基于计算智能的自主网络入侵检测方法研究
|
摘要
近年来随着网络技术的迅速发展,网络信息系统在社会各个领域都发挥着巨大的作用,然而网络攻击和风险也随处可见,攻击手段也越发复杂多样。防火墙等静态或者定期更新的防御手段已经不能确保网络信息的安全,网络安全问题成为人们关心的焦点。联网计算机迫切需要一种及时有效的方法来检测并避免网络风险。入侵检测技术作为一种主动的,能够及时发现、阻止网络风险的有效手段,正在被越来越多的人所关注。
入侵检测系统(Intrusion Detection System, IDS)的发展也非常迅速,对网络安全的进步做出了巨大的贡献。但是目前很多IDS都是基于规则检测,他们能非常准确地检测出已知入侵,但是对于新型的攻击或者异常却很难检测。因此,研究并开发出一种能检测出新型攻击的入侵检测系统对推进网络安全的发展有着重大的意义。
基于上述背景,本文对近年来的入侵检测技术的发展进行了研究,重点研究了基于序列模式挖掘的入侵检测以及网络发布算法。提出了一种具有自我学习能力的基于计算智能的自主网络入侵检测方法,并取得了一定成果。
文章主要内容包括:
1、在纯净网络环境下对网络数据流进行采样并提取正常的数据请求序列,对数据请求序列进行分类,提取出正常频繁情景规则。在混杂网络环境下,提取数据流中的频繁情景规则,并采用滑动窗口方法来进行规则匹配,找出异常行为。
2、利用群集智能方法计算对异常行为的异常指数,并提取异常特征序列疫苗。利用网络发布算法对自主网络发布疫苗。采用人工免疫学中的克隆、变异、进化产生相应的抗体,抗体在系统中存在固定的生存周期,分别是未成熟时期,成熟时期和记忆时期。
本文在KDDCUP99数据集上进行仿真实验,实验结果表明在特定环境下,本文方法能够对部分新型攻击的检测率能达到60%以上。
In recent years, with the rapid development of network technology, network plays an enormous role in our lives, however, network risk and network attacks can be seen everywhere. With the development of networks, attacks have also become increasingly complex and diversified. Traditional network security technology, such as firewall, can not ensure the safety of confidential information in networks. How to protect information in networks becomes the focus of the research. As a pro-active and effective method, Intrusion Detection Technology is being more and more emphasized.
Intrusion Detection System (IDS) has been developing rapidly, a lot of tremendous contributions have been made to the safety of the network. However, most of current IDS are rule-based detection, they can detect known intrusion accurately, but it is difficult to detect new type of abnormalities. Therefore, the research of developing a new Intrusion Detection System, which can detect new type of intrusions, is of great significance.
On the basis of above background, we have studied and analyzed the intrusion detection technology in recent years, and focused on data-mining and information spreading technology. Finally, a new method of intrusion detection based on Computational Intelligence was presented in this paper. It is proved effective on specific environment. Main content of this paper are:
1. Get the network service sequence from a pure network environment, and classify network service sequence to extract the normal characteristics of the frequent episode rules. In the promiscuous environment, extract frequent episode. Find out the abnormal behaviors by using a sliding window approach on the sequence.
2. Identify the abnormal behavior and calculate the abnormal score by using swarm intelligence methods. Extract the signature of the abnormal sequence and release to other nodes in the local networks. Artificial Immune technology is used for managing the existed signature in system.
At last, simulation experiment is carried out on the data sets of KDDCUP99. Experiment result shows about 60% of the new attacks in dataset can be recognized.
