网络入侵检测关键技术研究
|
摘要
高速发展的网络在带给人们便利的同时,其自身的脆弱性也为黑客和恶意攻击者提供了入侵的机会,入侵攻击手段的日益复杂化和多样化对入侵检测的性能提出了更高的要求,在线、自适应、多分类和检测器集成的入侵检测技术成为研究的热点。本文以提高多分类入侵检测系统的性能为目标,针对易分类、易混类、非均衡样本类和未知新类别入侵攻击的特点,研究多分类入侵检测方法,提出了一个在线自适应的多分类入侵检测集成模型。主要包括以下内容:
1)为实现高性能的多分类入侵检测,将主方向分裂划分层次聚类方法应用于入侵检测中。运用矩阵奇异值分解理论寻找分裂的主方向,并依据这个主方向对样本记录进行划分,得到两个子类簇,再不断用同样的方法对需要进一步划分的子类簇进行分裂划分,直到所有的子类簇均不需要进一步划分为止,从而形成基于主方向分裂划分层次聚类的入侵检测模型。由于在寻找主方向时只需要计算出最大的奇异值和奇异向量,而不需要完成整个奇异值分解,因此,这种方法在建模和检测时,具有较好的时间性能;该方法不受初始值的影响,对数据输入顺序不敏感;在聚类时不需要相似性度量,避免了相似性度量对检测器性能的影响。
2)针对易混类入侵攻击检测率低的问题,提出了基于投影寻踪方向分裂划分层次聚类的入侵检测模型。通过优化算法自动寻找训练集的最优投影方向,寻到的投影方向可以使易混类连接记录与其它类连接记录尽量地分开,建立的基本检测模型提高了易混类入侵攻击的检测率,基于基本检测模型,还构建了一种并行检测模型,进一步提高了检测率。
3)针对高维训练样本集中不同类别间记录数量不平衡带来的小类识别率较低的问题,提出了一种基于加权非负矩阵分解的特征提取方法,结合次胜者受罚竞争学习神经网络构建了入侵检测模型。由于加权非负矩阵分解的特征提取加强了小样本类的特征,使不同类别间的界限更加清晰,因此,小样本类的入侵检测率得到有效的提高。
4)针对识别新的未知类别攻击的需求,将自适应共振理论应用于入侵检测中,构建了一种基于ART2神经网络的在线自适应入侵检测模型。该模型是一个两级合成结构,能在动态变化的环境中实时地进行边检测边学习,对同一个输入模式不需要重复学习,具备快速学习能力。不仅可以通过一级检测器识别正常类别连接和已知类别入侵攻击,而且还能通过二级检测器学习新的入侵模式、检测出新的未知类别入侵攻击。
5)为了进一步提高入侵检测系统的整体检测率和效率,研究了分类器集成的各种结构,综合多种单检测器的优点,构建一个三级混合结构的入侵检测集成模型。基于主方向分裂划分层次聚类的一级检测器进行易分类入侵检测,基于加权非负矩阵分解特征提取和投影寻踪分裂划分层次聚类的二级检测器进行易混类和非均衡类入侵检测,基于ART2神经网络的三级检测器对新的未知类别入侵攻击进行检测。这种集成模型充分发挥各个单检测器的优势,对易分类入侵攻击具有快速检测能力,提高了易混类和小样本类入侵攻击的检测率,可以检测出新的未知类别入侵攻击并自适应地学习其轮廓,具有更好的整体性能。
While the network brings convenience to people, its own fragility offers intrusion opportunities for hackers and malicious attackers. Along with the diversity and complexity of intrusion attack, high performance intrusion detection techniques are required, and so the study of on-line detection, adaptive detection and multiclass detection techniques becomes current hotspot. To improve the performance of multiclass intrusion detection system, this dissertation focuses on the study of multiclass intrusion detection methods against the characteristics of the easy classification, easy mixed, imbalanced and new unknown types of attacks, and proposes an adaptive multiclass intrusion detection ensemble model.The main innovative solutions are as follows:
1) To achieve high performance multiclass intrusion detection, the hierarchical clustering based on principal direction divisive partitioning is applied in intrusion detection. The principal direction is found by using the theory of matrix singular value decomposition, by which to split the training set into two subsets and then split subsets similarly, until every subset needs not split, As a result, we obtain the intrusion detection model based on the principal direction divisive partitioning clustering. During modeling and detecting, the method is fast because only the biggest singular value and the corresponding singular vectors are needed to compute while finding the principal direction. Our method is neither affected by the initial values nor sensitive to the input order. Note that the similarity measure is not needed when clustering, which avoids its influence to the performance of the detector.
2) For the low detection accuracy for easy mixed attacks, an intrusion detection model based on the projection pursuit direction divisive partitioning clustering is proposed. The optimal projection direction for the training set is automatically found by the optimization algorithm. The found projection direction can make the easy mixed connections apart from the others as clearly as possible. The basic detection model in the paper improves the detection accuracy for the easy mixed attacks. Also a parallel detection model based on the basic detection model is established to improve the detection accuracy further.
3) To solve the problem of the lower rate for small class detection caused by the imbalance among the numbers of different classes of the high dimensional network connection records, a feature extraction algorithm based on weighted non-negative matrix decomposition is proposed and an intrusion detection model is established by combining the rival penalized competitive learning neural network. Feature extraction based on weighted non-negative matrix decomposition strengthens the features of the small classes and then makes the boundaries of the classifications clearer, so it improves the detection accuracy of the small class significantly.
4) To recognize new unknown type of attacks adaptively, adaptive resonance theory is applied in intrusion detection to establish an online adaptive intrusion detection model based on ART2neural network. The model is structured in two levels and can detect and learn in a dynamic environment on a real-time basis. The model can learn quickly but not need to learn the same input pattern repeatedly. The model recognizes normal connections and known type of attacks by using the first level detector, and also learns new intrusion patterns and detects new unknown types of attacks by using the second level detector.
5) To improve the overall detection accuracy and efficiency of intrusion detection system further, various ensemble structures of classifiers are studied. Combining the advantages of different detectors detecting different attack types, an intrusion detection ensemble model with the three levels of hybrid structures is proposed. The first level detector based on the principal direction divisive partitioning clustering detects the easy classification attacks. The second level detector based on the feature extraction of the weighted non-negative matrix decomposition and the projection pursuit direction divisive partitioning clustering detects the easy mixed and the imbalanced types of attacks. The third level detector based on the ART2neural network recognizes the new unknown types of attacks. This ensemble model develops every single detector's advantages, is able to detect the easy classification attacks quickly, and improves the detection accuracy of the easy mixed and small class of attacks.It can detect new unknown types of attacks and learn their profiles adaptively. So the model in paper has a better overall performance.
1)为实现高性能的多分类入侵检测,将主方向分裂划分层次聚类方法应用于入侵检测中。运用矩阵奇异值分解理论寻找分裂的主方向,并依据这个主方向对样本记录进行划分,得到两个子类簇,再不断用同样的方法对需要进一步划分的子类簇进行分裂划分,直到所有的子类簇均不需要进一步划分为止,从而形成基于主方向分裂划分层次聚类的入侵检测模型。由于在寻找主方向时只需要计算出最大的奇异值和奇异向量,而不需要完成整个奇异值分解,因此,这种方法在建模和检测时,具有较好的时间性能;该方法不受初始值的影响,对数据输入顺序不敏感;在聚类时不需要相似性度量,避免了相似性度量对检测器性能的影响。
2)针对易混类入侵攻击检测率低的问题,提出了基于投影寻踪方向分裂划分层次聚类的入侵检测模型。通过优化算法自动寻找训练集的最优投影方向,寻到的投影方向可以使易混类连接记录与其它类连接记录尽量地分开,建立的基本检测模型提高了易混类入侵攻击的检测率,基于基本检测模型,还构建了一种并行检测模型,进一步提高了检测率。
3)针对高维训练样本集中不同类别间记录数量不平衡带来的小类识别率较低的问题,提出了一种基于加权非负矩阵分解的特征提取方法,结合次胜者受罚竞争学习神经网络构建了入侵检测模型。由于加权非负矩阵分解的特征提取加强了小样本类的特征,使不同类别间的界限更加清晰,因此,小样本类的入侵检测率得到有效的提高。
4)针对识别新的未知类别攻击的需求,将自适应共振理论应用于入侵检测中,构建了一种基于ART2神经网络的在线自适应入侵检测模型。该模型是一个两级合成结构,能在动态变化的环境中实时地进行边检测边学习,对同一个输入模式不需要重复学习,具备快速学习能力。不仅可以通过一级检测器识别正常类别连接和已知类别入侵攻击,而且还能通过二级检测器学习新的入侵模式、检测出新的未知类别入侵攻击。
5)为了进一步提高入侵检测系统的整体检测率和效率,研究了分类器集成的各种结构,综合多种单检测器的优点,构建一个三级混合结构的入侵检测集成模型。基于主方向分裂划分层次聚类的一级检测器进行易分类入侵检测,基于加权非负矩阵分解特征提取和投影寻踪分裂划分层次聚类的二级检测器进行易混类和非均衡类入侵检测,基于ART2神经网络的三级检测器对新的未知类别入侵攻击进行检测。这种集成模型充分发挥各个单检测器的优势,对易分类入侵攻击具有快速检测能力,提高了易混类和小样本类入侵攻击的检测率,可以检测出新的未知类别入侵攻击并自适应地学习其轮廓,具有更好的整体性能。
While the network brings convenience to people, its own fragility offers intrusion opportunities for hackers and malicious attackers. Along with the diversity and complexity of intrusion attack, high performance intrusion detection techniques are required, and so the study of on-line detection, adaptive detection and multiclass detection techniques becomes current hotspot. To improve the performance of multiclass intrusion detection system, this dissertation focuses on the study of multiclass intrusion detection methods against the characteristics of the easy classification, easy mixed, imbalanced and new unknown types of attacks, and proposes an adaptive multiclass intrusion detection ensemble model.The main innovative solutions are as follows:
1) To achieve high performance multiclass intrusion detection, the hierarchical clustering based on principal direction divisive partitioning is applied in intrusion detection. The principal direction is found by using the theory of matrix singular value decomposition, by which to split the training set into two subsets and then split subsets similarly, until every subset needs not split, As a result, we obtain the intrusion detection model based on the principal direction divisive partitioning clustering. During modeling and detecting, the method is fast because only the biggest singular value and the corresponding singular vectors are needed to compute while finding the principal direction. Our method is neither affected by the initial values nor sensitive to the input order. Note that the similarity measure is not needed when clustering, which avoids its influence to the performance of the detector.
