刘颖,吴志军.一种新型拒绝服务攻击的研究[J].学术研究,2007年6月.
[64]魏蔚,董亚波,鲁东明,金光.低速率拒绝服务攻击的检测响应机制[J].浙江大学学 报,2008,42(5):757-762.
[65]Petros Efstathopoulos. Practical Study of a Defense Against Low-Rate TCP-Targeted DoS Attack[J]//Internet Technology and Secured Transactions,2009. London:ICITST,2009:1-6.
[66]Chia-Wei Chang, Seungjoon Lee, Bill Lin and Jia Wang. The Taming of The Shrew: Mitigating Low-Rate TCP-Targeted Attack[C]//2009 29th IEEE International Conference on Distributed Computing Systems, Montreal, Quebec, Canada,2009:137-145.
[67]Gabriel Macia-Fernandez, Jesus E. Diaz-Verdejo,and Pedro Garcia-Teodoro. Mathematical Model for Low-Rate DoS Attacks Against Application Servers[J]//IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL.4, NO.3, SEPTEMBER 2009:519-530.
[68]韩纪庆,张磊,郑铁然编著.语音信号处理[M].北京:清华大学出版社,2004年9月:43-55.
[69]赵力编著.语音信号处理[M].北京:机械工业出版社,2007年3月:35-41.
[70]G. Yang, M. Gerla, and M. Y. Sanadidi. Defense against lowrate tcp-targeted denial-of-service attacks[C]//ISCC'04:Proceedings of the Ninth International Symposium on Computers and Communications 2004 Volume 2 (ISCC"04), Washington, DC, USA, 2004:345-350.
[71]ZHANG Y,MAO Z M,WANG J.Low-rate tcp-targeted dos attack disrupts internet routing[C]//Proc 14th Annual Network&Distributed System Security Symposium (NDSS'07). San Diego,CA,USA,2007:1-15.
[72]V. Paxson and M. Allman. Computing TCP's retransmission timer. Internet RFC 2988, 2000. RFC Editor United States.
[73]M. Allman and V. Paxson. On estimating end-to-end network path properties[C]// Proceedings of ACM SIGCOMM 1999, Cambridge, MA,1999:263-274.
[74]Wei W.A novel mechanism to defend against low-rate denial-of-service attacks[M].United States:Springer Ver-lag, Heidelberg,Germany,2006,3975.
[75]Standard ECMA-368. High Rate Ultra Wideband PHY and MAC Standard. First Edition,December 2005[OL]. http://www.ecma-international.org.
[76]ECMA-369. MAC-PHY Interface for ECMA-368. First Edition,December 2005[OL]. http://www.ecma-international.org
[77]见晓春,吴振强,霍成义,张婕.同源SYN报文两次接收法防御SYN Flood攻击[J].计算机工程与设计,2008,29(6):1440-1442.
[78]梁峰,史杏荣,曲阜平.IEEE802.11i中四次握手过程的安全分析和改进[J].计算机工程,2007,33(3):149-152.
[79]张浩军.无线局域网认证安全基础架构研究与设计[D].河南:解放军信息工程大学,2006年.
[80]Floriano De Rango, Dionigi Cristian Lentini, Salvatore Marano. Static and dynamic 4-way handshake solutions to avoid denial of service attack in Wi-Fi protected access and IEEE 802.11i[J]. EURASIP Journal on Wireless Communications and Networking,vol.2006.2, Apr.2006:1-19.
[81]Songhe Zhao; Shoniregun, C.A.; Imafidon, C. Addressing the vulnerability of the 4-way handshake of 802.11i.In Digital Information Management,2008. ICDIM 2008[C]//Third International Conference on, London,Nov,2008:351-356.
[82]刘坤.无线局域网的安全性研究[D].上海:复旦大学,2008.
[83]C. He, J. C. Mitchell. Analysis of the 802.11i 4-way handshake[C]//Proceedings of the ACM Workshop on Wireless Security (WiSe'04), Philadelphia, Pa, USA, October 2004:43-50.