入侵检测系统(Intrusion Detection System, IDS)的发展也非常迅速,对网络安全的进步做出了巨大的贡献。但是目前很多IDS都是基于规则检测,他们能非常准确地检测出已知入侵,但是对于新型的攻击或者异常却很难检测。因此,研究并开发出一种能检测出新型攻击的入侵检测系统对推进网络安全的发展有着重大的意义。
基于上述背景,本文对近年来的入侵检测技术的发展进行了研究,重点研究了基于序列模式挖掘的入侵检测以及网络发布算法。提出了一种具有自我学习能力的基于计算智能的自主网络入侵检测方法,并取得了一定成果。
文章主要内容包括:
1、在纯净网络环境下对网络数据流进行采样并提取正常的数据请求序列,对数据请求序列进行分类,提取出正常频繁情景规则。在混杂网络环境下,提取数据流中的频繁情景规则,并采用滑动窗口方法来进行规则匹配,找出异常行为。
2、利用群集智能方法计算对异常行为的异常指数,并提取异常特征序列疫苗。利用网络发布算法对自主网络发布疫苗。采用人工免疫学中的克隆、变异、进化产生相应的抗体,抗体在系统中存在固定的生存周期,分别是未成熟时期,成熟时期和记忆时期。
本文在KDDCUP99数据集上进行仿真实验,实验结果表明在特定环境下,本文方法能够对部分新型攻击的检测率能达到60%以上。
In recent years, with the rapid development of network technology, network plays an enormous role in our lives, however, network risk and network attacks can be seen everywhere. With the development of networks, attacks have also become increasingly complex and diversified. Traditional network security technology, such as firewall, can not ensure the safety of confidential information in networks. How to protect information in networks becomes the focus of the research. As a pro-active and effective method, Intrusion Detection Technology is being more and more emphasized.
Intrusion Detection System (IDS) has been developing rapidly, a lot of tremendous contributions have been made to the safety of the network. However, most of current IDS are rule-based detection, they can detect known intrusion accurately, but it is difficult to detect new type of abnormalities. Therefore, the research of developing a new Intrusion Detection System, which can detect new type of intrusions, is of great significance.
On the basis of above background, we have studied and analyzed the intrusion detection technology in recent years, and focused on data-mining and information spreading technology. Finally, a new method of intrusion detection based on Computational Intelligence was presented in this paper. It is proved effective on specific environment. Main content of this paper are:
1. Get the network service sequence from a pure network environment, and classify network service sequence to extract the normal characteristics of the frequent episode rules. In the promiscuous environment, extract frequent episode. Find out the abnormal behaviors by using a sliding window approach on the sequence.
2. Identify the abnormal behavior and calculate the abnormal score by using swarm intelligence methods. Extract the signature of the abnormal sequence and release to other nodes in the local networks. Artificial Immune technology is used for managing the existed signature in system.
At last, simulation experiment is carried out on the data sets of KDDCUP99. Experiment result shows about 60% of the new attacks in dataset can be recognized.
引文
[1] James P. Anderson. Computer Security Threat Monitoring and Surveillance. Technical Report, J.P Anderson - Ft. Washington, Pennsylvania: JP Anderson Co, 1980. http://www.scs.carleton.ca/~soma/id-2007w/readings/ande80.pdf. Visited on Jan 5th, 2009
[2]蒋建春,马恒太,等.网络安全入侵检测:研究综述.软件学报, 2000,(11):04-10.
[3] Statistic of network events in 2008. Visited on Dec 12th, 2008 http://www.cert.org.cn/articles/docs/common/2008112124134.shtml
[4] Dorothy Denning. An Intrusion Detection Model. IEEE Transactions on Software Engineering, 1987, Vol.SE-13(2):222~232.
[5] L. Todd Heberlein, "A network security monitor", In Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, 1990:296-304
[6] HEADY R, LUGER G, MACCABE A, et al. The Architecture of a Network Level Intrusion Detection System. Department of Computer Science, University of New Mexico, 1990:01~75.
[7] Lunt, T.F. Jagannathan, R., et al. A prototype real-time intrusion-detection expert system. In Proceedings of IEEE Symposium on Security and Privacy, 1988:59-66
[8] Forrest S, Perelson A, Cherukuri R. Self-nonself Discrimination in a Computer.In: Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy, Los Almitos, CA, USA: IEEE Computer Society, 1994:202~212.
[9] Chen S S, Cheung S, Crawford R, et al. GRIDS -A graph based intrusion detection system for large networks. In: The 19th National Information Systems Security Conference (NISSC), Baltimore, MD, USA, 1996:361-370
[10]卿斯汉,蒋建春,等.入侵检测技术研究综述.通信学报,2004,(7):04~09.
[11] KIM J, BENTLEY P. The Artificial Immune System for Network Intrusion Detection: An Investigation of Clonal Selection with a Negative Selection Operator [C]. In: Proceedings of the Congress on Evolutionary Computation (CEC-2001). Seoul Korea, Vol.2001:1244~1252.
