分布式入侵检测系统关键技术研究
|
摘要
入侵检测系统在计算机网络系统安全中起着关键作用。本文在深入分析了当前入侵检测技术研究现状的基础上,提出并构建了一个完整的基于移动代理的分布式入侵检测系统。该系统具有比传统入侵检测系统更好的检测性能以及具有可靠性、健壮性和自适应性等优点。
本文所提出的分布式入侵检测系统关键技术包括一个平台和三个子系统即:基于移动代理的入侵检测平台、基于主机系统调用序列分析的入侵检测子系统、基于主机用户行为关联分析的入侵检测子系统、基于网络数据包免疫分析的入侵检测子系统。
本文首先界定了分布式入侵检测系统的基本特征和关键技术要素,然后描述了移动代理平台的基本特性,分析了智能移动代理在分布式入侵检测系统的关键性平台作用。接着提出了一种移动代理的位置透明性方案,该方案有效解决移动代理平台位置管理和消息传递的基础问题。最后提出一种基于移动代理的入侵检测平台,给出系统的体系结构,阐述实现的关键技术,并进行了相关测试。
大部分入侵行为都必须通过系统调用来达到它们破坏系统的目的。基于特定程序的系统调用序列具有一定稳定性的原理,本文提出一种系统调用序列分析的系统模型以及详细设计方案。采用将运行于核心态的调用信息拷贝到用户缓冲区中,提取所需的系统调用信息。然后在无入侵的情况下,经过海量的正常的系统调用序列训练得到正常模式库。最后将实时监测到的特定程序的系统调用序列与正常的系统调用模式库进行匹配,采用汉明距离计算出他们的最大相似度,以判定是否出现入侵异常。最后对系统调用序列分析检测模块在移动代理平台下的实现进行了相关测试。
有许多入侵行为都是合法用户的非正常操作来达到破坏系统的目的。与系统调用序列分析不同的是,用户行为分析主要涉及到合法用户的非法或误操作模式。基于普通用户的操作行为具有前后的关联性原理,本文提出一种基于用户行为关联分析的系统模型以及详细的设计方案。首先定义了主机合法用户的行为特征和行为模式,采用静态和动态相结合的方式进行用户行为模型的建立,然后根据操作系统日志信息,针对用户的每次登陆会话产生用户行为特征数据,采用递归式相关函数算法来对关联序列进行相似度的计算,以判定是否出现非常行为。最后对用户行为关联分析检测模块在移动代理平台下的实现进行了相关测试。
网络数据包分析可以对某个网段的网络数据流进行大规模的分析处理,可以有效监控大规模的计算机网络。由于免疫系统天然的分布性,非常契合入侵检测系统的需求。本文提出一种移动代理平台下的网络数据包免疫分析系统模型以及详细的设计方案。采用最简单的二进制方式表达网络数据包的自我特征;特征之间的距离采用欧拉距离的计算方式;检测器的初始产生采用简单的r连续匹配穷举法,各个检测子节点均可以自主产生属于自己的检测器集合;设置一个总体检测集合库,用于存放源自于各个检测节点所带来的经过初选的检测集,并通过基于克隆选择的二次精英机制产生后代种群。经过各个节点的自体首次免疫耐受,再经过总检测库基于克隆选择的二次精英机制搜索产生优化种群,可以使得系统的各个节点和总控节点都在不断的进化当中,使得检测器所产生的无效检测漏洞概率大大降低。
最后自主设计并实现了一个基于移动代理的分布式入侵检测系统原型系统,实验表明移动代理的平台完全能够作为分布式入侵检测系统的可靠的、安全的平台,运行其上的系统调用序列分析、用户行为关联分析、网络数据包免疫分析完全能够达到了预期目标。
Intrusion Detection System plays a key role in the domain of computer network security. Based on in-depth analysis of the current intrusion detection technologies, the paper proposed and established a complete Distributed Intrusion Detection System based on the mobile agent platform. The system has better detection performance with reliability, robustness and adaptability, and other advantages as well as traditional intrusion detection systems.
The key technologies of Distributed Intrusion Detection System proposed in this paper include one platform and three subsystems. intrusion detection platform based on mobile agent, host intrusion detection subsystem based on sequence analysis of the system calls, host intrusion detection subsystem based on associated analysis of the user behavior and network intrusion detection subsystem based on immune analysis of the network packet.
This paper defines the basic characteristics and the key technical elements of Distributed Intrusion Detection System, and then describes the key role of intelligent mobile agent platform in the Distributed Intrusion Detection System platform. Then, a scenario of the mobile agent location transparency is bringed forward, which can effectively solute location management and messaging about foundation problems of mobile agent platform. Finally, a kind of architecture mobile agent-based distributed intrusion detection system, on the key technology platform, and the related tests. Most of the invasion can achieve the purpose of their destruction via system calls.
Based on the stability principle of system calls sequence with the specific procedures, this paper presents a system archtitecture as well as a detailed design based on sequence analysis of system call. Firstly, extracting the system calls information by copying the kernel info to the user buffer. Then, normal mode database is built after a flood of the normal system calls sequence training under no-invasion circumstances. Finally, the system calls sequence, which is obtained by the real-time monitoring specific procedures, match the pattern with the normal mode database, calculate their greatest similarity by Hamming Distance to determine whether there has invasion. The realization of intrusion detection subsystem based on sequence analysis of system call in mobile agent platform has been related tests.
Many invasions are bringed by illegle operation of legitimate users to achieve the purpose. Different with sequence analysis of system call, user behavior analysis mainly related to legitimate users of illegal or misuse operation mode. Based on the relevance principles between the before and after ordinary operation of user behavior, this paper presents a system archtitecture as well as a detailed design based on correlation analysis of user behavior. Firstly, legitimate user behavioral characteristics and patterns are defined by using a combination of static and dynamic user behavior model. Then, according to the operating system log information, user behavior data is built on user session by each login. Finally, calculate the similarity of correlation sequence by recursive correlation functional algorithm to determine whether there has invasion. The realization of intrusion detection subsystem based on correlation analysis of user behavior in mobile agent platform has been related tests.
Network packet analysis can effectively monitor large-scale computer networks by analysis and processing of large-scale networks data-flow. The natural distribution of immune system is suitable for the needs of Distributed Intrusion Detection System. This paper presents a system archtitecture as well as a detailed design based on immune analysis of network packets in mobile agent platform. The self-characteristics of network packet is expressed with most simple binary and the distance between the packet characteristics is expression with Euler distance. The detection set for the initial use come into being by exhaustive method of simple r continuous match. Moreover, various detection sub-nodes can be independently produce their own detector set. It set up a pool for overall detection set for storage sets derived from the various sub-nodes which has filtered, and produce future generations of the elite population based on the secondary mechanism through clonal selection. After all, undergoing immune tolerance of sub-nodes and the clonal selection of overall node based on the secondary elite search mechanisms, the Intrusion Detection System can make all the sub-nodes and overall node in constant evolution. The probability of detecting vulnerabilities invalid greatly reduced.
Finally, a Distributed Intrusion Detection prototype system based on mobile agent platform is proposed and implemented. Experiment results show that mobile agent platform is fully capable of Distributed Intrusion Detection System as reliable and secure platforms, and the sequence analysis subsystem based on system call, relational analysis subsystem based on users’behavior, immune analysis subsystem based on network packets, which run on the mobile agent platform, can achieve the desired objectives completely.