2) For the low detection accuracy for easy mixed attacks, an intrusion detection model based on the projection pursuit direction divisive partitioning clustering is proposed. The optimal projection direction for the training set is automatically found by the optimization algorithm. The found projection direction can make the easy mixed connections apart from the others as clearly as possible. The basic detection model in the paper improves the detection accuracy for the easy mixed attacks. Also a parallel detection model based on the basic detection model is established to improve the detection accuracy further.
3) To solve the problem of the lower rate for small class detection caused by the imbalance among the numbers of different classes of the high dimensional network connection records, a feature extraction algorithm based on weighted non-negative matrix decomposition is proposed and an intrusion detection model is established by combining the rival penalized competitive learning neural network. Feature extraction based on weighted non-negative matrix decomposition strengthens the features of the small classes and then makes the boundaries of the classifications clearer, so it improves the detection accuracy of the small class significantly.
4) To recognize new unknown type of attacks adaptively, adaptive resonance theory is applied in intrusion detection to establish an online adaptive intrusion detection model based on ART2neural network. The model is structured in two levels and can detect and learn in a dynamic environment on a real-time basis. The model can learn quickly but not need to learn the same input pattern repeatedly. The model recognizes normal connections and known type of attacks by using the first level detector, and also learns new intrusion patterns and detects new unknown types of attacks by using the second level detector.
5) To improve the overall detection accuracy and efficiency of intrusion detection system further, various ensemble structures of classifiers are studied. Combining the advantages of different detectors detecting different attack types, an intrusion detection ensemble model with the three levels of hybrid structures is proposed. The first level detector based on the principal direction divisive partitioning clustering detects the easy classification attacks. The second level detector based on the feature extraction of the weighted non-negative matrix decomposition and the projection pursuit direction divisive partitioning clustering detects the easy mixed and the imbalanced types of attacks. The third level detector based on the ART2neural network recognizes the new unknown types of attacks. This ensemble model develops every single detector's advantages, is able to detect the easy classification attacks quickly, and improves the detection accuracy of the easy mixed and small class of attacks.It can detect new unknown types of attacks and learn their profiles adaptively. So the model in paper has a better overall performance.
引文
[1]杨义先,钮心忻.入侵检测理论与技术[M].北京:高等教育出版社,2006.
[2]Wunnava S.V, Ernesto R. Data encryption performance and evaluation schemes [C]. In Proeeedings of IEEE Southeast Conference,2002:234-238.
[3]黄元飞,陈麟,唐三平等.信息安全与加密解密核心技术[M].浦东电子出版社,2001.
[4]张焕国,覃中平.高级数据加密标准的研究[J].计算机工程与科学,2001,23(5):91-93.
[5]魏宇欣.网络入侵关键技术研究[D].北京邮电大学,2008.4.
[6]赵安军,曾应员,徐邦海等.网络安全技术与应用[M].人民邮电出版社,2007.
[7]杨宏宇,朱丹,谢丰等.入侵异常检测研究综述[J].电子科技大学学报,2009.9.
[8]卿斯汉,蒋建春,马恒太等.入侵检测技术研究综述[J].通信学报,2004.7,Vo1.25 No.7.
[9]卿斯汉.密码学与计算机网络安全[M].北京:清华大学出版社,2001.
[10]Anderson J. P. Computer Security Threat Monitoring and Surveillance [R]. USA, 1980.
[11]杨宏宇.网络入侵检测技术的研究[D].天津大学,2003.6.
[12]Denning D. E. An Intrusion Detection Model [J]. IEEE Transactions on Software Engineering,1987,13(2):222-232.
[13]马振婴.混合软计算技术在入侵检测中的应用研究[D].重庆大学,2010.4.
[14]Chen S, Tung B, Schnackenberg D. The Common Intrusion Detection Framework-data Formats [R]. Internet Draft Draft-Ietf-Cidf-Data-Formats-00.txt, 1998.
[15]唐正军,李建华.入侵检测技术[M].北京:清华大学出版社,2004.4.
[16]刘海峰,卿斯汉.一种基于审计的入侵检测模型及其实现机制[J].电子学报,2002,30(8):1167-1171.
[17]苏璞睿,李德全,冯登国.基于基因规划的主机异常入侵检测模型[J].软件学报,2003,14(6):1120-1126.
[18]苏璞睿,杨轶.基于可执行文件静态分析的入侵检测模型[J].计算机学报,2006,29(9):1570-1576.
[19]唐勇,卢锡城,胡华平等.基于多序列联配的攻击特征自动提取技术研究[J].计算机学报,2006,29(9):1531-1539.
[20]Eskin E.W, Stolfo S J. Modeling System Calls for Intrusion Detection with Dynamic Window Sizes [C]. Proc of the DARPA Information Survivability Conference and Exposition II (DISCEX II). Anaheim, CA, USA:IEEE Press, 2001:165-175.
[21]Feng H P. Dynamic Monitoring and Static Analysis:New Approaches for Intrusion Detection[D]. Massachusetts Amherst University,2005.
[22]Somayaji A, Forrest S. Automated Response Using System-Call Delays [C]. Proc of the 9th USENIX Security Symposium. Denver, Colorado, USA:USENIX 2000:185-197.
[23]Sun H M, Lin Y H, Wu M F. API Monitoring System for Defeating Worms and Exploits in MS-Windows System [C]. Proc. of 11th Australasian Conference on Information Security and Privacy (ACISP). Melbourne, Australia: Springer-Verlag,2006,4058:159-170.
[24]冯力,孙杰,周晓明等.基于Windows Native API序列的异常检测模型[J].西安交通大学学报,2006,40(4):406-410.
[25]Kruegel C, Kirda E. Automating Mimicry Attacks Using Static Binary Analysis[C]. Proc of 14th USENIX Security Symposium. Baltimore, MD, USA: USENIX,2005,14:11-16.
[26]Chen S, Xu J, Sezer E C, et al. Non-Control-Data Attacks Are Realistic Threats [C]. Proc of 14th USENIX Security Symposium. Baltimore, MD, USA: USENIX,2005:177-192
[27]武斌,郑康锋,杨义先Honeynet中的告警日志分析[J].北京邮电大学学报,2008,31(6):63-66.
[28]Kruegel C, Mutz D, Valeur F, et al. On the Detection of Anomalous System Call Arguments [C]. Proc of 8th European Symposium on Research in Computer Security (ESORICS). Gjovik, Norway:Springer-Verlag,2003:236-343.
[29]Mutz D, Valeur F, Vigna G, et al. Anomalous System Call Detection [J]. ACM Transaction on Information and System Security (TISSEC),2006,9(1):61-93.
[30]Yeung D, DingYuxin. Host-Based Intrusion Detection Using Dynamic and Static Behavioral Models [J]. Pattern Recognition,2003,36(1):229-243.
[31]谭小彬,王卫平,奚宏生等.计算机系统入侵检测的隐马尔可夫模型[J].计算机研究与发展.2003,40(2):245-250.
[32]李昆仑,黄厚宽,田盛丰等.模糊多类支持向量机及其在入侵检测中的应用[J].计算机学报.2005,28(2):274-280.
[33]Robertson W, Vigna G, Kruegel C, et al. Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks [C]. Proc of the 11th Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA, USA:ACM,2006:251-260.
[34]Tandon G, Chan P K. Learning Useful System Call Attributes for Anomaly Detection [C]. Proc of the 18th International FLAIRS Conference. Clearwater Beach, FL, USA:AAAI Press,2005:405-411.
[35]Tandon G, Chan P K. Learning Rules from System Call Arguments and Sequences for Anomaly Detection [C]. Proc of ICDM Workshop on Data Mining for Computer Security (DMSEC). Melbourne, FL, USA:IEEE Computer Society, 2003:20-29.
[36]Tandon G, Chan P K, Mitra D. Data Cleaning and Enriched Representations for Anomaly Detection in System Calls [C]. Proc of Machine Learning and Data Mining for Computer Security:Methods and Applications. London, UK: Springer-Verlag,2006:137-156.
[37]黄金钟,朱淼良,郭晔.基于文法的异常检测[J].浙江大学学报(工学版),2006,40(2):243-248.
[38]Kruegel C, Vigna G. Anomaly Detection of Web-Based Attacks [C]. Proc. of ACM Conference on Computer and Communications Security (CCS). Washington, DC, USA:ACM Press,2003:251-261.
[39]冯力,管晓宏,郭三刚等.采用规划识别理论预测系统调用序列中的入侵企图[J].计算机学报.2004,27(8):1083-1091.
[40]闰巧,谢维信,宋歌等.基于HMM的系统调用异常检测[J].电子学报.2003,31(10):1486-1490.
[41]徐明,陈纯,应晶.基于系统调用分类的异常检测[J].软件学报.2004,15(3):391-403.
[42]潘峰,欧阳明光,汪为农.利用系统调用序列检测入侵的一种新方法[J].上海交通大学学报,2004,38(1):26-28.
[43]蒋建春,马恒太.网络安全入侵检测:研究综述[J].软件学报.2000,n(11):1460-1466.
[44]张世永.网络安全原理与应用[M].北京:科学出版社,2003.
[45]Lee W, Wei F, Miller M, et al. Toward Cost-Sensitive Modeling for Intrusion Detection and Response [J]. Journal of Computer Security,2002,10:5-22.