[12] Anderson, D., Frivold, T. &Valdes, et al. Next generation Intrusion Detection Expert System (IDES): A Summary. 1995, Vol.SRI-CSL:95-104.
[13] Helman, P., Liepins, G., and Richards, W. (1992). Foundations of Intrusion Detection. In Proceedings of the Fifth Computer Security Foundations Workshop. 1992(6):114~120.
[14]戴英侠,连一峰,王航.系统安全与入侵检测.清华大学出版社, 2002年3月.
[15] Deswarte Y, Blain L, Fabre J-C. Intrusion tolerance in distributed computing systems. In: Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, 1991:110-121
[16] Ghosh AK, Michael C, Schatz M. A real time intrusion detection system based onlearning Program behavior In: Debar H, Wu SF, eds. Recent Advances in Intrusion Detection (RAID2000). Toulouse: Spinger-Verlag, 2000.93~109.
[17]唐正军,李建华.入侵检测技术,北京:清华大学出版社, 2004,121-259
[18] The Open source IDS. http://www.snort.org/ Visited on Otc 18th, 2008
[19] Lindqvist, U. Porras, P.A. Detecting computer and network misuse through the production-basedexpert system toolset (P-BEST). In: Proceedings of Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999:146-161
[20] C. Ruschitzka, M. Levitt, Execution monitoring of security-critical programs in distributedsystems: a specification-based approach. In: Proceedings of Proceedings of the 1997 IEEE Symposium on Security and Privacy, 1997:175-187
[21] Carla, T.L., Brodley, E. Temporal sequence learning and data reduction for anomaly detention. In: Proceedings of the 5th Conference on Computer and Communications Security. New York: ACM Press, 1998:150~158.
[22] Terran Lane, Carla E.Brodley, Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security (TISSEC), Vol.02: 295-331
[23]郑凯元,叶茂,李筝,等.基于多智能体的自动免疫接种模型.计算机工程与应用, 2008(08):044:148~151
[24]冯登国.国内外信息安全研究现状及发展趋势.世界科技研究与发展. 2000,22(2).2~8
[25] Tim Bass, Intrusion detection systems and multisensor data fusion, Communications of the ACM, 2000(4), Vol.43:99-105
[26] https://www.cerias.purdue.edu/apps/reports_and_papers/view/1916 Visited on Dec 20th, 2008.
[27]马恒太,蒋建春,陈伟锋,等.基于Agent的分布式入侵检测系统模型.软件学报, 2000,(10) :98~105.
[28] Wenke Lee Stolfo, S.J. Mok, et al, A data mining framework for building intrusion detection models, In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999:120-132.
[29] Clifford Kahn, Phillip A Porras, Stuart Stnaiford-Chen, et al. A Common Intrusion Detection Framework. 2003-06. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.3.3678&rep=rep1&type=pdf Visited on Jan 22th, 2009.
[30] http://groups.csail.mit.edu/medg/projects/maita/documents/cc2/cisl/revised.pdf. Visited on Feb 21th, 2009.
[31]靳蕃.神经计算智能基础原理·方法,西南交通大学出版社, 2000(1),1-155.
[32]高隽.人工神经网络原理及仿真实例,机械工业出版社, 2003(8),1-98
[33]朱莺嘤,叶茂,刘乃琦,李筝,郑凯元.基于Windows Native API序列的系统行为入侵检测.计算机工程与应用, 2008(18):034:109~112
[34] Patrik D'haeseleer, Stephanie Forrest, Paul Helman, An Immunological Approach to Change Detection: Algorithms, Analysis and Implications, Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996(5):110-115
[35]莫宏伟.人工免疫系统原理与应用.哈尔滨工业大学出版社, 2003.6, 106-231
[36] DASGUPTAD. An overview of Artificial Immune Systems and Their Applications. In: Proceedings of Artificial Immune Systems and Their Applications. Berlin: Springer-Verlag, 1998:3-21.
[37]梁可心,基于人工免疫的入侵检测系统的研究与实现:[硕士学位论文].成都:四川大学,2005
[38] S. Forrest, S.A. Hofmeyr, Computer Immunology. Communications of ACM. 1997, 40(10):88~96.
[39] S.A. Hofmeyr, S. Forrest. Architecture for an artificial immune system . Evolutionary Computation. 2000,7(l):45~68.