本文所提出的分布式入侵检测系统关键技术包括一个平台和三个子系统即:基于移动代理的入侵检测平台、基于主机系统调用序列分析的入侵检测子系统、基于主机用户行为关联分析的入侵检测子系统、基于网络数据包免疫分析的入侵检测子系统。
本文首先界定了分布式入侵检测系统的基本特征和关键技术要素,然后描述了移动代理平台的基本特性,分析了智能移动代理在分布式入侵检测系统的关键性平台作用。接着提出了一种移动代理的位置透明性方案,该方案有效解决移动代理平台位置管理和消息传递的基础问题。最后提出一种基于移动代理的入侵检测平台,给出系统的体系结构,阐述实现的关键技术,并进行了相关测试。
大部分入侵行为都必须通过系统调用来达到它们破坏系统的目的。基于特定程序的系统调用序列具有一定稳定性的原理,本文提出一种系统调用序列分析的系统模型以及详细设计方案。采用将运行于核心态的调用信息拷贝到用户缓冲区中,提取所需的系统调用信息。然后在无入侵的情况下,经过海量的正常的系统调用序列训练得到正常模式库。最后将实时监测到的特定程序的系统调用序列与正常的系统调用模式库进行匹配,采用汉明距离计算出他们的最大相似度,以判定是否出现入侵异常。最后对系统调用序列分析检测模块在移动代理平台下的实现进行了相关测试。
有许多入侵行为都是合法用户的非正常操作来达到破坏系统的目的。与系统调用序列分析不同的是,用户行为分析主要涉及到合法用户的非法或误操作模式。基于普通用户的操作行为具有前后的关联性原理,本文提出一种基于用户行为关联分析的系统模型以及详细的设计方案。首先定义了主机合法用户的行为特征和行为模式,采用静态和动态相结合的方式进行用户行为模型的建立,然后根据操作系统日志信息,针对用户的每次登陆会话产生用户行为特征数据,采用递归式相关函数算法来对关联序列进行相似度的计算,以判定是否出现非常行为。最后对用户行为关联分析检测模块在移动代理平台下的实现进行了相关测试。
网络数据包分析可以对某个网段的网络数据流进行大规模的分析处理,可以有效监控大规模的计算机网络。由于免疫系统天然的分布性,非常契合入侵检测系统的需求。本文提出一种移动代理平台下的网络数据包免疫分析系统模型以及详细的设计方案。采用最简单的二进制方式表达网络数据包的自我特征;特征之间的距离采用欧拉距离的计算方式;检测器的初始产生采用简单的r连续匹配穷举法,各个检测子节点均可以自主产生属于自己的检测器集合;设置一个总体检测集合库,用于存放源自于各个检测节点所带来的经过初选的检测集,并通过基于克隆选择的二次精英机制产生后代种群。经过各个节点的自体首次免疫耐受,再经过总检测库基于克隆选择的二次精英机制搜索产生优化种群,可以使得系统的各个节点和总控节点都在不断的进化当中,使得检测器所产生的无效检测漏洞概率大大降低。
最后自主设计并实现了一个基于移动代理的分布式入侵检测系统原型系统,实验表明移动代理的平台完全能够作为分布式入侵检测系统的可靠的、安全的平台,运行其上的系统调用序列分析、用户行为关联分析、网络数据包免疫分析完全能够达到了预期目标。
Intrusion Detection System plays a key role in the domain of computer network security. Based on in-depth analysis of the current intrusion detection technologies, the paper proposed and established a complete Distributed Intrusion Detection System based on the mobile agent platform. The system has better detection performance with reliability, robustness and adaptability, and other advantages as well as traditional intrusion detection systems.
The key technologies of Distributed Intrusion Detection System proposed in this paper include one platform and three subsystems. intrusion detection platform based on mobile agent, host intrusion detection subsystem based on sequence analysis of the system calls, host intrusion detection subsystem based on associated analysis of the user behavior and network intrusion detection subsystem based on immune analysis of the network packet.
This paper defines the basic characteristics and the key technical elements of Distributed Intrusion Detection System, and then describes the key role of intelligent mobile agent platform in the Distributed Intrusion Detection System platform. Then, a scenario of the mobile agent location transparency is bringed forward, which can effectively solute location management and messaging about foundation problems of mobile agent platform. Finally, a kind of architecture mobile agent-based distributed intrusion detection system, on the key technology platform, and the related tests. Most of the invasion can achieve the purpose of their destruction via system calls.
Based on the stability principle of system calls sequence with the specific procedures, this paper presents a system archtitecture as well as a detailed design based on sequence analysis of system call. Firstly, extracting the system calls information by copying the kernel info to the user buffer. Then, normal mode database is built after a flood of the normal system calls sequence training under no-invasion circumstances. Finally, the system calls sequence, which is obtained by the real-time monitoring specific procedures, match the pattern with the normal mode database, calculate their greatest similarity by Hamming Distance to determine whether there has invasion. The realization of intrusion detection subsystem based on sequence analysis of system call in mobile agent platform has been related tests.
Many invasions are bringed by illegle operation of legitimate users to achieve the purpose. Different with sequence analysis of system call, user behavior analysis mainly related to legitimate users of illegal or misuse operation mode. Based on the relevance principles between the before and after ordinary operation of user behavior, this paper presents a system archtitecture as well as a detailed design based on correlation analysis of user behavior. Firstly, legitimate user behavioral characteristics and patterns are defined by using a combination of static and dynamic user behavior model. Then, according to the operating system log information, user behavior data is built on user session by each login. Finally, calculate the similarity of correlation sequence by recursive correlation functional algorithm to determine whether there has invasion. The realization of intrusion detection subsystem based on correlation analysis of user behavior in mobile agent platform has been related tests.
Network packet analysis can effectively monitor large-scale computer networks by analysis and processing of large-scale networks data-flow. The natural distribution of immune system is suitable for the needs of Distributed Intrusion Detection System. This paper presents a system archtitecture as well as a detailed design based on immune analysis of network packets in mobile agent platform. The self-characteristics of network packet is expressed with most simple binary and the distance between the packet characteristics is expression with Euler distance. The detection set for the initial use come into being by exhaustive method of simple r continuous match. Moreover, various detection sub-nodes can be independently produce their own detector set. It set up a pool for overall detection set for storage sets derived from the various sub-nodes which has filtered, and produce future generations of the elite population based on the secondary mechanism through clonal selection. After all, undergoing immune tolerance of sub-nodes and the clonal selection of overall node based on the secondary elite search mechanisms, the Intrusion Detection System can make all the sub-nodes and overall node in constant evolution. The probability of detecting vulnerabilities invalid greatly reduced.
Finally, a Distributed Intrusion Detection prototype system based on mobile agent platform is proposed and implemented. Experiment results show that mobile agent platform is fully capable of Distributed Intrusion Detection System as reliable and secure platforms, and the sequence analysis subsystem based on system call, relational analysis subsystem based on users’behavior, immune analysis subsystem based on network packets, which run on the mobile agent platform, can achieve the desired objectives completely.
引文
[1].中国互联网络发展状况统计调查,http://www.cnnic.net.cn/index/0E/00/11/
[2]. Hobbes' Internet Timeline v8.2, http://www.zakon.org/robert/internet/timeline/
[3].国家计算机网络应急技术处理协调中心, http://www.cert.org.cn/
[4]. CNCERT/CC2007年上半年网络安全工作报告http://www.cert.org.cn/articles/docs/
[5].王朗.一个信息安全保障体系模型的研究和设计.北京师范大学学报:自然科学版, 2004(2):57-62.
[6]. [0]Anderson J P, Computer Security Threat Monitoring and Surveillance. Fort Washington, Pennsylvania, 1980.
[7]. [0]Spafford E. Crisis. Communications of the ACM, 1989, 32(6), pp. 678-687.
[8]. Steven E, Smaha, Haystack: an intrusion detection system. Proceedings of the Fourth Aerospace Computer Security Applications Conference. Washington: IEEE Computer Society Press, 1988. pp. 37-44.
[9]. Dorothy E. Denning, an intrusion-detection model. IEEE Transactions on Software Engineering, 1987, 13(2), pp. 222-232.
[10]. Chen S, Tung B, Schnackenberg D. The Common Intrusion Detection Framework data Formats. Internet draft. draft-ietf-cidf-data-formats-00.txt, 1998.
[11]. IDWG工作组.http://tools.ietf.org/wg/idwg/
[12]. Kumar S. Classification and Detection of Computer Intrusions. Purdue University, 1995.
[13]. Helman, P. and Liepins, G. E. Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse. IEEE Transactions on Software Engineering, vol. 19, pp886-901, 1993.
[14]. Mukherjee, Biswanath, L. Heberlein, Todd; & Levitt, Karl N. Network Intrusion Detection. IEEE Network 8(3), 1994, pp. 26-41.
[15]. Lee, S. C. and Heinbuch, D. V. Training a Neural network Based Intrusion Detector to Recognize Novel Attacks. IEEE Workshop Information Assurance and Security,West Point, NY, 2000.
[16]. D. Bulatovic, D. Valesevic. A distributed intrusion detection system based on Bayesian alarm networks. In Proceedings of the Secure Networking Conference, Dusseldorf November- December, 1999.
[17]. Teng H S, Chen K, Lu S C. Adaptive real-time anomaly detection using inductively generated sequential patterns. Proceedings of the IEEE Symposium on Research in Security and Privacy. Oakland CA, 1990, 12(4), pp. 278-284.
[18]. P. Cheeseman and J. Stutz. Bayesian classification:theory and results. In Advances in Knowledge Discovery and Data Mining, pages 153-180. AAAI Press, 1995.
[19]. Carla T L, Brodley E. Detecting the Abnormal: Machine Learning In Computer Security. Technical Report, Purdue University, West Lafayette, 1997.
[20]. K. Ilgun, R. Kemmerer, and P. Porras. State Transition Analysis: A Rule Based Intrusion Detection System. IEEE Transactions on Software Engineering, 21(3), Mar. 1995.
[21]. The open source network intrusion detection system. http://www.snort.org/.
[22]. Helmer, G., Wong, J., Slagell, M.et. al.. Software fault tree and colored Petri net based specification, design, and implementation of agent-based intrusion detection systems. ACM Transactions on Information and System Security, 2000.