[84]Changhua He, John C. Mitchell. Analysis of security protocols for wireless networks [D]. Stanford University, Jan.2006.
[85]Jing Liu,Xinming Ye, Jun Zhang, Jun Li. Security Verification of 802.11i 4-Way Handshake Protocol [C]//Communications,2008. ICC'08. IEEE International Conference on, Beijing,May 2008:1642-1647.
[86]Nishi, R.; Hori, Y.; Sakurai, K. Key Distribution Scheme Using Matched Filter Resistant against DoS Attack[C]//Advanced Information Networking and Applications-Workshops, 2008. AINAW 2008.22nd International Conference on, Okinawa,March,2008:1534-1539.
[87]Randall R. Stewart, Qiaobing Xie. Stream control transmission protocol. Addison-Wesley Longman Publishing Co., Inc. Dec.2001
[88]白刚,王重钢,隆克平,程时端,陈俊亮.流控制传输协议SCTP及其性能分析与应用[J].北京邮电大学学报,2001,24(4):62-66.
[89]Joe, I.SCTP with an improved cookie mechanism for mobile ad-hoc networks[C]//Global Telecommunications Conference,2003. GLOBECOM'03. IEEE,2003:3678-3682.
[90]Alan O.Freier. The SSL Protocol v3.0[OL]. http://www.freesoft.org/CIE/Topics/ssl-draft, March 1996.
[91]T.Dierks. The TLS Protocol Version 1.0[OL].http://www.faqs.org/rfcs/rfc2246.html, January 1999.
[92]PClaude Castelluccia, Einar Mykletun, PGene Tsudik Improving secure server performance by re-balancing SSL/TLS handshakes[C]//Proceedings of the 2006 ACM Symposium on Information, computer and communications security,Mar.2006.
[93]Luo Qing, Lin Yaping. Analysis and Comparison of Several Algorithms in SSL/TLS Handshake Protocol [C]//Information Technology and Computer Science,2009. ITCS 2009. International Conference on,2009:613-617.
[94]WAP Forum. Wireless App lication Protocol Wireless Transport Layer Security Specification Version 06[OL]. http://www. wapforum. org.
[95]李彬,王新梅.一种实用的WTLS握手协议[J].西北大学学报(自然科学版),2007,37(6):977-981.
[96]Bin Li. A Forward-Secrecy WTLS Handshake Protocol Based on XTR[C]//Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance, Jun.2009.
[97]陈伟,俞雷,张迎周.802.11协议中RTS/CTS机制的安全漏洞分析[J].计算机应用,2008,28(12):3183-3186.
[98]Jerschow, Y.I.; Scheuermann, B.; Mauve, M. Counter-Flooding:DoS Protection for Public Key Handshakes in LANs[C]//Networking and Services,2009. ICNS'09. Fifth International Conference on,2009:376-382.
[99]E. Pontes, A. Guelfi and E. Alonso. Forecasting for Return on Security Information Investment:New Approach on Trends in Intrusion Detection and Unwanted Internet Traffic[J]// Latin America Transactions, IEEE (Revista IEEE America Latina),Volume:7, Issue:4,2009: 438-445.
[100]于秉球,崔晓燕.浅析超宽带技术面临的挑战及应用前景[J].计算机与网络,564-565.
[101]Kazimierz Siwiak and Debra Mckeown.张中兆,沙学军译.超宽带无线电技术[M].北京:电子工业出版社,2005.
[102]IEEE Standard for Information technology—Telecommunications and Information exchange between systems—Local and metropolitan area networks-Specific requirements, Part 11, Amendment 10:Medium Access Control (MAC) Security Enhancements, IEEE Std 802.11i-2005.
[103]鲁兴虎.网络信任-虚拟与现实之间的挑战[M].南京:东南大学出版社,2003.