[40] KIM J, BENTLEY P. Immune Memory in the Dynamic Clonal Selection Algorithm.In: Proceedings of the First International Conference on Artificial Immune System Canterbury, 2002:57~65.
[41] Balthrop, J. S Forrest, MR Glickman. Revisiting LISYS: Parameters and Normal behavior Evolutionary Computation. In: Proceedings of the 2002 Congress.Vol. CEC '02 :1045-1050
[42] Paul D. Williams, Kevin P. Anchor, et al. CDIS: Towards a Computer Immune System for Detecting Network Intrusions. Springer Berlin. 2001(2212/2001):117~133
[43] Harry Anderson. Introduction to Nessus, 2003(10):231-332
[44] Heikki Mannila, A. Inkeri Verkamo. Discovery of Frequent Episodes in Event Sequences. Data Mining and Knowledge Discovery, 1997(9):1:259~289
[45] Wenke Lee, Salvatore J. Stolfo. A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security (TISSEC), 2000(4), Vol. 3: 227-261
[46] Haixun Wang, Wei Fan, Philip S. Yu, Jiawei Han, Mining concept-drifting data streams using ensemble classifiers, In: Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining, 2003(8):226-235.
[47]赵欣,叶茂,朱莺嘤,郑凯元.一种基于序列挖掘的网络入侵检测新方法,计算机工程与应用,已录用
[48] Kai Hwang , Min Cai , Ying Chen , Min Qin, Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes, IEEE Transactions on Dependable and Secure Computing, 2007(1).Vol.4,No.1:41-55.
[49]郑凯元,叶茂,赵欣.基于WINPCAP的入侵预防系统设计与实现.微计算机信息2008(36):45-47
[50] S. Forrest, S.A. Hofmeyr, A. Somayaji, T.A. Longstaff. A sense of self for UNIX processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, 6-8 1996(5):120-128.
[51] Zhenwei Yu, Jeffrey J. P. Tsai and Thomas Weigert, An Automatically Tuning Intrusion Detection System, IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART B: CYBERNETICS, 2007(4), Vol.37, No.2:373-384.
[52] Lane T. Hidden Markov models for human/computer interface modeling. In: Proc. of theInternational AI Society, ed. Proc. of the IJCAI-99 Workshop on Learning about Users. Stockholm: International AI Society, 1999:35-44
[53] Sang-Jun Han and Sung-Bae Cho,Evolutionary Neural Networks for Anomaly Detection Based on the Behavior of a Program,IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART B: CYBERNETICS, 2006(6), Vol.36, No.3:559-570.
[54] Hofmeyr S A, Forrest S, Somayaji A. Intrusion Detection Using Sequences of System Calls. Journal of Computer Security, 1998, 6(3):151-180.
[55]李筝,叶茂,车越岭,朱莺嘤,郑凯元.计算机病毒免疫信息网络发布算法[J],计算机工程与应用,2008(28):105~108
[56]汤宇松,刘相峰,黄亚楼,等.数据挖掘系统设计.系统工程理论与实践,2000,9(8):56~63
[57] ACM Special Interest Group on Knowledge Discovery and Data Mining. http://www.kdd.org/kddcup/index.php visited on Nov. 11th, 2008.
[58]赛门铁克《互联网安全威胁报告》,第一期~第十二期: http://www.symantec.com/zh/cn/business/theme.jsp?themeid=threatreport Visited on Nov. 26th, 2008.
[2]蒋建春,马恒太,等.网络安全入侵检测:研究综述.软件学报, 2000,(11):04-10.
[3] Statistic of network events in 2008. Visited on Dec 12th, 2008 http://www.cert.org.cn/articles/docs/common/2008112124134.shtml
[4] Dorothy Denning. An Intrusion Detection Model. IEEE Transactions on Software Engineering, 1987, Vol.SE-13(2):222~232.
[5] L. Todd Heberlein, "A network security monitor", In Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, 1990:296-304
[6] HEADY R, LUGER G, MACCABE A, et al. The Architecture of a Network Level Intrusion Detection System. Department of Computer Science, University of New Mexico, 1990:01~75.