[23].卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述.通信学报, 2004, 25(7):19-29.
[24]. Abdelaziz Mounji, Baudouin Le Charlier, Denis Zampunieris, Naji Habra.Distributed audit trail analysis.In Proceedings of the ISOC 95 Symposium on Network and Distributed System Security, 1995.
[25]. Teresa F.Lunt, R.Jagannathan, Menlo Park. A Prototype Real-Time Intrusion Detection Expert System. Proceeding of the 1988 symposium on security and Privacy. pp.59-65, 1988.
[26]. Koral Ilgun. USIAT:A Real-time Intrusion Detection System forllnix. Proceeding of the 1993 Symposium on Security and Privacy. pp.24-26, 1993.
[27]. A.K.Ghosh, A. Schwartzbard and M.Schatz, Using Program Behavior Profiles for Intrusion Detection, Proceedings of the SANS Third Conference and Workshop on Intrusion Detection and Response, 1999.
[28]. Lunt, T. Detecting Intruders in Computer System. Proceedings of the 1993 Conference on Auditing and Computer Technology.
[29]. Henry S.Teng, Kaihu Chen, Stephen c-y Lu Adaptive Renltime Anomaly Detection Using Inductively Generated Sequential Pattems. Proceeding of the 1990 IEEE Symposiumon security and Privang, 1990.
[30]. Anil Somayaji, Steven A. Hofrneyr, Stephanie Forrest. Principles of A Computer Immune System. Proceeding of New, Security Paradigms Workshop, Langdale, Cumbria, pp.75-82, 1997
[31]. A note on distributed coordinated attacks. http://www.all.net/books/dca/background.html.
[32]. Ning P, Learning attacks strategies from intrusion alerts. http://discovery.csc.ncsu.edu/~pning/pubs/ccs03-ids.pdf.
[33]. Kruegel C, Valeur F, Vigna G, et al. Stateful intrusion detection for high-speed networks. Proceedings of the IEEE Symposium on Security and Privacy. Berkeley, California, USA: IEEE Computer Society Press, pp. 285-294, 2002.
[34]. Intrusion prevention systems: the next step in the evolution of IDS: http://www.securityfocus.com/infocus/1670.
[35]. Intrusion detection exchange format. http://www.ietf.org/html.charters/idwg-charter.html.
[36]. Richard Lippmann, Joshua W.Haines. The 1999 Darpa Off-Line Intrusion Detection Evaluation. Computer Networks, 34(4), p579-595,2000
[37]. Debar H, Dacier M, et al. An Experimentation Workbench for Intrusion Detection Systems. IBM Zurich Research Laboratory, 1998.
[38]. Cohen F. 50 ways to defeat your intrusion detection system. http://all.net/.
[39]. Anti-IDS tools and tactics. http://www.sans.org/rr/intrusion/anti-ids.php.
[40]. Jungwon Kim, Peter Bentley. The Human Immune System and Network Intrusion Detection. 7th European Conference on Intelligent Techniques and Soft Computing EUFIT99, Aachen, Germany.
[41]. R. A. Kemmerer and G. Vigna. Intrusion detection: A brief history and overview. Security and Privacy a Supplement to IEEE Computer Magazine, pp. 27-30, April 2002.
[42]. SR Snapp, J Brentano, GV Dias, TL Goan, LT DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and An Early Prototype, Proceedings of the 14th National Computer Security, 1991
[43]. NIST - National Institute of Standards and Technology, http://www.nist.gov/
[44]. M. Asaka, A. Taguchi, and S. Goto. The implementation of ida: An intrusion detection agent system. In Proceedings of the 11th FIRST Conference, June 1999.
[45]. J.S. Balasubramaniyan, J.O. Garcia-Fernandez, et al. An architecture for intrusion detection using autonomous agents. Technical report, Purduc University, June 1998.
[46]. Slagell M. The design and implementation of MAIDS (mobile agent intrusion detection system). Technial report, Iowa State University Department of Computer Science, Ames, IA, 2001
[47]. [0]C. Ko, G, Fink, K. Levitt. Automated Detection of Vulnerabilities in Privileged Programs by Execution Monitoring. Proceedings of the 10th Computer Security Application Conference, 1994.
[48]. R. Sekar, Y. Cai, and M. Segal. A specification-based approach for building survivable systems. In Proceedings of National Information Systems Security Conference, Oct 1998.
[49]. S. Forrest, S. Hofmeyr, A. Somayaji, and T. Longstaff. A Sense of Self for UNIX Processes. In Proceeding of the 1996 IEEE symposium on Computer Security andPrivacy. IEEE Press, 1996.
[50]. [0]S. A. Hofmeyr, A. Somayaji and S. Forrest. Intrusion Detection using Sequences of System Calls. Journal of Computer Security, Vol. 6, 1998. pp 151-180.
[51]. R. Sekar, M. Bendre, etc., A Fast Automation-based Method for Detecting Anomalous Program. IEEE Symposium on Security and Privacy, 2001.
[52]. H. Feng, O. Kolesnikov. Anomaly Detection Using Call Stack Information.IEEE Symposium on Security and Privacy, 2003.
[53].黄金钟朱淼良郭晔,基于文法的异常检测,浙江大学学报:工学版, 2006, 40(2):243-248.
[54]. Fayyad U, Haussler D, Stolorz P. Mining scientific data. Communications of the ACM, 1996, 39(11): pp. 51-57.
[55]. [0]Stolfo S J, Hershkop S, Wang K. A behavior-based approach to securing emailsystems. MMM-ACNS. Petersburg, Russia, 2003. pp. 57-81.
[56]. Lane T. Machine Learning Techniques for the Computer Security Domain of Anomaly Detection. Purdue University, 2000.
[57]. Lane T, BRODLEY C E. Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security, 1999, 2(3): pp. 295-331.
[58]. LANE T,BRODLEY C E. An application of machine learning to anomaly detection. Proceedings of the 20th National Information Systems Security Conference. Baltimore, USA, 1997.366-377.
[59]. [0]D.L.Chao and S.Forrest. Information Immune Systems. International Conference on Artificial Immune Systems (ICARIS). pp.132-140, 2002
[60]. D. Dasgupta, Artificial Immune Systems and Their Applications, Springer-Verlag. 1999.
[61]. L. N. de Castro and J. Timmis, Artificial Immune Systems: A New Computational Intelligence Approach, Springer-Verlag, Heidelberg, Germany, August 2002.
[62]. D. Dasgupta, Artificial Immune Systems (Special issue of the journal IEEE Transaction on Evolutionary Computation). Vol. 6, No. 3, June 2002.
[63]. Stephanie Forrest, Alan s.Perelson, Lawrence Allen. Self-Noself Discrimination in a Computer In proceedings of the 1994 IEEE symposium on Researchin Security and priracy, Los Alamos, CA, 1994.
[64]. Jeffrey O.Kephart. A Biologically Inspired Immune System for Computers. Artificial Life IV,R.Brooks and P.Maes,eds.,MIT Press,1994
[65]. Steven Andrew Hofmeyr. An Immunological Model of Distributed Detection and its Application to Computer Security. PhD Dissertation.University of New Mexico,1999
[66]. Paul D.Williams, Kevin P.Anchor,John L.Bebo,Gregg H.Gunsch,Gray D.Lamout. CDIS: Towards a Computer Immune System for Detecting Network Intrusions. Proceedings 4th International Symposium, RAID 2001 Davis,CA,USA,October 10-12, 2001
[67]. J. Kim and P. Bentley. The human Immune system and Network Intrusion Detection. Proceedings of 7th European Congress on Intelligent techniques– SoftComputing (EUFIT). Aachan. Germany. September 13-19, 1999.
[68]. J. Kim and P. Bentley. The Artificial Immune Model for Network Intrusion Detection. 7th European Congress on Intelligent Techniques and Soft Computing (EUFIT’99). Aachen.Germany. September 13-19, 1999.
[69]. J. Kim and P. Bentley. Negative Selection and Niching by an artificial immune system for network intrusion detection. Late Breaking Papers, GECCO. Orlando, USA. Morgan- Kaufmann. 1999.
[70]. J. Kim and P. Bentley. Towards an Artificial Immune System for Network Intrusion Detection: An investigation of Clonal Selection with a negative Selection Operator. In the proceedings of the Congress on Evolutionary Computation. (CEC), Seoul, Korea, May 27-30, 2001.
[71]. D. Dasgupta. A new Algorithm for Anomaly Detection in Time series Data. In International Conference on Knowledge based Computer Systems (KBCS-96), Bombay, India, December 16-18, 1996.
[72]. D. Dasgupta. Using Immunological Principles in Anomaly Detection. In Proceedings of the Artificial Neural Networks in Engineering (ANNIE'96), St. Louis, USA, November 10-13, 1996.