[46]Portnoy L, Eskin E, Stolfo S J. Intrusion Detection with Unlabeled Data Using Clustering [C]. Proc of ACM CSS Workshop on Data Mining Applied to Security. Philadelphia, USA:ACM Press,2001:5-8.
[47]Leung K, Leckie C. Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters [C]. Proc of 28th Australasian Computer Science Conference (ACSC). Newcastle, Australia:ACM Press,2005:333-342.
[48]Oldmeadow J, Ravinutala S, Leckie C. Adaptive Clustering for Network Intrusion Detection [C]. Proc of the International Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD). Sydney, Australia: Springer-Verlag,2004,3056:255-259.
[49]Wei F, Miller M, Stolfo S J, et al. Using Artificial Anomalies to Detect Unknown and Known Network Intrusions [C]. Proc of IEEE International Conference on Data Mining (ICDM). San Jose, California, USA:IEEE Computer Society,2001: 123-130.
[50]Chen S Staniford, Cheung S, Crawford R, et al. GrIDS-A Graph-Based Intrusion Detection System for Large Networks [C]. In:Proceedings of 19th national information systems security conference.
[51]Zhongmin Cai, Xiaohong Guan, et al. A Rough set Theory based Method for Anomaly Intrusion Detection in Computer Network Systems [J]. Expert System, 2003,20(5):251-259.
[52]李辉,管晓宏等.基于支持向量机的网络入侵检测[J].计算机研究与发展2003,40(6):799-807.
[53]贺龙涛,方滨兴,云晓春.自组织层次式大规模网络入侵检测系统[J].通信学报.2004,25(7):86-92.
[54]王晓锋,方滨兴,云晓春等.并行网络蠕虫模拟中任务优化划分的研究[J].计算机学报.2006,29(8):1367-1374.
[55]蔡忠闽,管晓宏等.基于粗糙理论的入侵检测新方法[J].计算机学报,2003,26(3):361-366.
[56]诸葛建伟,王大为,陈昱等.基于D-S证据理论的网络异常检测方法[J].软件学报,2006,17(3):463-471.
[57]古劲声,蒋铃鸽,何迪.基于混沌同步的网络入侵检测方法[J].上海交通大学学报,2009,43(12):1874-1880.
[58]杨武,云晓春,李建华.一种基于强化规则学习的高效入侵检测方法[J].计算机研究与发展,2006,43(7):1252-1259.
[59]李小勇,刘东喜,谷大武等.基于网络入侵检测的入侵者定位系统[J].上海交通大学学报,2004,38(4):533-536.
[60]Snapp S.R, Brentano J, Dias G.V, et al. DIDS(Distributed Intrusion Detection System)-Motivation, Architecture, and An Early Prototype [C]. Proceedings of the 14th National Computer Security Conf., Vol 10. Washington,1991,167-176.
[61]白媛.分布式网络入侵检测防御关键技术的研究[D].北京邮电大学,2010.
[62]陈硕,安常青.分布式入侵检测系统及其认知能力[J].软件学报.2001,12(2):225-232.
[63]连一峰,戴英侠,胡艳等.分布式入侵检测模型研究[J].计算机研究与发展.2003,40(8):1195-1202.
[64]刘衍晰,田大新,余雪岗等.基于分布式学习的大规模网络入侵检测算法[J].软件学报,2008(04):993-1003.
[65]PaxsonV. Bro:A System for Detecting Network Intruders in Real-Time [C]. In: Proceedings of the 7th USENIX Security Symposium. San Antonio, TX.1998.
[66]姚立红,警小超,李斓等.一种基于有限状态机的隐含信息流分析方法[J].计算机学报.2006,29(s):1460-467.
[67]郭山清,谢立,曾英佩.入侵检测在线规则生成模型[J].计算机学报.2006,29(9):1521-1530.
[68]Valdes A, Skinner K. Adaptive Model-based Monitoring for Cyber Attack Detection [EB/OL]. http://www.sdl.sri.com/projects/emerald/adaptbn-paper/ adaptbn.html.
[69]Teng H S, Chen K, Lu S C. Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns[A]. Proceedings of the IEEE Symposium on Research in Security and Privacy [C]. Oakland CA,1990,12(4): 278-284.
[70]赵海波,李建华,杨宇航.网络入侵智能化实时检测系统[J].上海交通大学学报,1999,33(1):76-79.
[71]Shon T, Km Y, Lee C, et al. A machine learning framework for network anomaly detection using SVM and GA [C]. Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, New York, USA,2005.
[72]杨辉华,王行愚,王勇等.基于KPLS的网络入侵特征抽取及检测方法[J].控制与决策,2005,20(3):251-256.
[73]Seo J. An attack classification mechanism based on multiple support vector machine [C]. In proceedings of the International Conference on Computational Science and Applications,2007:94-103.
[74]Wei Yuxin, Wu Muqing. KFDA and Clustering based Multiclass SVM for Intrusion Detection [J]. The Journal of China Universities of Posts and Telecommunications.2008,15(1):123-128.
[75]肖云,韩崇昭,郑庆华等.一种基于多分类支持向量机的网络入侵检测方法[J].西安交通大学学报,2005,39(6):562-565.
[76]D. Ourston, S. Matzner, et al. Coordinated Internet Attacks:Responding to Attack Complexity [J]. Journal of Computer Security,2004, vol.12, pp.165-190.
[77]Chen Y, LI Y, Chen X Q, et al. Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System [C]. Proceedings of Inscrypt 2006, 153-167.
[78]Zaina A, Maarof M A, Shamsuddin S M. Feature Selection Using Rough Set in Intrusion Detection [C]. TENCON,2006.
[79]熊伟,胡汉平,王祖喜等.基于突变级数的网络流量异常检测[J].华中科技大学学报(自然科学版),2011,39(1):28-31.
[80]李洋,郭莉,陆天波等.TCM-KNN网络异常检测算法优化研究[J].通信学报,2009,30(7):13-19.
[81]王平,方滨兴,云晓春.基于自动特征提取的大规模网络蠕虫检测[J].通信学报,2006,27(6):87-93.
[82]孙宏伟,田新广,李学春等.一种改进的IDS异常检测模型[J].计算机学报,2003,26(11):1450-1455.
[83]Bhatkar S, Chaturvedi A, Sekar R. Dataflow Anomaly Detection [C]. Proc of IEEE Symposium on Security and Privacy (ISP). Berkeley, California, USA: IEEE Computer Society,2006:48-62.
[84]张晓惠,林柏钢.基于特征选择和多分类支持向量机的异常检测[J].通信学报,2009,30(10A):68-73.
[85]徐琴珍,杨绿溪.一种基于有监督局部决策分层支持向量机的异常检测方法[J].电子与信息学报,2010,32(10):2883-2887.
[86]肖海军,王小非,洪帆等.基于特征选择和支持向量机的异常检测[J].华中科技大学学报(自然科学版),2008,36(3):99-102.
[87]张雪芹,顾春华,吴吉义.异常检测中支持向量机最优模型选择方法[J].电子科技大学学报,2011,40(4):559-563.
[88]田新广,孙春来,段洣毅.基于shell命令和Markov链模型的用户行为异常检测[J].电子与信息学报,2007,29(11):2581-2584.
[89]田新广,高立志,孙春来等.基于系统调用和齐次Markov链模型的程序行为异常检测[J].计算机研究与发展,2007,44(9):1538-1544.
[90]邬书跃,田新广.基于隐马尔可夫模型的用户行为异常检测新方法[J].通信学报,2007,28(4):38-43.
[91]赵静,黄厚宽,田盛丰.基于隐Markov模型的协议异常检测[J].计算机研究与发展,2010,47(4):621-627.
[92]潘峰,丁云飞,汪为农.两种基于统计的入侵检测技术[J].上海交通大学学报,2004,38(10):204-207.
[93]李红娇,李建华.基于程序行为异常检测的数据流属性分析[J].上海交通大学学报,2007,41(11):1778-1782.
[94]Kruegel C, Toth T. Using Decision Trees to Improve Signature Based Intrusion Detection [C]. In:Proc of RAID 2003. Berlin, Germany:Springer Verlag Press, 2003,173-191.
[95]Kang D K, Fuller D, Honavar V. Learning Classifiers for Misuse Detection Using A Bag of System Calls Representation [C]. Proc of IEEE International Conference on Intelligence and Security Informatics (ISI). Atlanta, GA, USA: IEEE Computer Society,2005:511-516.
[96]Erbacher R F, Frincke D. Visualization in Detection of Intrusions and Misuse In large Scale Networks [C]. In:Proc of the International Conference on Information Visualization. Los Alamitos, USA:IEEE Computer Society Press, 2000,294-299.
[97]Ilgun K. Ustat:A Real-Time Intrusion Detection System for UNIX [D]. Computer Science Dep University of California Santa Barbara,1992.
[98]Lindqvist U,Porras P.A. Detecting computer and network misuse through the production-based expert system toolset(P-BEST) [C], Proceedings of the 1999 IEEE Symp. on Security and Privacy. Oakland,1999:146-161.
[99]Ilgun K, Richard AK, Phillip A P. State Transition Analysis:A Rule-based Intrusion Detection [J]. IEEE Trans Software Engineering,1995,21(3):181-199.
[100]张连华,张冠华,张洁等.基于粗糙集分类的网络入侵检测[J].上海交通大学学报,2004(z1):194-199.
[101]Levin I. KDD-99 Classifier Learning Contest LLSoft's Results Overview [J]. SIGKDD Explorations, Vol.1, No.2. (2000):67-75.
[102]李亮,李汉菊,黎明.用决策树改进基于协议分析的入侵检测技术[J].华中科技大学学报,2004.12,32(12)
[103]Dickerson J. E, Dickerson J. A. Fuzzy Network Profiling for Intrusion Detection [C]. In:Proceedings of NAFIPS 19th International Conference of the North American Fuzzy Information Processing Society, Atlanta,2000.