[7] Lunt, T.F. Jagannathan, R., et al. A prototype real-time intrusion-detection expert system. In Proceedings of IEEE Symposium on Security and Privacy, 1988:59-66
[8] Forrest S, Perelson A, Cherukuri R. Self-nonself Discrimination in a Computer.In: Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy, Los Almitos, CA, USA: IEEE Computer Society, 1994:202~212.
[9] Chen S S, Cheung S, Crawford R, et al. GRIDS -A graph based intrusion detection system for large networks. In: The 19th National Information Systems Security Conference (NISSC), Baltimore, MD, USA, 1996:361-370
[10]卿斯汉,蒋建春,等.入侵检测技术研究综述.通信学报,2004,(7):04~09.
[11] KIM J, BENTLEY P. The Artificial Immune System for Network Intrusion Detection: An Investigation of Clonal Selection with a Negative Selection Operator [C]. In: Proceedings of the Congress on Evolutionary Computation (CEC-2001). Seoul Korea, Vol.2001:1244~1252.
[12] Anderson, D., Frivold, T. &Valdes, et al. Next generation Intrusion Detection Expert System (IDES): A Summary. 1995, Vol.SRI-CSL:95-104.
[13] Helman, P., Liepins, G., and Richards, W. (1992). Foundations of Intrusion Detection. In Proceedings of the Fifth Computer Security Foundations Workshop. 1992(6):114~120.
[14]戴英侠,连一峰,王航.系统安全与入侵检测.清华大学出版社, 2002年3月.
[15] Deswarte Y, Blain L, Fabre J-C. Intrusion tolerance in distributed computing systems. In: Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy, 1991:110-121
[16] Ghosh AK, Michael C, Schatz M. A real time intrusion detection system based onlearning Program behavior In: Debar H, Wu SF, eds. Recent Advances in Intrusion Detection (RAID2000). Toulouse: Spinger-Verlag, 2000.93~109.
[17]唐正军,李建华.入侵检测技术,北京:清华大学出版社, 2004,121-259
[18] The Open source IDS. http://www.snort.org/ Visited on Otc 18th, 2008
[19] Lindqvist, U. Porras, P.A. Detecting computer and network misuse through the production-basedexpert system toolset (P-BEST). In: Proceedings of Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999:146-161
[20] C. Ruschitzka, M. Levitt, Execution monitoring of security-critical programs in distributedsystems: a specification-based approach. In: Proceedings of Proceedings of the 1997 IEEE Symposium on Security and Privacy, 1997:175-187
[21] Carla, T.L., Brodley, E. Temporal sequence learning and data reduction for anomaly detention. In: Proceedings of the 5th Conference on Computer and Communications Security. New York: ACM Press, 1998:150~158.
[22] Terran Lane, Carla E.Brodley, Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security (TISSEC), Vol.02: 295-331
[23]郑凯元,叶茂,李筝,等.基于多智能体的自动免疫接种模型.计算机工程与应用, 2008(08):044:148~151
[24]冯登国.国内外信息安全研究现状及发展趋势.世界科技研究与发展. 2000,22(2).2~8
[25] Tim Bass, Intrusion detection systems and multisensor data fusion, Communications of the ACM, 2000(4), Vol.43:99-105
[26] https://www.cerias.purdue.edu/apps/reports_and_papers/view/1916 Visited on Dec 20th, 2008.
[27]马恒太,蒋建春,陈伟锋,等.基于Agent的分布式入侵检测系统模型.软件学报, 2000,(10) :98~105.
[28] Wenke Lee Stolfo, S.J. Mok, et al, A data mining framework for building intrusion detection models, In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999:120-132.
[29] Clifford Kahn, Phillip A Porras, Stuart Stnaiford-Chen, et al. A Common Intrusion Detection Framework. 2003-06. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.3.3678&rep=rep1&type=pdf Visited on Jan 22th, 2009.
[30] http://groups.csail.mit.edu/medg/projects/maita/documents/cc2/cisl/revised.pdf. Visited on Feb 21th, 2009.
[31]靳蕃.神经计算智能基础原理·方法,西南交通大学出版社, 2000(1),1-155.