[73]. D. Dasgupta. Immunity-Based Intrusion Detection Systems: A General Framework. In the proceedings of the 22nd National Information Systems Security Conference (NISSC), October 18-21, 1999.
[74]. D. Dasgupta and S. Forrest. Artificial Immune Systems in Industrial Applications. In the proceedings of the Second International Conference on Intelligent Processing and Manufacturing of Materials (IPMM), Honolulu, July 10-15, 1999.
[75]. Zhou Ji, Dipankar Dasgupta. Real -Valued Negative Selection Algorithm with Variable-Sized Detectors. In the proceedings of International Conference on Genetic and Evolutionary Computation (GECCO), Seattle, Washington USA, June 26-30, 2004.
[76]. O. Nasraoui, F. Gonzalez and D. Dasgupta. The Fuzzy Artificial Immune System: Motivations, Basic Concepts, and Application to Clustering and Web Profiling. In the Proceedings of the IEEE World Congress on Computational Intelligence, Hawaii, May 12-17, 2002.
[77]. Brooks, R. A. Intelligence without representation. Artificial Intelligence 47(1-3):139-160, 1991.
[78]. M. Wooldridge, An Introduction to MultiAgent Systems, John Wiley & Sons, Ltd, 2002.
[79]. V. Dignum, A Model for Organizational Interaction: based on Agents, founded in Logic, SIKS Dissertation Series 2004-1, Utrecht University, 2004. PhD Thesis.
[80]. Claus, C., Boutilier, C., 1997. The dynamics of reinforcement learning in cooperative multiagent systems. Collected Papers from the AAAI-97 Workshop on Multiagent Learning. AAAI Press, CA, pp. 746-752.
[81]. Minsky, M. The Society of Mind. New York: Simon & Schuster. 1986.
[82]. M. Woolridge, N. Jennings, Intelligent agents: theory and practice. Knowledge Engineering Review, 1995.
[83]. Wooldridge M, Jennings N R. Agent theories, architectures, and languages: A survey in agents .Lecture Notes in Artificial Intelligence. Amster dam: Springer Verlay, 1994, 890:1-32.
[84].朱淼良,邱瑜.移动代理系统综述.计算机研究与发展, vol.38, 2001(1)
[85].姜海域,杜军平.移动Agent技术在网格系统中的应用研究.北京工商大学学报(自然科学版), 2007,(03).
[86].陈松.移动Agent综述[J].计算机科学, 2002,(07).
[87].李海刚,吴启迪.多Agent系统研究综述[J].同济大学学报(自然科学版), 2003,(06).
[88].刘大有,杨鲲,陈建中. Agent研究现状与发展趋势[J]软件学报, 2000,(03).
[89]. V.A. Phan, A. Karmouch, Mobile software agents: an overview. IEEE Communication Magazine. 1998,31(7), pp. 26–37.
[90]. Object Management Group , Mobile agent system interoperability facilities specification,OMG TC Document orbos/97-10-05, 1997
[91]. D. Wong, N. Paciorek, D. Moore,Java-based mobile agents,Communications of ACM,1999,42(3):pp. 91-102
[92]. U. Leonhardt, J. Magee: Towards a General Location Service for Mobile Environments, Proceedings of IEEE Workshop on Services in Distributed andNetworked Environments, pp. 43-50, IEEE Computer Society, 1996.
[93]. David Ben-Ami, Onn Shehory, Evaluation of Distributed and Centralized Agent Location Mechanisms, Lecture Notes in Computer Science, Volume 2446, Jan 2002, pp. 264
[94]. Murphy A, Picco, GP. Reliable communication for highly mobile Agents. In Proceedings of the Agent Systems and Architectures/Mobile Agents (ASA/MA)’99. IEEE Computer Society Press, 1999, pp. 141-150.
[95]. Lazar S, Weerakoon I, Sidhu D. A scalable location tracking and message delivery scheme for mobile Agents. In Proceedings of the 7th IEEE International Workshops. IEEE Computer Society, 1998, pp. 243-248
[96]. Di Stefano, Lo Bello, Santoro, Naming and locating mobile agents in an Internet environment. Enterprise Distributed Object Computing Conference, EDOC’99, 1999, pp. 153-161
[97]. Belle WV, Verelst K, D’Hondt T. Location transparent routing in mobile Agent systems-merging name lookups with routing. In Proceedings of the 7th IEEE Workshop on Future Trends of Distributed Computing Systems. 1999. pp. 207-212.
[98]. D. Lange, M. Oshima. Programming and Deploying Java Mobile Agents with Aglets, Addison Wesley, 1998
[99]. Object Space Inc. Voyager core package technical overview. Technical Report, 1997
[100]. G. Cabri, L. Leonardi, and F. Zambonelli,Mobile-agent coordination models for Internet applications,IEEE Computer,2000:33(2), pp. 82-89
[101]. J. Cao, X. Feng, J. Lu, and S. K. Das. Mailbox-Based Scheme for Mobile Agent Communications. IEEE Computer, 2002:35(9), pp. 54-60
[102]. J. Baumann and K. Rothermel,Shadow approach: An orphan detection protocol for mobile agents,2nd Int. Workshop on Mobile Agents (MA’98), 1998, LNCS 1477, pp. 2-13
[103]. A. D. Stefano and C. Santoro,Locating mobile agents in a wide distributed environment,IEEE Transactions on Parallel and Distributed Systems, 2002:13(8), pp. 153-161
[104]. Tayal, M., Location services in the GSM and UMTS networks, Personal WirelessCommunications, 2005 IEEE International Conference, 2005, pp. 373-378
[105]. Stolfo S J, Hershkop S, Wang K. A behavior-based approach to securing email systems. MMM-ACNS[C]. Petersburg, Russia, 2003, pp. 57-81.
[106]. N. K. Jerne. Towards a network theory of the immune system. Ann. Immunol. (Inst. Pasteur), 125C: pp. 373-389, 1974.
[107]. J. D. Farmer, N. H. Packard, A. S. Perelson. The immune system, adaptation, and machine learning. Physica D, 22:187-204, 1986.
[108]. H. Bersini and F. Varela. Hints for Adaptive Problem Solving Gleaned from Immune Network. In Parallel Problem Solving from Nature, H.P. Schwefel and H. M'hlenbein (Eds.), Springer-Verlag, pp. 343-354, 1990.
[109]. L. N. de Castro, F. J. Von Zuben. Learning and Optimization Using the Clonal Selection Principle. In the Special Issue on Artificial Immune Systems of the journal IEEE Transactions on Evolutionary Computation, Vol. 6, No. 3, June 2002.
[110]. Kim, Bentley. A Model of Gene Library Evolution in the Dynamic Clonal Selection Algorithm.1st International Conference on Artificial Immune Systems (ICARIS-2002), University of Kent at Canterbury, UK, September 9th-11th, 2002.
[111]. 1st International Conference on Artificial Immune Systems (ICARIS-2002) University of Kent, September 9-11, 2002, Canterbury. http://www.artificial-immune-systems.org/
[112].莫宏伟.人工免疫系统原理与应用.哈尔滨:哈尔滨工业大学出版社, 2003
[113].李涛.计算机免疫学.北京:电子工业出版社, 2004
[114].闰巧,谢维信免疫思想在计算机安全中系统中的应用.计算机科学, 2002年第2期
[115]. [0]肖人彬,王磊.人工免疫系统:原理、模型、分析与展望.计算机学报,Vo1.25, No.12, 1281-1293, 2002.
[116]. J. Timmis. Dissertation Title: Artificial immune systems: A novel data analysis technique inspired by the immune network theory. Department of Computer Science, University of Wales, Aberystwyth. Ceredigion. Wales, UK, August 2000.
[117]. Dasgupta, D., et al, Artificial Immune System (AIS) Research in the Last Five Years, IEEE Conference on Electronic Commerce 2003
[118]. J. Timmis, J. I., Knight, T., L. N. De Castro and E. Hart. An Overview of ArtificialImmune Systems: An Emerging Technology, invited chapter for the book CYTOCOM, 2001.
[119]. E. Hart J. Timmis, Application Areas of AIS: The Past, the Present and the Future. International Conferences on Artificial Immune Systems 2005. Springer-Verlag. 2005
[120]. J. Timmis, J. I., Knight, T., L. N. De Castro and E. Hart. An Overview of Artificial Immune Systems: An Emerging Technology, invited chapter for the book CYTOCOM, 2001.
[121]. Fernando Esponda, Stephanie Forrest and Paul Helman, A Formal Framework for Positive and Negative Detection Schemes, IEEE Transactions on System, Man, and Cybernetics, in press, 2003
[122]. Forrest S, Hofmeyr S, Somayaji A. Computer immunology [J]. Communications of the ACM, USA, 1997, 40(10): 88-96.