[104]付才,洪帆,洪亮,彭冰,崔永泉.基于信任保留的移动Ad Hoc网络安全路由协议TPSRP[J].计算机学报,2007,30(10):1853-1864.
[105]Adnane, A.; Bidan, C.; de Sousa, R.T. Trust-Based Countermeasures for Securing OLSR Protocol [C]//Computational Science and Engineering,2009, Vancouver, BC, Aug. 2009:745-752.
[106]De Sousa, R.T.; Adnane, A.H.; Bidan, C.; Me, L. On the Vulnerabilities and Protections of the OLSR ad hoc Routing Protocol from the point of view of Trust[J]//Latin America Transactions, IEEE (Revista IEEE America Latina),7, Issue:5, Sept.2009:594-602.
[107]Bo Wang, Chuanhe Huang, Wenzhong Yang, Tong Wang. An Individual Behavior-Based Trust Routing Model for Ad Hoc Networks[C]//Multimedia Information Networking and Security,2009. MINES'09, Hubei, Nov.2009:454-457.
[108]Manickam, J.M.L.; Shanmugavel, S. Fuzzy Based Trusted Ad hoc On-demand Distance Vector Routing Protocol for MANET[C]//Advanced Computing and Communications,2007. ADCOM 2007. Guwahati, Assam, Dec.2007:414-421.
[109]Xiaoqi Li, M.R. Lyu, Jiangchuan Liu. A trust model based routing protocol for secure ad hoc networks[C]//Aerospace Conference,2004. Proceedings. March 2004, Vol.2,1286-1295.
[110]Zhiyuan Liu, Shejie Lu, Jun Yan. Secure Routing Protocol based Trust for Ad Hoc Networks[C]//Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing,2007. SNPD 2007, Qingdao,2007:279-283.
[111]崔国华,卢社阶,刘志远,耿永军.Ad hoc网络中基于多径路由协议的信誉机制[J].通信学报,2008,29(5):56-64.
[112]Hothefa Sh.Jassim; Yussof, Salman; Kiong, Tiong Sieh etc. A routing protocol based on trusted and shortest path selection for mobile ad hoc network[C]//Communications (MICC), 2009 IEEE 9th Malaysia International Conference on, Kuala Lumpur, Malaysia, Dec.2009:547-554.
[113]Pushpa, A.Menaka. Trust based secure routing in AODV routing protocol[C]//Internet Multimedia Services Architecture and Applications (IMSAA), Bangalore, India, Dec.2009:1-6.
[114]Ayachi, M.A.; Bidan, C.; Abbes, T.; Bouhoula, A. Misbehavior Detection Using Implicit Trust Relations in the AODV Routing Protocol[C]//Computational Science and Engineering, 2009. CSE'09. Vancouver, BC, Aug.2009:802-808.
[115]Johnson D B,Maltz D A. Dynamic source routing in ad hoc wireless networks[J]. Mobile Computing,1996,12 (6):153-181.
[116]Pirzada, A.A.; Datta, A.; McDonald, C. Trust-based routing for ad-hoc wireless networks[C]//Networks,2004. (ICON 2004). Proceedings. Nov.2004:326-330 vol.1.
[117]Gilaberte, R.L.; Herrero, L.P.; A secure routing protocol for ad hoc networks based on trust[C]//Networking and Services,2007. ICNS. Athens, June 2007:9-9
[118]王翠荣,高齐新,王慧.基于模糊逻辑和遗传算法的可信路由协议[J].哈尔滨工程大学学报,2006,27(6):868-873.
[119]Kun Wang, Meng Wu, Subin Shen. A Trust Evaluation Method for Node Cooperation in Mobile Ad Hoc Networks [C]//Information Technology:New Generations,2008, Las Vegas, NV, April 2008:1000-1005.
[120]周贤伟,吴启武.基于可信度的MANET路由协议综合评估[J].计算机工程,2009,35 (6):20-22.