[32]高隽.人工神经网络原理及仿真实例,机械工业出版社, 2003(8),1-98
[33]朱莺嘤,叶茂,刘乃琦,李筝,郑凯元.基于Windows Native API序列的系统行为入侵检测.计算机工程与应用, 2008(18):034:109~112
[34] Patrik D'haeseleer, Stephanie Forrest, Paul Helman, An Immunological Approach to Change Detection: Algorithms, Analysis and Implications, Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996(5):110-115
[35]莫宏伟.人工免疫系统原理与应用.哈尔滨工业大学出版社, 2003.6, 106-231
[36] DASGUPTAD. An overview of Artificial Immune Systems and Their Applications. In: Proceedings of Artificial Immune Systems and Their Applications. Berlin: Springer-Verlag, 1998:3-21.
[37]梁可心,基于人工免疫的入侵检测系统的研究与实现:[硕士学位论文].成都:四川大学,2005
[38] S. Forrest, S.A. Hofmeyr, Computer Immunology. Communications of ACM. 1997, 40(10):88~96.
[39] S.A. Hofmeyr, S. Forrest. Architecture for an artificial immune system . Evolutionary Computation. 2000,7(l):45~68.
[40] KIM J, BENTLEY P. Immune Memory in the Dynamic Clonal Selection Algorithm.In: Proceedings of the First International Conference on Artificial Immune System Canterbury, 2002:57~65.
[41] Balthrop, J. S Forrest, MR Glickman. Revisiting LISYS: Parameters and Normal behavior Evolutionary Computation. In: Proceedings of the 2002 Congress.Vol. CEC '02 :1045-1050
[42] Paul D. Williams, Kevin P. Anchor, et al. CDIS: Towards a Computer Immune System for Detecting Network Intrusions. Springer Berlin. 2001(2212/2001):117~133
[43] Harry Anderson. Introduction to Nessus, 2003(10):231-332
[44] Heikki Mannila, A. Inkeri Verkamo. Discovery of Frequent Episodes in Event Sequences. Data Mining and Knowledge Discovery, 1997(9):1:259~289
[45] Wenke Lee, Salvatore J. Stolfo. A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security (TISSEC), 2000(4), Vol. 3: 227-261
[46] Haixun Wang, Wei Fan, Philip S. Yu, Jiawei Han, Mining concept-drifting data streams using ensemble classifiers, In: Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining, 2003(8):226-235.
[47]赵欣,叶茂,朱莺嘤,郑凯元.一种基于序列挖掘的网络入侵检测新方法,计算机工程与应用,已录用
[48] Kai Hwang , Min Cai , Ying Chen , Min Qin, Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes, IEEE Transactions on Dependable and Secure Computing, 2007(1).Vol.4,No.1:41-55.
[49]郑凯元,叶茂,赵欣.基于WINPCAP的入侵预防系统设计与实现.微计算机信息2008(36):45-47
[50] S. Forrest, S.A. Hofmeyr, A. Somayaji, T.A. Longstaff. A sense of self for UNIX processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, 6-8 1996(5):120-128.
[51] Zhenwei Yu, Jeffrey J. P. Tsai and Thomas Weigert, An Automatically Tuning Intrusion Detection System, IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART B: CYBERNETICS, 2007(4), Vol.37, No.2:373-384.
[52] Lane T. Hidden Markov models for human/computer interface modeling. In: Proc. of theInternational AI Society, ed. Proc. of the IJCAI-99 Workshop on Learning about Users. Stockholm: International AI Society, 1999:35-44
[53] Sang-Jun Han and Sung-Bae Cho,Evolutionary Neural Networks for Anomaly Detection Based on the Behavior of a Program,IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART B: CYBERNETICS, 2006(6), Vol.36, No.3:559-570.
[54] Hofmeyr S A, Forrest S, Somayaji A. Intrusion Detection Using Sequences of System Calls. Journal of Computer Security, 1998, 6(3):151-180.
[55]李筝,叶茂,车越岭,朱莺嘤,郑凯元.计算机病毒免疫信息网络发布算法[J],计算机工程与应用,2008(28):105~108
[56]汤宇松,刘相峰,黄亚楼,等.数据挖掘系统设计.系统工程理论与实践,2000,9(8):56~63
[57] ACM Special Interest Group on Knowledge Discovery and Data Mining. http://www.kdd.org/kddcup/index.php visited on Nov. 11th, 2008.
[58]赛门铁克《互联网安全威胁报告》,第一期~第十二期: http://www.symantec.com/zh/cn/business/theme.jsp?themeid=threatreport Visited on Nov. 26th, 2008.