[123].李宏东,姚天翔译,模式分类(第二版).北京:机械工业出版社, 2003
[124]. Quinlan J R., Induction of decision trees. Machine Learning, 1986, 1:81-106
[125]. Rumelhart D E, Hinton G E, Williams R J. Learning internal representations by error propagation. Parallel Distributed Processing. Cambridge, MA: MIT Press, 1986
[126]. DeJong K A , Spear s W M , Gordon D F. Using genetic algorithms for concept learning. Machine Learning, 1993, 13: 161-188
[127]. Langley P, Iba W, Thompson K. An analysis of Bayesian classifiers. AAAI(1990), 1990. 223-228
[128]. Cover T M , Hart P E. Nearest neighbor pat tern classification. IEEE Transactions on Information Theory, 1967, 13:21-27
[129]. Pawlak Z. Rough Classification. Int. J Man Machine Studies, 1984 ,20 : 469~483
[130]. Cristianini N, Shawe Taylor J. An Introduction to Support Vector Machines. Cambridge University Press, 2000
[131]. Lim T , Loh W, Shih Y. A Comparison of Prediction Accuracy, Complexity, and Training Time of Thirty three Old and New Classification Algorithms. Machine Learning, 2000, 40: 203-228
[132]. M. Oprea and S. Forrest. How the immune system generates diversity: Pathogenspace coverage with random and evolved antibody libraries. 1999 Genetic and Evolutionary Computation Conference (GECCO), July 1999.
[133]. S. Forrest, B. Javornik, R. Smith, and A. Perelson. Using genetic algorithms to explore pattern recognition in the immune system. Evolutionary Computation, 1993:1(3), pp. 191-211
[134]. Dasgupta, D. and Nino, F. A comparison of negative and positive selection algorithms in novel pattern detection. In The Proceedings of the IEEE International Conference on Systems, Man and Cybernetics (SMC), Nashville. 2000.
[135]. de Castro LN, Timmis J. Artificial immune systems: a novel paradigm for pattern recognition. In: Artificial Neural Networks in Pattern Recognition, 2002, pp. 67–84.
[136]. E. Hart. Not all balls are round: An investigation of alternative recognition-region shapes. International Conferences on Artificial Immune Systems 2005, pp. 29-42.
[137]. Dong, J.X., Krzyzak, A., Suen, C.Y., Comparison of algorithms for handwritten numeral recognition. Technical Report, CENPARMI, Concordia University, Montreal. 1999
[138]. LeCun, Y., Boser, B., Denker, J.S., et al. Handwritten digit recognition with a back-propagation network. Advances in Neural Information Processing Systems, 2, pp.396-404, 1990
[139]. S.-W. Lee, Off-line recognition of totally unconstrained handwritten numerals using multilayer cluster neural network. IEEE Trans. Pattern Anal. Machine Intell., vol. 18, pp. 648-652, June 1996.
[140]. Bahlmann, C. Haasdonk, B. Burkhardt, H. Online handwriting recognition with support vector machines-a kernel approach. Frontiers in Handwriting Recognition, 2002. Proceedings. Eighth International Workshop on 2002. pp. 49-54
[141]. J. Hu, M. K. Brown and W. Turin, HMM based on-line handwriting recognition, IEEE Trans. Pattern Anal. Mach. Intel., vol. 18, pp. 1039-1045, Oct. 1996.
[142]. Schlapbach, A., Bunke, H. Off-line Handwriting Identification Using HMM Based Recognizers. Pattern Recognition, 17th International Conference on (ICPR'04) Vol. 2. Cambridge UK. pp. 654-658. 2004
[143]. Deepu V.; Madhvanath, S.; Ramakrishnan, A.G. Principal Component Analysis foronline handwritten character recognition ICPR 2004. Proceedings of the 17th International Conference on Pattern Recognition, Aug. 2004. Vol. 2, pp.23-26
[144]. B. Kegl and A Krzyzak et al, Piecewise linear skeletonization using principal curves, IEEE Transactions on Pattern Analysis and Machine Intelligence 24 (1), 2002, pp.59-74.
[145]. Salah A A ,Alpaydin E ,Akarun L. A selective attention based method for visual pattern recognition with application to handwritten digit recognition and face recognition. Pattern Analysis and Machine Intelligence. IEEE Transactions on ,2002 ,24(3) :789 - 796.
[146]. Dong, J.X., Krzyzak, A., Suen, C.Y., 2001. Statistical result of human performance on USPS database. Technical Report, CENPARMI, Concordia University.
[147].芮挺,沈春林,丁健,基于最佳鉴别变换的HMM手写数字字符识别,中国图像图形学报,Vol.9 No.8, p1008-1013,2004
[148].芮挺,沈春林,丁健,张金林,基于主分量分析的手写数字字符识别,小型微型计算机系统,Vol.26 No.2, p289-292,2005
[149]. S. M. Garrett, How Do We Evaluate Artificial Immune Systems?, Evolutionary Computation, 13(2), pp 145-178, 2005
[150]. R. J. DeBoer, L. A. Segel and A. S. Perelson. Pattern formation in one and two dimensional shape space models of the immune system. J. Theoret. Biol., 155:295-333, 1992.
[151]. Fernando Esponda, Stephanie Forrest and Paul Helman, A Formal Framework for Positive and Negative Detection Schemes, IEEE Transactions on System, Man, and Cybernetics, in press,2003
[152]. V. Cutello, G. Nicosia. A Clonal Selection Algorithm for Coloring, Hitting Set and Satisfiability Problems. In the proceedings of International Workshop on Natural and Artificial Immune Systems (NAIS 2005) Vietri sul Mare, Salerno, Italy, June 9-10, 2005.
[153]. Jian Zhang, Hua-Can He, Min Zhao. Hybrid detector set: detectors with different affinity. In Proceedings of the 3rd international conference on Information security, Shanghai, China, 2004, pp. 87-91
[154]. Sankalp Balachandran. Masters Thesis: Multi-shaped Detector generation usingReal-valued representation for Anomaly Detection. University of Memphis, Memphis, TN, US, December 2005.
[155]. Fernando Esponda and Stephanie Forrest, Detector coverage under the r-contiguous bits matching rule, The University of New Mexico, Albuquerque, NM, TR-CS-2002-03, 2002.
[156]. Zhou Ji, Dipankar Dasgupta. Estimating the Detector Coverage in a Negative Selection Algorithm. In the proceedings of the Genetic and Evolutionary Computation Conference (GECCO), Washington, D.C., June 25-29, 2005
[157]. P. D'haeseleer, S. Forrest, and P. Helman. An Immunological Approach to Change Detection: Algorithms, Analysis, and Implications. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy
[158]. S. T. Wierzchon. Generating Optimal Repertoire of Antibody Strings in an Artificial Immune System. In M. Klopotek, M. Michalewicz and S. T. Wierzchon (eds.) Intelligent Information Systems. Advances in Soft Computing Series of Physica-Verlag/Springer Verlag, Heidelberg/New York 2000, Physica-Verlag, 119-133.
[159]. J.K. Percus, O.E.Percus, and A. S. Perelson. Probability of self-nonself discrimination. In: A. S.Perelson and G. Weisbbuch, ed. Theoritical and Experimental Insights into Immunology, NY: Springer-Verlag, 183-197. 1992.
[160]. S. Forrest, A. Somayaji and D. H. Ackley. Building diverse computer systems. In Proceedings of the Sixth Workshop on Hot Topics in Operating Systems, IEEE Computer Society Press, Los Alamitos, CA, pp. 67-72, 1997.
[161]. [0]P. D'haeseleer, S. Forrest, and P. Helman. An Immunological Approach to Change Detection: Algorithms, Analysis, and Implications. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy
[162]. Thomas Stibor, Jonathan Timmis and Eckert Claudia. The Link between r-contiguous Detectors and k-CNF Satisfiability. In the proceedings of IEEE World Congress on Computational Intelligence (special session on recent development in artificial immune systems) in Congress on Evolutionary Computation, Vancouver, Canada, July 17-21, 2006.
[163]. A. S. Perelson and G. F. Oster. Theoretical studies of clonal selection: Minimalantibody repertoire size and reliability of self- non-self discrimination. J. Theoret. Biol., 81:645-670, 1979
[2]. Hobbes' Internet Timeline v8.2, http://www.zakon.org/robert/internet/timeline/
[3].国家计算机网络应急技术处理协调中心, http://www.cert.org.cn/
[4]. CNCERT/CC2007年上半年网络安全工作报告http://www.cert.org.cn/articles/docs/
[5].王朗.一个信息安全保障体系模型的研究和设计.北京师范大学学报:自然科学版, 2004(2):57-62.