[104]Idris N. B, Shanmugam B. Artificial Intelligence Techniques Applied to Intrusion Detection [C]. In:IEEE Indicon 2005 Conference, Chennai, India, pp 52-55.
[105]Luo J. Integrating Fuzzy Logic with Data Mining Methods for Intrusion Detection [D]. Masters Thesis. Mississippi State University,1999.
[106]Cunningham R, Lippmann R. Detecting Computer Attackers:Recognizing Patterns of Malicious Stealthy Behavior [R].MIT Lincoln Laboratory Presentation to CERIAS,2000a
[107]Cunningham R, Lippmann R. Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks[J]. Computer Network,2000b 34(4): 597-603.
[108]Tjhai G. C, Furnell S. M, PaPadaki M, et al. A Preliminary Two-Stage Alarm Correlation and Filtering System Using SOM Neural Network and K-means Algorithm[C]. Computers& Security,2010,29(6):712-723
[109]张雪芹,顾春华,吴吉义.基于约简支持向量机的快速入侵检测算法[J].华南理工大学学报,2011,39(2):108-112.
[110]Fortuna C, Fortuna B, Mohorcic M. Anomaly Detection in Computer Networks Using Linear SVMs [C]. SiKDD 2007, Ljubljana, Slovenia.
[111]绕鲜,董春曦,杨绍全.基于支持向量机的入侵检测系统[J].软件学报,2003,14(4):798-803.
[112]Wang Y.X,Wong J,Miner A. Anomaly Intrusion Detection using One Class SVM [C]. Proceedings of 5th Annual IEEE SMC, Information Assurance Workshop. Jun,2004:358-364.
[113]Sung A.H. Identify important features for intrusion detection using Support Vector machines and neural networks [C]. Proeeedings of the 2003 Symposium on APPlications and the Intenet,2003.
[114]Sung H, Mukkamala S. Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines[C]. In:82nd Annual Meeting of The Transportation Research Board of the National Academies, Washington DC, USA.2003.
[115]Eskin E, Arnold A, Prerau M. Applications of data mining in computer security [M]. Norwell, MA, USA:Kluwer Academic Publishers,2002.
[116]蒋盛益,李庆华.基于引力的入侵检测方法[J].系统仿真学报,2005,17(9):2202-2206.
[117]王飞,钱玉文,王执铨.基于无监督聚类算法的入侵检测[J].南京理上大学学报(自然科学版),2009,33(3):289-292.
[118]钟勇,林冬梅,秦小麟.一种基于查询密度聚类的异常检测算法[J].系统工程与电子技术,2007,29(4):640-646.
[119]Yongguo Liu, Kefei Chen, Xiaofeng Liao, et al. A Genetic Clustering Method for Intrusion Detection [J]. Pattern Reeognition, May 2004,37(5):927-942.
[120]罗敏,王丽娜,张焕国.基于无监督聚类的入侵检测方法[J].电子学报.2003,31(11):1713-1716.
[121]崔竞松,王丽娜,张焕国等.一种并行容侵系统研究模型-RC模型[J].计算机学报.2004,27(4):500-506.
[122]肖立中,邵志清,马汉华等.网络入侵检测中的自动决定聚类数算法[J].软件学报,2008,19(8),2140-2148.
[123]包振,何迪.一种基于图论的入侵检测方法[J].上海交通大学学报,2010,44(9):1176-1180.
[124]梅海彬,龚俭,张明华.基于警报序列聚类的多步攻击模式发现研究[J].通信学报,2011,32(5):63-69.
[125]Jiang SY, Song XY, Wang H, et al. A clustering-based method for unsupervised intrusion detections [J]. Pattern Recognition Letters,2006,27(7):802-810.
[126]Panda M, Patra M. R. A Comparative Study of Data Mining Algorithms for Network Intrusion Detection [C]. In:Proceedings of First International Conference on Emerging Trends in Engineering and Technology, IEEE Computer Society.2008.
[127]Menahem E, Shabtai A, Rokach L, et al. Improving Malware Detection By Applying Multi-Inducer Ensemble [J]. Comput Stat Data Anal 2009,53(4): 1483-1494.
[128]Gharibian F, Ghorbani A.A. Comparative Study of Supervised Machine Learning Techniques for Intrusion Detection [C]. In:Proceedings of Fifth Annual Conference on Communication Networks and Services Research (CNSR"07), pp 350-358.
[129]Wang G, Hao J, MaJ, et al. A New Approach to Intrusion Detection Using Artificial Neural Networks and Fuzzy Clustering [J]. Expert Systems with Applications,2010,37(9):6225-6232.
[130]Tsai C. F, Hsu Y. F, Lin C. Y, Lin W. Y. Intrusion Detection by Machine Learning:A Review [J]. Expert Syst Appl 2009,36(10):11994-12000.
[131]Peddabachigari S, Abraham A, Grosan C, Thomas J. Modeling Intrusion Detection System Using Hybrid Intelligent Systems [J]. J Netw Comput Appl, 2007,30:114-132.
[132]Mukkamala S, Sung A. H, Abraham A. Intrusion Detection Using An Ensemble of Intelligent Paradigms [J]. J. Netw Comput Appl 2005,28:167-182.
[133]Chebrolu S, Abraham A, Thomas J. P. Feature Deduction and Ensemble Design of Intrusion Detection Systems [J]. Int J Comput Secur,2005,24(4):295-307.
[134]Sabhnani M, Serpen G. Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context [R]. EECS, University of Toledo,2003.
[135]Zainal A, Maarof M. A, Shamsuddin S. M. Ensemble Classifiers for Network Intrusion Detection System [J]. J Inf Assur Secur 4:217-225.2009
[136]Rokach Lior. Ensemble-based Classifiers [J]. Artif Intell Rev,2010,33(1-2): 1-39.
[137]蒋盛益.基于聚类的入侵检测算法研究[M].北京:科学出版社,2008.8.
[138]赵阔.高速网络入侵检测与防御[D].吉林大学,2008.12.
[139]KDD Cup 1999数据集[EB/OL]. http://kdd.ics.uci.edu/databases/kddcup99/ kddcup99. html.
[140]DARPA1998数据集[EB/OL]. http://www.11.mit.edu/mission/communications/ ist/corpora/ideval/data/index.html
[141]MIT Lincoln Laboratory.1999 DARPA Intrusion Detection Evaluation Design and Procedure [R]. DARPA technical report,2001.
[142]Stolfo S J, Wenke Lee, Chan P K, et al. Data Ming-based Intrusion Detectors: An Overview of the Columbia IDS Project [J]. ACM SIGMOD Record,2001, 30(4):5-14.
[143]史美林,钱俊,许超.入侵检测系统数据集评测研究[J].计算机科学,2006,33(8):1-8.
[144]张新有,曾华燊,贾磊.入侵检测数据集KDD Cup 99研究[J].计算机工程与设计,2012,31(22):4809-4812.
[145]蒋盛益,李庆华.有指导的入侵检测方法研究[J].通信学报,2006.3.Vol.27-3.
[146]L. Portnoy, Eskin E, Stolfo S. Intrusion Detection with Unlabeled Data Using Clustering [C]. In Proceeding of ACM CSS Workshop on Data Mining Applied to Security. Philadelphia, USA.2001.
[147]Eskin E, Arnold A, Prerau M, et al. A Geometric Framework for Unsupervised Anomaly Detection:Detecting Intrusions in Unlabeled Data [C]. In:Data Mining for Security Applications [M], Kluwer,2002,78-99.
[148]Munz G, Li S, Carle G. Traffic Anomaly Detection Using K-means Clustering [M]. Hamburg. Germany.2007.
[149]向继,高能,荆继武.聚类得法在网络入侵检测中的应用[J].计算机工程,2003(16):48-49,185.
[150]P. K. Chan, M. V. Mahoney, M. H. Arshad. A Machine Learning Approach to Anomaly Detection [R]. Technical Report CS-2003-06,2003.
[151]Brian S, Everitt, et al. Cluster Analysis [M]. London:Arnold,2001.
[152]Kaufman L., Rousseeuw P. J. Finding Groups in Data:An Introduction to Cluster Analysis [M]. New york:John Wiley & Sons,1990.
[153]Daniel Boley. Principal Direction Divisive Partitioning [J]. Data Mining and Knowledge Discovery.1998,2(4):325-344.
[154]胡茂林.矩阵计算与应用[M].北京:科学出版社.2008.5.
[155]G. H. Golub, C. F. Van Loan. Matrix Computations [M]. Johns Hopkins Univ.Press,3rd edition,1996.
[156]Berry M.W., S.T. Dumais, G.W. O'Brien. Using Linear Algebra for Intelligent Information Retrieval [J]. SIAM Review,1995, vol.37, pp.573-595.
[157]Berry M.W., Z. Drmac, E.R. Jessup. Matrices, Vector Spaces and Information Retrieval [J]. SIAM Review,1999, vol.41, pp.335-362.
[158]Golub, G. H, C.F. van Loan. Matrix Computations (3rd edition) [M]. The Johns Hopkins University Press,1996.
[159]Lanczos. C. An Iteration Method for the Solution of The Eigenvalue Problem of Linear Differential and Integral Operators [J]. J. Res. Nat. Bur. Stand,1950, vol.45, pp.255-282.
[160]Kayacik H.G, Zincir-Heywood A.N, Heywood M.I. On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection [C]. Proc. of the Second Annual Conference on Communication Networks and Services Research(CNSR'O4).
[161]张连蓬.基于投影寻踪和非线性主曲线的高光谱遥感图像特征提取及分类研究[D].山东科技大学,2003.4.
[162]Friedman J. H, Tukey J. W. A Projection Pursuit Algorithm for Exploratory Data Analysis [J]. IEEE Trans on Computer,1974,23 (9):881-890.
[163]高茂庭.文本聚类分析若干问题研究[D].天津大学,2006.12.