[121]Huang Chuanhe, Cheng Yong, Shi Wenming, Zhou Hao. A trusted routing protocol for wireless mobile ad hoc networks[C]//Wireless, Mobile and Sensor Networks,2007. CCWMSN07. IET Conference on, Shanghai, China,Dec.2007:406-409.
[122]Chatterjee, P.; Sengupta, I. A Trust based Auction oriented Routing Model for Ad Hoc Networks[C]//Advance Computing Conference,2009. IACC 2009. IEEE International, Patiala, March 2009:874-877.
[123]孙玉星,黄松华,陈力军,谢立.基于贝叶斯决策的自组网推荐信任度修正模型[J].软件学报,2009,20(9):2574-2586.
[124]黄清元,曾迎之,苏金树.ASR:一种自适应移动自组网安全路由协议[J].计算机研究与发展,2008,45(12):2087-2094.
[125]Balakrishnan, V.; Varadharajan, V.; Lucs, P.; Tupakula, U.K. Trust Enhanced Secure Mobile Ad-Hoc Network Routing[C]//Advanced Information Networking and Applications Workshops,2007, AINAW'07, Niagara Falls, Ont. May 2007:27-33.
[126]郭伟,熊忠伟,徐仁佐.MANET主观路由信任研究[J].计算机科学.2009,36(9):63-66.
[127]Yan Sun, Wei Yu, Zhu Han etc. Trust Modeling and Evaluation in Ad Hoc Networks[C]// IEEE GLOBECOM 2005 proceedings.2005:1862-1867.
[128]Yan Lindsay Sun, Wei Yu, Zhu Han etc. Information Theoretic Framework of Trust Modeling and Evaluation for Ad Hoc Networks[J]. IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL.24, NO.2, FEBRUARY 2006.305-317.
[129]Yan (Lindsay) Sun,Zhu Han, K. J. Ray Liu.Defense of Trust Management Vulnerabilities in Distributed Networks[J].IEEE Communications Magazine.46, Issue:2 February 2008,112-119.
[130]Kun Wang, Meng Wu, Pengrui Xia, Subin Shen. A Secure Trust-based Location-Aided Routing for Ad Hoc networks [C]//Communications and Networking in China,2008. ChinaCom 2008, Hangzhou, Aug.2008:835-839.
[131]秦丰林,葛连升,刘琚,段海新.移动自组网的匿名路由协议研究综述[J].小型微型计算机系统,2009,30(11):2169-2175.
[132]Min-Hua Shao,Shin-Jia Huang. Trust Enhanced Anonymous Routing in Mobile Ad-Hoc Networks[C]//Parallel and Distributed Computing, Applications and Technologies,2008. PDCAT 2008, Otago, Dec.2008:335-341.
[133]Sisheng Chen, Li Xu, Zhide Chen. Secure Anonymous Routing in Trust and Clustered Wireless Ad Hoc Networks[C]//Communications and Networking in China,2007. CHINACOM'07. Shanghai, Aug.2007:994-998.
[134]Qian Zhou, Lemin Li, Sheng Wang, Shizhong Xu, Wei Tan. A Novel Approach to Manage Trust in Ad Hoc Networks[C]//Convergence Information Technology,2007, Gyeongju, searchabstract Nov.2007:295-300.
[135]Begriche, Y.; Labiod, H. A bayesian statistical model for a multipath trust-based reactive ad hoc routing protocol[C]//Information, Communications and Signal Processing,2009. ICICS 2009. Macau,Dec.2009:1-8.
[136]Pirzada, A.A.; Mcdonald, C.; Datta, A. Performance comparison of trust-based reactive routing protocols[J]//Mobile Computing, IEEE Transactions on,5, Issue:6,2006:695-710.
[137]郑也夫.信任论[M].北京:中国广播电视出版社,2006.
[138]萨利·毕培,杰里米·克迪著周海琴译.信任-企业和个人成功的基础[M].北京:经济管理出版社,2006.