[6]. [0]Anderson J P, Computer Security Threat Monitoring and Surveillance. Fort Washington, Pennsylvania, 1980.
[7]. [0]Spafford E. Crisis. Communications of the ACM, 1989, 32(6), pp. 678-687.
[8]. Steven E, Smaha, Haystack: an intrusion detection system. Proceedings of the Fourth Aerospace Computer Security Applications Conference. Washington: IEEE Computer Society Press, 1988. pp. 37-44.
[9]. Dorothy E. Denning, an intrusion-detection model. IEEE Transactions on Software Engineering, 1987, 13(2), pp. 222-232.
[10]. Chen S, Tung B, Schnackenberg D. The Common Intrusion Detection Framework data Formats. Internet draft. draft-ietf-cidf-data-formats-00.txt, 1998.
[11]. IDWG工作组.http://tools.ietf.org/wg/idwg/
[12]. Kumar S. Classification and Detection of Computer Intrusions. Purdue University, 1995.
[13]. Helman, P. and Liepins, G. E. Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse. IEEE Transactions on Software Engineering, vol. 19, pp886-901, 1993.
[14]. Mukherjee, Biswanath, L. Heberlein, Todd; & Levitt, Karl N. Network Intrusion Detection. IEEE Network 8(3), 1994, pp. 26-41.
[15]. Lee, S. C. and Heinbuch, D. V. Training a Neural network Based Intrusion Detector to Recognize Novel Attacks. IEEE Workshop Information Assurance and Security,West Point, NY, 2000.
[16]. D. Bulatovic, D. Valesevic. A distributed intrusion detection system based on Bayesian alarm networks. In Proceedings of the Secure Networking Conference, Dusseldorf November- December, 1999.
[17]. Teng H S, Chen K, Lu S C. Adaptive real-time anomaly detection using inductively generated sequential patterns. Proceedings of the IEEE Symposium on Research in Security and Privacy. Oakland CA, 1990, 12(4), pp. 278-284.
[18]. P. Cheeseman and J. Stutz. Bayesian classification:theory and results. In Advances in Knowledge Discovery and Data Mining, pages 153-180. AAAI Press, 1995.
[19]. Carla T L, Brodley E. Detecting the Abnormal: Machine Learning In Computer Security. Technical Report, Purdue University, West Lafayette, 1997.
[20]. K. Ilgun, R. Kemmerer, and P. Porras. State Transition Analysis: A Rule Based Intrusion Detection System. IEEE Transactions on Software Engineering, 21(3), Mar. 1995.
[21]. The open source network intrusion detection system. http://www.snort.org/.
[22]. Helmer, G., Wong, J., Slagell, M.et. al.. Software fault tree and colored Petri net based specification, design, and implementation of agent-based intrusion detection systems. ACM Transactions on Information and System Security, 2000.
[23].卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述.通信学报, 2004, 25(7):19-29.
[24]. Abdelaziz Mounji, Baudouin Le Charlier, Denis Zampunieris, Naji Habra.Distributed audit trail analysis.In Proceedings of the ISOC 95 Symposium on Network and Distributed System Security, 1995.
[25]. Teresa F.Lunt, R.Jagannathan, Menlo Park. A Prototype Real-Time Intrusion Detection Expert System. Proceeding of the 1988 symposium on security and Privacy. pp.59-65, 1988.
[26]. Koral Ilgun. USIAT:A Real-time Intrusion Detection System forllnix. Proceeding of the 1993 Symposium on Security and Privacy. pp.24-26, 1993.
[27]. A.K.Ghosh, A. Schwartzbard and M.Schatz, Using Program Behavior Profiles for Intrusion Detection, Proceedings of the SANS Third Conference and Workshop on Intrusion Detection and Response, 1999.
[28]. Lunt, T. Detecting Intruders in Computer System. Proceedings of the 1993 Conference on Auditing and Computer Technology.
[29]. Henry S.Teng, Kaihu Chen, Stephen c-y Lu Adaptive Renltime Anomaly Detection Using Inductively Generated Sequential Pattems. Proceeding of the 1990 IEEE Symposiumon security and Privang, 1990.
[30]. Anil Somayaji, Steven A. Hofrneyr, Stephanie Forrest. Principles of A Computer Immune System. Proceeding of New, Security Paradigms Workshop, Langdale, Cumbria, pp.75-82, 1997
[31]. A note on distributed coordinated attacks. http://www.all.net/books/dca/background.html.
[32]. Ning P, Learning attacks strategies from intrusion alerts. http://discovery.csc.ncsu.edu/~pning/pubs/ccs03-ids.pdf.
[33]. Kruegel C, Valeur F, Vigna G, et al. Stateful intrusion detection for high-speed networks. Proceedings of the IEEE Symposium on Security and Privacy. Berkeley, California, USA: IEEE Computer Society Press, pp. 285-294, 2002.
[34]. Intrusion prevention systems: the next step in the evolution of IDS: http://www.securityfocus.com/infocus/1670.
[35]. Intrusion detection exchange format. http://www.ietf.org/html.charters/idwg-charter.html.
[36]. Richard Lippmann, Joshua W.Haines. The 1999 Darpa Off-Line Intrusion Detection Evaluation. Computer Networks, 34(4), p579-595,2000
[37]. Debar H, Dacier M, et al. An Experimentation Workbench for Intrusion Detection Systems. IBM Zurich Research Laboratory, 1998.
[38]. Cohen F. 50 ways to defeat your intrusion detection system. http://all.net/.
[39]. Anti-IDS tools and tactics. http://www.sans.org/rr/intrusion/anti-ids.php.
[40]. Jungwon Kim, Peter Bentley. The Human Immune System and Network Intrusion Detection. 7th European Conference on Intelligent Techniques and Soft Computing EUFIT99, Aachen, Germany.
[41]. R. A. Kemmerer and G. Vigna. Intrusion detection: A brief history and overview. Security and Privacy a Supplement to IEEE Computer Magazine, pp. 27-30, April 2002.
[42]. SR Snapp, J Brentano, GV Dias, TL Goan, LT DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and An Early Prototype, Proceedings of the 14th National Computer Security, 1991
[43]. NIST - National Institute of Standards and Technology, http://www.nist.gov/
[44]. M. Asaka, A. Taguchi, and S. Goto. The implementation of ida: An intrusion detection agent system. In Proceedings of the 11th FIRST Conference, June 1999.
[45]. J.S. Balasubramaniyan, J.O. Garcia-Fernandez, et al. An architecture for intrusion detection using autonomous agents. Technical report, Purduc University, June 1998.
[46]. Slagell M. The design and implementation of MAIDS (mobile agent intrusion detection system). Technial report, Iowa State University Department of Computer Science, Ames, IA, 2001
[47]. [0]C. Ko, G, Fink, K. Levitt. Automated Detection of Vulnerabilities in Privileged Programs by Execution Monitoring. Proceedings of the 10th Computer Security Application Conference, 1994.
[48]. R. Sekar, Y. Cai, and M. Segal. A specification-based approach for building survivable systems. In Proceedings of National Information Systems Security Conference, Oct 1998.
[49]. S. Forrest, S. Hofmeyr, A. Somayaji, and T. Longstaff. A Sense of Self for UNIX Processes. In Proceeding of the 1996 IEEE symposium on Computer Security andPrivacy. IEEE Press, 1996.
[50]. [0]S. A. Hofmeyr, A. Somayaji and S. Forrest. Intrusion Detection using Sequences of System Calls. Journal of Computer Security, Vol. 6, 1998. pp 151-180.
[51]. R. Sekar, M. Bendre, etc., A Fast Automation-based Method for Detecting Anomalous Program. IEEE Symposium on Security and Privacy, 2001.
[52]. H. Feng, O. Kolesnikov. Anomaly Detection Using Call Stack Information.IEEE Symposium on Security and Privacy, 2003.
[53].黄金钟朱淼良郭晔,基于文法的异常检测,浙江大学学报:工学版, 2006, 40(2):243-248.
[54]. Fayyad U, Haussler D, Stolorz P. Mining scientific data. Communications of the ACM, 1996, 39(11): pp. 51-57.
[55]. [0]Stolfo S J, Hershkop S, Wang K. A behavior-based approach to securing emailsystems. MMM-ACNS. Petersburg, Russia, 2003. pp. 57-81.
[56]. Lane T. Machine Learning Techniques for the Computer Security Domain of Anomaly Detection. Purdue University, 2000.
[57]. Lane T, BRODLEY C E. Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security, 1999, 2(3): pp. 295-331.
[58]. LANE T,BRODLEY C E. An application of machine learning to anomaly detection. Proceedings of the 20th National Information Systems Security Conference. Baltimore, USA, 1997.366-377.
[59]. [0]D.L.Chao and S.Forrest. Information Immune Systems. International Conference on Artificial Immune Systems (ICARIS). pp.132-140, 2002
[60]. D. Dasgupta, Artificial Immune Systems and Their Applications, Springer-Verlag. 1999.