[164]付强,赵小勇.投影寻踪模型原理及其应用[M].科学出版社,2006.6.
[165]Jimenez L, Landgrebe D. Hyperspectral Data Analysis and Feature Reduction Via Projection Pursuit [J]. IEEE Transactions on Geoscience and Remote Sensing,1999,37 (6):26532667.
[166]易尧华.基于投影寻踪的多(高)光谱影像分析方法研究[D].武汉大学,2004.10.
[167]Pi-Fuei Hsieh, David Landgrebe. Classification of High Dimensional Data [R]. Tr-Ece 98-4, May 1998. School of Electrical and Computer Engineering Purdue University West Lafayette, Indiana 47907-1285.
[168]G. F. Hughes, "On the mean accuracy of statistical pattern recognizers," IEEE Transactions on Information Theory, vol. IT-14, No.1, pp.55-63,1968.
[169]Kubat M, Matwin S. Addressing the Curse of Imbalanced Training Sets: One-Sided Selection [C]. Proc. of the 14th International Conference on Machine Learning. San Francisco, USA,1997:179-186
[170]Maloof M A. Learning When Data Sets Are Imbalanced and When Costs Are Un equal and Unknown [C]. Proc. of the Workshop on Learning from Imbalanced Data Sets. Washington, USA,2003:73-80
[171]Chawla N N, Bowyer K W, Kegelmeyer W P. SMOTE:Synthetic Minority Over-Sampling Technique [J]. Journal of Artificial Intelligence Research, 2002,16:321-357
[172]Jo T, Japkowicz N. Class Imbalances Versus Small Disjuncts [J]. ACM SIGKDD Explorations News Letter,2004,6(1):40-49
[173]Sun Yanm in, Kamel M S, Wang Yang. Boosting for Learning Multiple Classes with Imbalanced Class Distribution[C]//Proc of the 6th International Conference on Data Mining. Hongkong, China,2006,592-602
[174]Lee D., Seung H. Learning the Parts of Objects by Nonnegative Matrix Factorization [J]. Nature,1999,401(21),788-791.
[175]Lee D., Seung H. Algorithms for Non-negative Matrix Factorization [C]. Adv. Neural Info. Proc. Syst.,2001,13:556-562.
[176]李乐,章毓晋.非负矩阵分解算法综述[J].电子学报,2008(4):737-743.
[177]LIU Ji-fen.Visual Intrusion Detection Method based on Weighted Non-negative Matrix Factorization [J]. Journal of Computational Information Systems,2013, 9(3):829-836..
[178]刘积芬.基于非负矩阵分解的可视化入侵检测分类方法[J].计算机工程与应用,2012.48(30):117-121.
[179]Lei Xu, Adam Krzyzak, Erkki Oja. Rival Penalized Competitive Learning for Clustering Analysis, RBF Net, and Curve Detection [J]. IEEE Transactions on Neural Networks,4(4) (1993) 636-649.
[180]Lei Xu, Adam Krzyzak, Erkki Oja. Unsupervised and Supervised Classification by Rival Penalized Competitive Learning [C]. In Proc.11th International Conference on Pattern Recognition, The Hague The Netherlands (1992) 492-496.
[181]LIU Ji-fen, GAO Mao-ting. Unsupervised Classification Algorithm for Intrusion Detection based on Competitive Learning Network [C].2008 International Symposium on Information Science and Engineering, China,2008,519-523.
[182]V. Blondel, N. D. Ho, P. V. Dooren. Algorithms for Weighted Non-negative Matrix Factorization [R/OL]. http://www.inma.ucl.ac.bc/publi/303209.pdf, 2007-3-15.
[183]S. C.Ahalt, A. K. Krishmamurty, P. Chen, D. E. Melton. Competitive Learning Algorithms for Vector Quantization [J], Neural Networks,1990(3):277-191.
[184]V. Jyothsna, V. V. Rama Prasad, K. Munivara Prasad. A Review of Anomaly based Intrusion Detection Systems [J], International Journal of Computer Applications,2011,28(7):26-35.
[185]M. Hossain, S. M. Bridges. A Framework for An Adaptive Intrusion Detection System with Data Mining [C]. In Proceedings of the 13th Annual Canadian Information Technology Security Symposium, Ottawa, Canada, June 2001.
[186]K. Yamanishi, J. Takeuchi, G. Williams. On-line Unsupervised Outlier Detection Using Finite Mixtures with Discounting Learning Algorithms [J]. Data Ming and Knowledge Discovery,8:275-300,2004.
[187]S. Grossberg. Adaptive Pattern Classification and Universal Recoding, II: Feedback, Expectation, Olfaction, and Illusions [J]. Biol. Cybern.1976(23), 187-202.
[188]G A. Carpenter, S. Grossberg. ART2:Self-organization of Stable Category Recognition Codes for Analog Input Patterns [J]. Applied Optics,26,1987, pp. 4919-4930.
[189]马锐.人工神经网络原理[M].北京:机械工业出版社,2008.
[190]G A. Carpenter and S. Grossberg. ART 3:Hierarchical Search Using Chemical Transmitters in Self-Organizing Pattern Recognition Architectures^J]. Neural Networks,1990(3),129-152.
[191]杜彦辉,马锐,刘玉树.基于ART2的网络入侵检测算法[J].计算机工程与应用,2003.6.
[192]Thomas G, Dietterich. Machine Learning Research:Four Current Directions [J]. AI Magazine,1997,18(4):97-136.
[193]Thomas G, Dietterich. Ensemble Learning [M]. In the Handbook of Brain Theory and Neural Networks, Second Edition,2002.
[194]张丽新.高维数据的特征选择及基于特征选择的集成学习研究[D].清华大学,2004.
[195]Kittler J, Hatef M, Duin R. P, et al. on Combining Classifiers [J], IEEE Transactions on Pattern Analysis and Machine Intelligence,1998,20(3):226-239.
[196]Jain A. K, Duin R. P. W, Mao J. C. Statistical Pattern Recognition:A Review [J]. IEEE Transactions on Pattern Analysis and Machine Intelligence,2000,22(1): 4-37.
[197]周志华,陈世福.神经网络集成[J].计算机学报,2002.25(1):1-8.
[198]J. Asker, R. Maclin. Ensemble as A Sequence of ClassifiersfC], In:Proeeedings of the Fifteenth International Joint Conference on Artificial Intelligence. Nagoya, Aichi, Japan:Morgan Kaufmann,1997,860-865.
[2]Wunnava S.V, Ernesto R. Data encryption performance and evaluation schemes [C]. In Proeeedings of IEEE Southeast Conference,2002:234-238.
[3]黄元飞,陈麟,唐三平等.信息安全与加密解密核心技术[M].浦东电子出版社,2001.
[4]张焕国,覃中平.高级数据加密标准的研究[J].计算机工程与科学,2001,23(5):91-93.
[5]魏宇欣.网络入侵关键技术研究[D].北京邮电大学,2008.4.
[6]赵安军,曾应员,徐邦海等.网络安全技术与应用[M].人民邮电出版社,2007.
[7]杨宏宇,朱丹,谢丰等.入侵异常检测研究综述[J].电子科技大学学报,2009.9.
[8]卿斯汉,蒋建春,马恒太等.入侵检测技术研究综述[J].通信学报,2004.7,Vo1.25 No.7.
[9]卿斯汉.密码学与计算机网络安全[M].北京:清华大学出版社,2001.
[10]Anderson J. P. Computer Security Threat Monitoring and Surveillance [R]. USA, 1980.
[11]杨宏宇.网络入侵检测技术的研究[D].天津大学,2003.6.
[12]Denning D. E. An Intrusion Detection Model [J]. IEEE Transactions on Software Engineering,1987,13(2):222-232.
[13]马振婴.混合软计算技术在入侵检测中的应用研究[D].重庆大学,2010.4.
[14]Chen S, Tung B, Schnackenberg D. The Common Intrusion Detection Framework-data Formats [R]. Internet Draft Draft-Ietf-Cidf-Data-Formats-00.txt, 1998.
[15]唐正军,李建华.入侵检测技术[M].北京:清华大学出版社,2004.4.
[16]刘海峰,卿斯汉.一种基于审计的入侵检测模型及其实现机制[J].电子学报,2002,30(8):1167-1171.
[17]苏璞睿,李德全,冯登国.基于基因规划的主机异常入侵检测模型[J].软件学报,2003,14(6):1120-1126.
[18]苏璞睿,杨轶.基于可执行文件静态分析的入侵检测模型[J].计算机学报,2006,29(9):1570-1576.
[19]唐勇,卢锡城,胡华平等.基于多序列联配的攻击特征自动提取技术研究[J].计算机学报,2006,29(9):1531-1539.
[20]Eskin E.W, Stolfo S J. Modeling System Calls for Intrusion Detection with Dynamic Window Sizes [C]. Proc of the DARPA Information Survivability Conference and Exposition II (DISCEX II). Anaheim, CA, USA:IEEE Press, 2001:165-175.
[21]Feng H P. Dynamic Monitoring and Static Analysis:New Approaches for Intrusion Detection[D]. Massachusetts Amherst University,2005.
[22]Somayaji A, Forrest S. Automated Response Using System-Call Delays [C]. Proc of the 9th USENIX Security Symposium. Denver, Colorado, USA:USENIX 2000:185-197.
[23]Sun H M, Lin Y H, Wu M F. API Monitoring System for Defeating Worms and Exploits in MS-Windows System [C]. Proc. of 11th Australasian Conference on Information Security and Privacy (ACISP). Melbourne, Australia: Springer-Verlag,2006,4058:159-170.
[24]冯力,孙杰,周晓明等.基于Windows Native API序列的异常检测模型[J].西安交通大学学报,2006,40(4):406-410.
[25]Kruegel C, Kirda E. Automating Mimicry Attacks Using Static Binary Analysis[C]. Proc of 14th USENIX Security Symposium. Baltimore, MD, USA: USENIX,2005,14:11-16.