[61]. L. N. de Castro and J. Timmis, Artificial Immune Systems: A New Computational Intelligence Approach, Springer-Verlag, Heidelberg, Germany, August 2002.
[62]. D. Dasgupta, Artificial Immune Systems (Special issue of the journal IEEE Transaction on Evolutionary Computation). Vol. 6, No. 3, June 2002.
[63]. Stephanie Forrest, Alan s.Perelson, Lawrence Allen. Self-Noself Discrimination in a Computer In proceedings of the 1994 IEEE symposium on Researchin Security and priracy, Los Alamos, CA, 1994.
[64]. Jeffrey O.Kephart. A Biologically Inspired Immune System for Computers. Artificial Life IV,R.Brooks and P.Maes,eds.,MIT Press,1994
[65]. Steven Andrew Hofmeyr. An Immunological Model of Distributed Detection and its Application to Computer Security. PhD Dissertation.University of New Mexico,1999
[66]. Paul D.Williams, Kevin P.Anchor,John L.Bebo,Gregg H.Gunsch,Gray D.Lamout. CDIS: Towards a Computer Immune System for Detecting Network Intrusions. Proceedings 4th International Symposium, RAID 2001 Davis,CA,USA,October 10-12, 2001
[67]. J. Kim and P. Bentley. The human Immune system and Network Intrusion Detection. Proceedings of 7th European Congress on Intelligent techniques– SoftComputing (EUFIT). Aachan. Germany. September 13-19, 1999.
[68]. J. Kim and P. Bentley. The Artificial Immune Model for Network Intrusion Detection. 7th European Congress on Intelligent Techniques and Soft Computing (EUFIT’99). Aachen.Germany. September 13-19, 1999.
[69]. J. Kim and P. Bentley. Negative Selection and Niching by an artificial immune system for network intrusion detection. Late Breaking Papers, GECCO. Orlando, USA. Morgan- Kaufmann. 1999.
[70]. J. Kim and P. Bentley. Towards an Artificial Immune System for Network Intrusion Detection: An investigation of Clonal Selection with a negative Selection Operator. In the proceedings of the Congress on Evolutionary Computation. (CEC), Seoul, Korea, May 27-30, 2001.
[71]. D. Dasgupta. A new Algorithm for Anomaly Detection in Time series Data. In International Conference on Knowledge based Computer Systems (KBCS-96), Bombay, India, December 16-18, 1996.
[72]. D. Dasgupta. Using Immunological Principles in Anomaly Detection. In Proceedings of the Artificial Neural Networks in Engineering (ANNIE'96), St. Louis, USA, November 10-13, 1996.
[73]. D. Dasgupta. Immunity-Based Intrusion Detection Systems: A General Framework. In the proceedings of the 22nd National Information Systems Security Conference (NISSC), October 18-21, 1999.
[74]. D. Dasgupta and S. Forrest. Artificial Immune Systems in Industrial Applications. In the proceedings of the Second International Conference on Intelligent Processing and Manufacturing of Materials (IPMM), Honolulu, July 10-15, 1999.
[75]. Zhou Ji, Dipankar Dasgupta. Real -Valued Negative Selection Algorithm with Variable-Sized Detectors. In the proceedings of International Conference on Genetic and Evolutionary Computation (GECCO), Seattle, Washington USA, June 26-30, 2004.
[76]. O. Nasraoui, F. Gonzalez and D. Dasgupta. The Fuzzy Artificial Immune System: Motivations, Basic Concepts, and Application to Clustering and Web Profiling. In the Proceedings of the IEEE World Congress on Computational Intelligence, Hawaii, May 12-17, 2002.
[77]. Brooks, R. A. Intelligence without representation. Artificial Intelligence 47(1-3):139-160, 1991.
[78]. M. Wooldridge, An Introduction to MultiAgent Systems, John Wiley & Sons, Ltd, 2002.
[79]. V. Dignum, A Model for Organizational Interaction: based on Agents, founded in Logic, SIKS Dissertation Series 2004-1, Utrecht University, 2004. PhD Thesis.
[80]. Claus, C., Boutilier, C., 1997. The dynamics of reinforcement learning in cooperative multiagent systems. Collected Papers from the AAAI-97 Workshop on Multiagent Learning. AAAI Press, CA, pp. 746-752.
[81]. Minsky, M. The Society of Mind. New York: Simon & Schuster. 1986.
[82]. M. Woolridge, N. Jennings, Intelligent agents: theory and practice. Knowledge Engineering Review, 1995.
[83]. Wooldridge M, Jennings N R. Agent theories, architectures, and languages: A survey in agents .Lecture Notes in Artificial Intelligence. Amster dam: Springer Verlay, 1994, 890:1-32.
[84].朱淼良,邱瑜.移动代理系统综述.计算机研究与发展, vol.38, 2001(1)
[85].姜海域,杜军平.移动Agent技术在网格系统中的应用研究.北京工商大学学报(自然科学版), 2007,(03).
[86].陈松.移动Agent综述[J].计算机科学, 2002,(07).
[87].李海刚,吴启迪.多Agent系统研究综述[J].同济大学学报(自然科学版), 2003,(06).
[88].刘大有,杨鲲,陈建中. Agent研究现状与发展趋势[J]软件学报, 2000,(03).
[89]. V.A. Phan, A. Karmouch, Mobile software agents: an overview. IEEE Communication Magazine. 1998,31(7), pp. 26–37.
[90]. Object Management Group , Mobile agent system interoperability facilities specification,OMG TC Document orbos/97-10-05, 1997
[91]. D. Wong, N. Paciorek, D. Moore,Java-based mobile agents,Communications of ACM,1999,42(3):pp. 91-102
[92]. U. Leonhardt, J. Magee: Towards a General Location Service for Mobile Environments, Proceedings of IEEE Workshop on Services in Distributed andNetworked Environments, pp. 43-50, IEEE Computer Society, 1996.
[93]. David Ben-Ami, Onn Shehory, Evaluation of Distributed and Centralized Agent Location Mechanisms, Lecture Notes in Computer Science, Volume 2446, Jan 2002, pp. 264
[94]. Murphy A, Picco, GP. Reliable communication for highly mobile Agents. In Proceedings of the Agent Systems and Architectures/Mobile Agents (ASA/MA)’99. IEEE Computer Society Press, 1999, pp. 141-150.
[95]. Lazar S, Weerakoon I, Sidhu D. A scalable location tracking and message delivery scheme for mobile Agents. In Proceedings of the 7th IEEE International Workshops. IEEE Computer Society, 1998, pp. 243-248
[96]. Di Stefano, Lo Bello, Santoro, Naming and locating mobile agents in an Internet environment. Enterprise Distributed Object Computing Conference, EDOC’99, 1999, pp. 153-161
[97]. Belle WV, Verelst K, D’Hondt T. Location transparent routing in mobile Agent systems-merging name lookups with routing. In Proceedings of the 7th IEEE Workshop on Future Trends of Distributed Computing Systems. 1999. pp. 207-212.
[98]. D. Lange, M. Oshima. Programming and Deploying Java Mobile Agents with Aglets, Addison Wesley, 1998
[99]. Object Space Inc. Voyager core package technical overview. Technical Report, 1997
[100]. G. Cabri, L. Leonardi, and F. Zambonelli,Mobile-agent coordination models for Internet applications,IEEE Computer,2000:33(2), pp. 82-89
[101]. J. Cao, X. Feng, J. Lu, and S. K. Das. Mailbox-Based Scheme for Mobile Agent Communications. IEEE Computer, 2002:35(9), pp. 54-60
[102]. J. Baumann and K. Rothermel,Shadow approach: An orphan detection protocol for mobile agents,2nd Int. Workshop on Mobile Agents (MA’98), 1998, LNCS 1477, pp. 2-13
[103]. A. D. Stefano and C. Santoro,Locating mobile agents in a wide distributed environment,IEEE Transactions on Parallel and Distributed Systems, 2002:13(8), pp. 153-161
[104]. Tayal, M., Location services in the GSM and UMTS networks, Personal WirelessCommunications, 2005 IEEE International Conference, 2005, pp. 373-378
[105]. Stolfo S J, Hershkop S, Wang K. A behavior-based approach to securing email systems. MMM-ACNS[C]. Petersburg, Russia, 2003, pp. 57-81.
[106]. N. K. Jerne. Towards a network theory of the immune system. Ann. Immunol. (Inst. Pasteur), 125C: pp. 373-389, 1974.
[107]. J. D. Farmer, N. H. Packard, A. S. Perelson. The immune system, adaptation, and machine learning. Physica D, 22:187-204, 1986.