[26]Chen S, Xu J, Sezer E C, et al. Non-Control-Data Attacks Are Realistic Threats [C]. Proc of 14th USENIX Security Symposium. Baltimore, MD, USA: USENIX,2005:177-192
[27]武斌,郑康锋,杨义先Honeynet中的告警日志分析[J].北京邮电大学学报,2008,31(6):63-66.
[28]Kruegel C, Mutz D, Valeur F, et al. On the Detection of Anomalous System Call Arguments [C]. Proc of 8th European Symposium on Research in Computer Security (ESORICS). Gjovik, Norway:Springer-Verlag,2003:236-343.
[29]Mutz D, Valeur F, Vigna G, et al. Anomalous System Call Detection [J]. ACM Transaction on Information and System Security (TISSEC),2006,9(1):61-93.
[30]Yeung D, DingYuxin. Host-Based Intrusion Detection Using Dynamic and Static Behavioral Models [J]. Pattern Recognition,2003,36(1):229-243.
[31]谭小彬,王卫平,奚宏生等.计算机系统入侵检测的隐马尔可夫模型[J].计算机研究与发展.2003,40(2):245-250.
[32]李昆仑,黄厚宽,田盛丰等.模糊多类支持向量机及其在入侵检测中的应用[J].计算机学报.2005,28(2):274-280.
[33]Robertson W, Vigna G, Kruegel C, et al. Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks [C]. Proc of the 11th Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA, USA:ACM,2006:251-260.
[34]Tandon G, Chan P K. Learning Useful System Call Attributes for Anomaly Detection [C]. Proc of the 18th International FLAIRS Conference. Clearwater Beach, FL, USA:AAAI Press,2005:405-411.
[35]Tandon G, Chan P K. Learning Rules from System Call Arguments and Sequences for Anomaly Detection [C]. Proc of ICDM Workshop on Data Mining for Computer Security (DMSEC). Melbourne, FL, USA:IEEE Computer Society, 2003:20-29.
[36]Tandon G, Chan P K, Mitra D. Data Cleaning and Enriched Representations for Anomaly Detection in System Calls [C]. Proc of Machine Learning and Data Mining for Computer Security:Methods and Applications. London, UK: Springer-Verlag,2006:137-156.
[37]黄金钟,朱淼良,郭晔.基于文法的异常检测[J].浙江大学学报(工学版),2006,40(2):243-248.
[38]Kruegel C, Vigna G. Anomaly Detection of Web-Based Attacks [C]. Proc. of ACM Conference on Computer and Communications Security (CCS). Washington, DC, USA:ACM Press,2003:251-261.
[39]冯力,管晓宏,郭三刚等.采用规划识别理论预测系统调用序列中的入侵企图[J].计算机学报.2004,27(8):1083-1091.
[40]闰巧,谢维信,宋歌等.基于HMM的系统调用异常检测[J].电子学报.2003,31(10):1486-1490.
[41]徐明,陈纯,应晶.基于系统调用分类的异常检测[J].软件学报.2004,15(3):391-403.
[42]潘峰,欧阳明光,汪为农.利用系统调用序列检测入侵的一种新方法[J].上海交通大学学报,2004,38(1):26-28.
[43]蒋建春,马恒太.网络安全入侵检测:研究综述[J].软件学报.2000,n(11):1460-1466.
[44]张世永.网络安全原理与应用[M].北京:科学出版社,2003.
[45]Lee W, Wei F, Miller M, et al. Toward Cost-Sensitive Modeling for Intrusion Detection and Response [J]. Journal of Computer Security,2002,10:5-22.
[46]Portnoy L, Eskin E, Stolfo S J. Intrusion Detection with Unlabeled Data Using Clustering [C]. Proc of ACM CSS Workshop on Data Mining Applied to Security. Philadelphia, USA:ACM Press,2001:5-8.
[47]Leung K, Leckie C. Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters [C]. Proc of 28th Australasian Computer Science Conference (ACSC). Newcastle, Australia:ACM Press,2005:333-342.
[48]Oldmeadow J, Ravinutala S, Leckie C. Adaptive Clustering for Network Intrusion Detection [C]. Proc of the International Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD). Sydney, Australia: Springer-Verlag,2004,3056:255-259.
[49]Wei F, Miller M, Stolfo S J, et al. Using Artificial Anomalies to Detect Unknown and Known Network Intrusions [C]. Proc of IEEE International Conference on Data Mining (ICDM). San Jose, California, USA:IEEE Computer Society,2001: 123-130.
[50]Chen S Staniford, Cheung S, Crawford R, et al. GrIDS-A Graph-Based Intrusion Detection System for Large Networks [C]. In:Proceedings of 19th national information systems security conference.
[51]Zhongmin Cai, Xiaohong Guan, et al. A Rough set Theory based Method for Anomaly Intrusion Detection in Computer Network Systems [J]. Expert System, 2003,20(5):251-259.
[52]李辉,管晓宏等.基于支持向量机的网络入侵检测[J].计算机研究与发展2003,40(6):799-807.
[53]贺龙涛,方滨兴,云晓春.自组织层次式大规模网络入侵检测系统[J].通信学报.2004,25(7):86-92.
[54]王晓锋,方滨兴,云晓春等.并行网络蠕虫模拟中任务优化划分的研究[J].计算机学报.2006,29(8):1367-1374.
[55]蔡忠闽,管晓宏等.基于粗糙理论的入侵检测新方法[J].计算机学报,2003,26(3):361-366.
[56]诸葛建伟,王大为,陈昱等.基于D-S证据理论的网络异常检测方法[J].软件学报,2006,17(3):463-471.
[57]古劲声,蒋铃鸽,何迪.基于混沌同步的网络入侵检测方法[J].上海交通大学学报,2009,43(12):1874-1880.
[58]杨武,云晓春,李建华.一种基于强化规则学习的高效入侵检测方法[J].计算机研究与发展,2006,43(7):1252-1259.
[59]李小勇,刘东喜,谷大武等.基于网络入侵检测的入侵者定位系统[J].上海交通大学学报,2004,38(4):533-536.
[60]Snapp S.R, Brentano J, Dias G.V, et al. DIDS(Distributed Intrusion Detection System)-Motivation, Architecture, and An Early Prototype [C]. Proceedings of the 14th National Computer Security Conf., Vol 10. Washington,1991,167-176.
[61]白媛.分布式网络入侵检测防御关键技术的研究[D].北京邮电大学,2010.
[62]陈硕,安常青.分布式入侵检测系统及其认知能力[J].软件学报.2001,12(2):225-232.
[63]连一峰,戴英侠,胡艳等.分布式入侵检测模型研究[J].计算机研究与发展.2003,40(8):1195-1202.
[64]刘衍晰,田大新,余雪岗等.基于分布式学习的大规模网络入侵检测算法[J].软件学报,2008(04):993-1003.
[65]PaxsonV. Bro:A System for Detecting Network Intruders in Real-Time [C]. In: Proceedings of the 7th USENIX Security Symposium. San Antonio, TX.1998.
[66]姚立红,警小超,李斓等.一种基于有限状态机的隐含信息流分析方法[J].计算机学报.2006,29(s):1460-467.
[67]郭山清,谢立,曾英佩.入侵检测在线规则生成模型[J].计算机学报.2006,29(9):1521-1530.
[68]Valdes A, Skinner K. Adaptive Model-based Monitoring for Cyber Attack Detection [EB/OL]. http://www.sdl.sri.com/projects/emerald/adaptbn-paper/ adaptbn.html.
[69]Teng H S, Chen K, Lu S C. Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns[A]. Proceedings of the IEEE Symposium on Research in Security and Privacy [C]. Oakland CA,1990,12(4): 278-284.
[70]赵海波,李建华,杨宇航.网络入侵智能化实时检测系统[J].上海交通大学学报,1999,33(1):76-79.
[71]Shon T, Km Y, Lee C, et al. A machine learning framework for network anomaly detection using SVM and GA [C]. Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, New York, USA,2005.
[72]杨辉华,王行愚,王勇等.基于KPLS的网络入侵特征抽取及检测方法[J].控制与决策,2005,20(3):251-256.
[73]Seo J. An attack classification mechanism based on multiple support vector machine [C]. In proceedings of the International Conference on Computational Science and Applications,2007:94-103.
[74]Wei Yuxin, Wu Muqing. KFDA and Clustering based Multiclass SVM for Intrusion Detection [J]. The Journal of China Universities of Posts and Telecommunications.2008,15(1):123-128.
[75]肖云,韩崇昭,郑庆华等.一种基于多分类支持向量机的网络入侵检测方法[J].西安交通大学学报,2005,39(6):562-565.
[76]D. Ourston, S. Matzner, et al. Coordinated Internet Attacks:Responding to Attack Complexity [J]. Journal of Computer Security,2004, vol.12, pp.165-190.
[77]Chen Y, LI Y, Chen X Q, et al. Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System [C]. Proceedings of Inscrypt 2006, 153-167.
[78]Zaina A, Maarof M A, Shamsuddin S M. Feature Selection Using Rough Set in Intrusion Detection [C]. TENCON,2006.
[79]熊伟,胡汉平,王祖喜等.基于突变级数的网络流量异常检测[J].华中科技大学学报(自然科学版),2011,39(1):28-31.
[80]李洋,郭莉,陆天波等.TCM-KNN网络异常检测算法优化研究[J].通信学报,2009,30(7):13-19.
[81]王平,方滨兴,云晓春.基于自动特征提取的大规模网络蠕虫检测[J].通信学报,2006,27(6):87-93.
[82]孙宏伟,田新广,李学春等.一种改进的IDS异常检测模型[J].计算机学报,2003,26(11):1450-1455.
[83]Bhatkar S, Chaturvedi A, Sekar R. Dataflow Anomaly Detection [C]. Proc of IEEE Symposium on Security and Privacy (ISP). Berkeley, California, USA: IEEE Computer Society,2006:48-62.
[84]张晓惠,林柏钢.基于特征选择和多分类支持向量机的异常检测[J].通信学报,2009,30(10A):68-73.
[85]徐琴珍,杨绿溪.一种基于有监督局部决策分层支持向量机的异常检测方法[J].电子与信息学报,2010,32(10):2883-2887.
[86]肖海军,王小非,洪帆等.基于特征选择和支持向量机的异常检测[J].华中科技大学学报(自然科学版),2008,36(3):99-102.
[87]张雪芹,顾春华,吴吉义.异常检测中支持向量机最优模型选择方法[J].电子科技大学学报,2011,40(4):559-563.
[88]田新广,孙春来,段洣毅.基于shell命令和Markov链模型的用户行为异常检测[J].电子与信息学报,2007,29(11):2581-2584.
[89]田新广,高立志,孙春来等.基于系统调用和齐次Markov链模型的程序行为异常检测[J].计算机研究与发展,2007,44(9):1538-1544.
[90]邬书跃,田新广.基于隐马尔可夫模型的用户行为异常检测新方法[J].通信学报,2007,28(4):38-43.
[91]赵静,黄厚宽,田盛丰.基于隐Markov模型的协议异常检测[J].计算机研究与发展,2010,47(4):621-627.
[92]潘峰,丁云飞,汪为农.两种基于统计的入侵检测技术[J].上海交通大学学报,2004,38(10):204-207.
[93]李红娇,李建华.基于程序行为异常检测的数据流属性分析[J].上海交通大学学报,2007,41(11):1778-1782.
[94]Kruegel C, Toth T. Using Decision Trees to Improve Signature Based Intrusion Detection [C]. In:Proc of RAID 2003. Berlin, Germany:Springer Verlag Press, 2003,173-191.
[95]Kang D K, Fuller D, Honavar V. Learning Classifiers for Misuse Detection Using A Bag of System Calls Representation [C]. Proc of IEEE International Conference on Intelligence and Security Informatics (ISI). Atlanta, GA, USA: IEEE Computer Society,2005:511-516.
[96]Erbacher R F, Frincke D. Visualization in Detection of Intrusions and Misuse In large Scale Networks [C]. In:Proc of the International Conference on Information Visualization. Los Alamitos, USA:IEEE Computer Society Press, 2000,294-299.
[97]Ilgun K. Ustat:A Real-Time Intrusion Detection System for UNIX [D]. Computer Science Dep University of California Santa Barbara,1992.
[98]Lindqvist U,Porras P.A. Detecting computer and network misuse through the production-based expert system toolset(P-BEST) [C], Proceedings of the 1999 IEEE Symp. on Security and Privacy. Oakland,1999:146-161.
[99]Ilgun K, Richard AK, Phillip A P. State Transition Analysis:A Rule-based Intrusion Detection [J]. IEEE Trans Software Engineering,1995,21(3):181-199.
[100]张连华,张冠华,张洁等.基于粗糙集分类的网络入侵检测[J].上海交通大学学报,2004(z1):194-199.
[101]Levin I. KDD-99 Classifier Learning Contest LLSoft's Results Overview [J]. SIGKDD Explorations, Vol.1, No.2. (2000):67-75.
[102]李亮,李汉菊,黎明.用决策树改进基于协议分析的入侵检测技术[J].华中科技大学学报,2004.12,32(12)
[103]Dickerson J. E, Dickerson J. A. Fuzzy Network Profiling for Intrusion Detection [C]. In:Proceedings of NAFIPS 19th International Conference of the North American Fuzzy Information Processing Society, Atlanta,2000.
[104]Idris N. B, Shanmugam B. Artificial Intelligence Techniques Applied to Intrusion Detection [C]. In:IEEE Indicon 2005 Conference, Chennai, India, pp 52-55.
[105]Luo J. Integrating Fuzzy Logic with Data Mining Methods for Intrusion Detection [D]. Masters Thesis. Mississippi State University,1999.
[106]Cunningham R, Lippmann R. Detecting Computer Attackers:Recognizing Patterns of Malicious Stealthy Behavior [R].MIT Lincoln Laboratory Presentation to CERIAS,2000a
[107]Cunningham R, Lippmann R. Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks[J]. Computer Network,2000b 34(4): 597-603.
[108]Tjhai G. C, Furnell S. M, PaPadaki M, et al. A Preliminary Two-Stage Alarm Correlation and Filtering System Using SOM Neural Network and K-means Algorithm[C]. Computers& Security,2010,29(6):712-723
[109]张雪芹,顾春华,吴吉义.基于约简支持向量机的快速入侵检测算法[J].华南理工大学学报,2011,39(2):108-112.
[110]Fortuna C, Fortuna B, Mohorcic M. Anomaly Detection in Computer Networks Using Linear SVMs [C]. SiKDD 2007, Ljubljana, Slovenia.
[111]绕鲜,董春曦,杨绍全.基于支持向量机的入侵检测系统[J].软件学报,2003,14(4):798-803.
[112]Wang Y.X,Wong J,Miner A. Anomaly Intrusion Detection using One Class SVM [C]. Proceedings of 5th Annual IEEE SMC, Information Assurance Workshop. Jun,2004:358-364.
[113]Sung A.H. Identify important features for intrusion detection using Support Vector machines and neural networks [C]. Proeeedings of the 2003 Symposium on APPlications and the Intenet,2003.
[114]Sung H, Mukkamala S. Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines[C]. In:82nd Annual Meeting of The Transportation Research Board of the National Academies, Washington DC, USA.2003.
[115]Eskin E, Arnold A, Prerau M. Applications of data mining in computer security [M]. Norwell, MA, USA:Kluwer Academic Publishers,2002.
[116]蒋盛益,李庆华.基于引力的入侵检测方法[J].系统仿真学报,2005,17(9):2202-2206.
[117]王飞,钱玉文,王执铨.基于无监督聚类算法的入侵检测[J].南京理上大学学报(自然科学版),2009,33(3):289-292.
[118]钟勇,林冬梅,秦小麟.一种基于查询密度聚类的异常检测算法[J].系统工程与电子技术,2007,29(4):640-646.
[119]Yongguo Liu, Kefei Chen, Xiaofeng Liao, et al. A Genetic Clustering Method for Intrusion Detection [J]. Pattern Reeognition, May 2004,37(5):927-942.
[120]罗敏,王丽娜,张焕国.基于无监督聚类的入侵检测方法[J].电子学报.2003,31(11):1713-1716.
[121]崔竞松,王丽娜,张焕国等.一种并行容侵系统研究模型-RC模型[J].计算机学报.2004,27(4):500-506.
[122]肖立中,邵志清,马汉华等.网络入侵检测中的自动决定聚类数算法[J].软件学报,2008,19(8),2140-2148.
[123]包振,何迪.一种基于图论的入侵检测方法[J].上海交通大学学报,2010,44(9):1176-1180.
[124]梅海彬,龚俭,张明华.基于警报序列聚类的多步攻击模式发现研究[J].通信学报,2011,32(5):63-69.
[125]Jiang SY, Song XY, Wang H, et al. A clustering-based method for unsupervised intrusion detections [J]. Pattern Recognition Letters,2006,27(7):802-810.
[126]Panda M, Patra M. R. A Comparative Study of Data Mining Algorithms for Network Intrusion Detection [C]. In:Proceedings of First International Conference on Emerging Trends in Engineering and Technology, IEEE Computer Society.2008.
[127]Menahem E, Shabtai A, Rokach L, et al. Improving Malware Detection By Applying Multi-Inducer Ensemble [J]. Comput Stat Data Anal 2009,53(4): 1483-1494.
[128]Gharibian F, Ghorbani A.A. Comparative Study of Supervised Machine Learning Techniques for Intrusion Detection [C]. In:Proceedings of Fifth Annual Conference on Communication Networks and Services Research (CNSR"07), pp 350-358.
[129]Wang G, Hao J, MaJ, et al. A New Approach to Intrusion Detection Using Artificial Neural Networks and Fuzzy Clustering [J]. Expert Systems with Applications,2010,37(9):6225-6232.
[130]Tsai C. F, Hsu Y. F, Lin C. Y, Lin W. Y. Intrusion Detection by Machine Learning:A Review [J]. Expert Syst Appl 2009,36(10):11994-12000.
[131]Peddabachigari S, Abraham A, Grosan C, Thomas J. Modeling Intrusion Detection System Using Hybrid Intelligent Systems [J]. J Netw Comput Appl, 2007,30:114-132.
[132]Mukkamala S, Sung A. H, Abraham A. Intrusion Detection Using An Ensemble of Intelligent Paradigms [J]. J. Netw Comput Appl 2005,28:167-182.
[133]Chebrolu S, Abraham A, Thomas J. P. Feature Deduction and Ensemble Design of Intrusion Detection Systems [J]. Int J Comput Secur,2005,24(4):295-307.
[134]Sabhnani M, Serpen G. Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context [R]. EECS, University of Toledo,2003.
[135]Zainal A, Maarof M. A, Shamsuddin S. M. Ensemble Classifiers for Network Intrusion Detection System [J]. J Inf Assur Secur 4:217-225.2009
[136]Rokach Lior. Ensemble-based Classifiers [J]. Artif Intell Rev,2010,33(1-2): 1-39.
[137]蒋盛益.基于聚类的入侵检测算法研究[M].北京:科学出版社,2008.8.
[138]赵阔.高速网络入侵检测与防御[D].吉林大学,2008.12.
[139]KDD Cup 1999数据集[EB/OL]. http://kdd.ics.uci.edu/databases/kddcup99/ kddcup99. html.
[140]DARPA1998数据集[EB/OL]. http://www.11.mit.edu/mission/communications/ ist/corpora/ideval/data/index.html
[141]MIT Lincoln Laboratory.1999 DARPA Intrusion Detection Evaluation Design and Procedure [R]. DARPA technical report,2001.
[142]Stolfo S J, Wenke Lee, Chan P K, et al. Data Ming-based Intrusion Detectors: An Overview of the Columbia IDS Project [J]. ACM SIGMOD Record,2001, 30(4):5-14.
[143]史美林,钱俊,许超.入侵检测系统数据集评测研究[J].计算机科学,2006,33(8):1-8.
[144]张新有,曾华燊,贾磊.入侵检测数据集KDD Cup 99研究[J].计算机工程与设计,2012,31(22):4809-4812.
[145]蒋盛益,李庆华.有指导的入侵检测方法研究[J].通信学报,2006.3.Vol.27-3.
[146]L. Portnoy, Eskin E, Stolfo S. Intrusion Detection with Unlabeled Data Using Clustering [C]. In Proceeding of ACM CSS Workshop on Data Mining Applied to Security. Philadelphia, USA.2001.
[147]Eskin E, Arnold A, Prerau M, et al. A Geometric Framework for Unsupervised Anomaly Detection:Detecting Intrusions in Unlabeled Data [C]. In:Data Mining for Security Applications [M], Kluwer,2002,78-99.
[148]Munz G, Li S, Carle G. Traffic Anomaly Detection Using K-means Clustering [M]. Hamburg. Germany.2007.
[149]向继,高能,荆继武.聚类得法在网络入侵检测中的应用[J].计算机工程,2003(16):48-49,185.
[150]P. K. Chan, M. V. Mahoney, M. H. Arshad. A Machine Learning Approach to Anomaly Detection [R]. Technical Report CS-2003-06,2003.
[151]Brian S, Everitt, et al. Cluster Analysis [M]. London:Arnold,2001.
[152]Kaufman L., Rousseeuw P. J. Finding Groups in Data:An Introduction to Cluster Analysis [M]. New york:John Wiley & Sons,1990.
[153]Daniel Boley. Principal Direction Divisive Partitioning [J]. Data Mining and Knowledge Discovery.1998,2(4):325-344.
[154]胡茂林.矩阵计算与应用[M].北京:科学出版社.2008.5.
[155]G. H. Golub, C. F. Van Loan. Matrix Computations [M]. Johns Hopkins Univ.Press,3rd edition,1996.
[156]Berry M.W., S.T. Dumais, G.W. O'Brien. Using Linear Algebra for Intelligent Information Retrieval [J]. SIAM Review,1995, vol.37, pp.573-595.
[157]Berry M.W., Z. Drmac, E.R. Jessup. Matrices, Vector Spaces and Information Retrieval [J]. SIAM Review,1999, vol.41, pp.335-362.
[158]Golub, G. H, C.F. van Loan. Matrix Computations (3rd edition) [M]. The Johns Hopkins University Press,1996.
[159]Lanczos. C. An Iteration Method for the Solution of The Eigenvalue Problem of Linear Differential and Integral Operators [J]. J. Res. Nat. Bur. Stand,1950, vol.45, pp.255-282.
[160]Kayacik H.G, Zincir-Heywood A.N, Heywood M.I. On Dataset Biases in a Learning System with Minimum A Priori Information for Intrusion Detection [C]. Proc. of the Second Annual Conference on Communication Networks and Services Research(CNSR'O4).
[161]张连蓬.基于投影寻踪和非线性主曲线的高光谱遥感图像特征提取及分类研究[D].山东科技大学,2003.4.
[162]Friedman J. H, Tukey J. W. A Projection Pursuit Algorithm for Exploratory Data Analysis [J]. IEEE Trans on Computer,1974,23 (9):881-890.
[163]高茂庭.文本聚类分析若干问题研究[D].天津大学,2006.12.
[164]付强,赵小勇.投影寻踪模型原理及其应用[M].科学出版社,2006.6.
[165]Jimenez L, Landgrebe D. Hyperspectral Data Analysis and Feature Reduction Via Projection Pursuit [J]. IEEE Transactions on Geoscience and Remote Sensing,1999,37 (6):26532667.
[166]易尧华.基于投影寻踪的多(高)光谱影像分析方法研究[D].武汉大学,2004.10.
[167]Pi-Fuei Hsieh, David Landgrebe. Classification of High Dimensional Data [R]. Tr-Ece 98-4, May 1998. School of Electrical and Computer Engineering Purdue University West Lafayette, Indiana 47907-1285.
[168]G. F. Hughes, "On the mean accuracy of statistical pattern recognizers," IEEE Transactions on Information Theory, vol. IT-14, No.1, pp.55-63,1968.
[169]Kubat M, Matwin S. Addressing the Curse of Imbalanced Training Sets: One-Sided Selection [C]. Proc. of the 14th International Conference on Machine Learning. San Francisco, USA,1997:179-186
[170]Maloof M A. Learning When Data Sets Are Imbalanced and When Costs Are Un equal and Unknown [C]. Proc. of the Workshop on Learning from Imbalanced Data Sets. Washington, USA,2003:73-80
[171]Chawla N N, Bowyer K W, Kegelmeyer W P. SMOTE:Synthetic Minority Over-Sampling Technique [J]. Journal of Artificial Intelligence Research, 2002,16:321-357
[172]Jo T, Japkowicz N. Class Imbalances Versus Small Disjuncts [J]. ACM SIGKDD Explorations News Letter,2004,6(1):40-49
[173]Sun Yanm in, Kamel M S, Wang Yang. Boosting for Learning Multiple Classes with Imbalanced Class Distribution[C]//Proc of the 6th International Conference on Data Mining. Hongkong, China,2006,592-602
[174]Lee D., Seung H. Learning the Parts of Objects by Nonnegative Matrix Factorization [J]. Nature,1999,401(21),788-791.
[175]Lee D., Seung H. Algorithms for Non-negative Matrix Factorization [C]. Adv. Neural Info. Proc. Syst.,2001,13:556-562.
[176]李乐,章毓晋.非负矩阵分解算法综述[J].电子学报,2008(4):737-743.
[177]LIU Ji-fen.Visual Intrusion Detection Method based on Weighted Non-negative Matrix Factorization [J]. Journal of Computational Information Systems,2013, 9(3):829-836..
[178]刘积芬.基于非负矩阵分解的可视化入侵检测分类方法[J].计算机工程与应用,2012.48(30):117-121.
[179]Lei Xu, Adam Krzyzak, Erkki Oja. Rival Penalized Competitive Learning for Clustering Analysis, RBF Net, and Curve Detection [J]. IEEE Transactions on Neural Networks,4(4) (1993) 636-649.
[180]Lei Xu, Adam Krzyzak, Erkki Oja. Unsupervised and Supervised Classification by Rival Penalized Competitive Learning [C]. In Proc.11th International Conference on Pattern Recognition, The Hague The Netherlands (1992) 492-496.
[181]LIU Ji-fen, GAO Mao-ting. Unsupervised Classification Algorithm for Intrusion Detection based on Competitive Learning Network [C].2008 International Symposium on Information Science and Engineering, China,2008,519-523.
[182]V. Blondel, N. D. Ho, P. V. Dooren. Algorithms for Weighted Non-negative Matrix Factorization [R/OL]. http://www.inma.ucl.ac.bc/publi/303209.pdf, 2007-3-15.
[183]S. C.Ahalt, A. K. Krishmamurty, P. Chen, D. E. Melton. Competitive Learning Algorithms for Vector Quantization [J], Neural Networks,1990(3):277-191.
[184]V. Jyothsna, V. V. Rama Prasad, K. Munivara Prasad. A Review of Anomaly based Intrusion Detection Systems [J], International Journal of Computer Applications,2011,28(7):26-35.
[185]M. Hossain, S. M. Bridges. A Framework for An Adaptive Intrusion Detection System with Data Mining [C]. In Proceedings of the 13th Annual Canadian Information Technology Security Symposium, Ottawa, Canada, June 2001.
[186]K. Yamanishi, J. Takeuchi, G. Williams. On-line Unsupervised Outlier Detection Using Finite Mixtures with Discounting Learning Algorithms [J]. Data Ming and Knowledge Discovery,8:275-300,2004.
[187]S. Grossberg. Adaptive Pattern Classification and Universal Recoding, II: Feedback, Expectation, Olfaction, and Illusions [J]. Biol. Cybern.1976(23), 187-202.
[188]G A. Carpenter, S. Grossberg. ART2:Self-organization of Stable Category Recognition Codes for Analog Input Patterns [J]. Applied Optics,26,1987, pp. 4919-4930.
[189]马锐.人工神经网络原理[M].北京:机械工业出版社,2008.
[190]G A. Carpenter and S. Grossberg. ART 3:Hierarchical Search Using Chemical Transmitters in Self-Organizing Pattern Recognition Architectures^J]. Neural Networks,1990(3),129-152.
[191]杜彦辉,马锐,刘玉树.基于ART2的网络入侵检测算法[J].计算机工程与应用,2003.6.
[192]Thomas G, Dietterich. Machine Learning Research:Four Current Directions [J]. AI Magazine,1997,18(4):97-136.
[193]Thomas G, Dietterich. Ensemble Learning [M]. In the Handbook of Brain Theory and Neural Networks, Second Edition,2002.
[194]张丽新.高维数据的特征选择及基于特征选择的集成学习研究[D].清华大学,2004.
[195]Kittler J, Hatef M, Duin R. P, et al. on Combining Classifiers [J], IEEE Transactions on Pattern Analysis and Machine Intelligence,1998,20(3):226-239.
[196]Jain A. K, Duin R. P. W, Mao J. C. Statistical Pattern Recognition:A Review [J]. IEEE Transactions on Pattern Analysis and Machine Intelligence,2000,22(1): 4-37.
[197]周志华,陈世福.神经网络集成[J].计算机学报,2002.25(1):1-8.
[198]J. Asker, R. Maclin. Ensemble as A Sequence of ClassifiersfC], In:Proeeedings of the Fifteenth International Joint Conference on Artificial Intelligence. Nagoya, Aichi, Japan:Morgan Kaufmann,1997,860-865.