[108]. H. Bersini and F. Varela. Hints for Adaptive Problem Solving Gleaned from Immune Network. In Parallel Problem Solving from Nature, H.P. Schwefel and H. M'hlenbein (Eds.), Springer-Verlag, pp. 343-354, 1990.
[109]. L. N. de Castro, F. J. Von Zuben. Learning and Optimization Using the Clonal Selection Principle. In the Special Issue on Artificial Immune Systems of the journal IEEE Transactions on Evolutionary Computation, Vol. 6, No. 3, June 2002.
[110]. Kim, Bentley. A Model of Gene Library Evolution in the Dynamic Clonal Selection Algorithm.1st International Conference on Artificial Immune Systems (ICARIS-2002), University of Kent at Canterbury, UK, September 9th-11th, 2002.
[111]. 1st International Conference on Artificial Immune Systems (ICARIS-2002) University of Kent, September 9-11, 2002, Canterbury. http://www.artificial-immune-systems.org/
[112].莫宏伟.人工免疫系统原理与应用.哈尔滨:哈尔滨工业大学出版社, 2003
[113].李涛.计算机免疫学.北京:电子工业出版社, 2004
[114].闰巧,谢维信免疫思想在计算机安全中系统中的应用.计算机科学, 2002年第2期
[115]. [0]肖人彬,王磊.人工免疫系统:原理、模型、分析与展望.计算机学报,Vo1.25, No.12, 1281-1293, 2002.
[116]. J. Timmis. Dissertation Title: Artificial immune systems: A novel data analysis technique inspired by the immune network theory. Department of Computer Science, University of Wales, Aberystwyth. Ceredigion. Wales, UK, August 2000.
[117]. Dasgupta, D., et al, Artificial Immune System (AIS) Research in the Last Five Years, IEEE Conference on Electronic Commerce 2003
[118]. J. Timmis, J. I., Knight, T., L. N. De Castro and E. Hart. An Overview of ArtificialImmune Systems: An Emerging Technology, invited chapter for the book CYTOCOM, 2001.
[119]. E. Hart J. Timmis, Application Areas of AIS: The Past, the Present and the Future. International Conferences on Artificial Immune Systems 2005. Springer-Verlag. 2005
[120]. J. Timmis, J. I., Knight, T., L. N. De Castro and E. Hart. An Overview of Artificial Immune Systems: An Emerging Technology, invited chapter for the book CYTOCOM, 2001.
[121]. Fernando Esponda, Stephanie Forrest and Paul Helman, A Formal Framework for Positive and Negative Detection Schemes, IEEE Transactions on System, Man, and Cybernetics, in press, 2003
[122]. Forrest S, Hofmeyr S, Somayaji A. Computer immunology [J]. Communications of the ACM, USA, 1997, 40(10): 88-96.
[123].李宏东,姚天翔译,模式分类(第二版).北京:机械工业出版社, 2003
[124]. Quinlan J R., Induction of decision trees. Machine Learning, 1986, 1:81-106
[125]. Rumelhart D E, Hinton G E, Williams R J. Learning internal representations by error propagation. Parallel Distributed Processing. Cambridge, MA: MIT Press, 1986
[126]. DeJong K A , Spear s W M , Gordon D F. Using genetic algorithms for concept learning. Machine Learning, 1993, 13: 161-188
[127]. Langley P, Iba W, Thompson K. An analysis of Bayesian classifiers. AAAI(1990), 1990. 223-228
[128]. Cover T M , Hart P E. Nearest neighbor pat tern classification. IEEE Transactions on Information Theory, 1967, 13:21-27
[129]. Pawlak Z. Rough Classification. Int. J Man Machine Studies, 1984 ,20 : 469~483
[130]. Cristianini N, Shawe Taylor J. An Introduction to Support Vector Machines. Cambridge University Press, 2000
[131]. Lim T , Loh W, Shih Y. A Comparison of Prediction Accuracy, Complexity, and Training Time of Thirty three Old and New Classification Algorithms. Machine Learning, 2000, 40: 203-228
[132]. M. Oprea and S. Forrest. How the immune system generates diversity: Pathogenspace coverage with random and evolved antibody libraries. 1999 Genetic and Evolutionary Computation Conference (GECCO), July 1999.
[133]. S. Forrest, B. Javornik, R. Smith, and A. Perelson. Using genetic algorithms to explore pattern recognition in the immune system. Evolutionary Computation, 1993:1(3), pp. 191-211
[134]. Dasgupta, D. and Nino, F. A comparison of negative and positive selection algorithms in novel pattern detection. In The Proceedings of the IEEE International Conference on Systems, Man and Cybernetics (SMC), Nashville. 2000.
[135]. de Castro LN, Timmis J. Artificial immune systems: a novel paradigm for pattern recognition. In: Artificial Neural Networks in Pattern Recognition, 2002, pp. 67–84.
[136]. E. Hart. Not all balls are round: An investigation of alternative recognition-region shapes. International Conferences on Artificial Immune Systems 2005, pp. 29-42.
[137]. Dong, J.X., Krzyzak, A., Suen, C.Y., Comparison of algorithms for handwritten numeral recognition. Technical Report, CENPARMI, Concordia University, Montreal. 1999
[138]. LeCun, Y., Boser, B., Denker, J.S., et al. Handwritten digit recognition with a back-propagation network. Advances in Neural Information Processing Systems, 2, pp.396-404, 1990
[139]. S.-W. Lee, Off-line recognition of totally unconstrained handwritten numerals using multilayer cluster neural network. IEEE Trans. Pattern Anal. Machine Intell., vol. 18, pp. 648-652, June 1996.
[140]. Bahlmann, C. Haasdonk, B. Burkhardt, H. Online handwriting recognition with support vector machines-a kernel approach. Frontiers in Handwriting Recognition, 2002. Proceedings. Eighth International Workshop on 2002. pp. 49-54
[141]. J. Hu, M. K. Brown and W. Turin, HMM based on-line handwriting recognition, IEEE Trans. Pattern Anal. Mach. Intel., vol. 18, pp. 1039-1045, Oct. 1996.
[142]. Schlapbach, A., Bunke, H. Off-line Handwriting Identification Using HMM Based Recognizers. Pattern Recognition, 17th International Conference on (ICPR'04) Vol. 2. Cambridge UK. pp. 654-658. 2004
[143]. Deepu V.; Madhvanath, S.; Ramakrishnan, A.G. Principal Component Analysis foronline handwritten character recognition ICPR 2004. Proceedings of the 17th International Conference on Pattern Recognition, Aug. 2004. Vol. 2, pp.23-26
[144]. B. Kegl and A Krzyzak et al, Piecewise linear skeletonization using principal curves, IEEE Transactions on Pattern Analysis and Machine Intelligence 24 (1), 2002, pp.59-74.
[145]. Salah A A ,Alpaydin E ,Akarun L. A selective attention based method for visual pattern recognition with application to handwritten digit recognition and face recognition. Pattern Analysis and Machine Intelligence. IEEE Transactions on ,2002 ,24(3) :789 - 796.
[146]. Dong, J.X., Krzyzak, A., Suen, C.Y., 2001. Statistical result of human performance on USPS database. Technical Report, CENPARMI, Concordia University.
[147].芮挺,沈春林,丁健,基于最佳鉴别变换的HMM手写数字字符识别,中国图像图形学报,Vol.9 No.8, p1008-1013,2004
[148].芮挺,沈春林,丁健,张金林,基于主分量分析的手写数字字符识别,小型微型计算机系统,Vol.26 No.2, p289-292,2005
[149]. S. M. Garrett, How Do We Evaluate Artificial Immune Systems?, Evolutionary Computation, 13(2), pp 145-178, 2005
[150]. R. J. DeBoer, L. A. Segel and A. S. Perelson. Pattern formation in one and two dimensional shape space models of the immune system. J. Theoret. Biol., 155:295-333, 1992.
[151]. Fernando Esponda, Stephanie Forrest and Paul Helman, A Formal Framework for Positive and Negative Detection Schemes, IEEE Transactions on System, Man, and Cybernetics, in press,2003
[152]. V. Cutello, G. Nicosia. A Clonal Selection Algorithm for Coloring, Hitting Set and Satisfiability Problems. In the proceedings of International Workshop on Natural and Artificial Immune Systems (NAIS 2005) Vietri sul Mare, Salerno, Italy, June 9-10, 2005.
[153]. Jian Zhang, Hua-Can He, Min Zhao. Hybrid detector set: detectors with different affinity. In Proceedings of the 3rd international conference on Information security, Shanghai, China, 2004, pp. 87-91
[154]. Sankalp Balachandran. Masters Thesis: Multi-shaped Detector generation usingReal-valued representation for Anomaly Detection. University of Memphis, Memphis, TN, US, December 2005.
[155]. Fernando Esponda and Stephanie Forrest, Detector coverage under the r-contiguous bits matching rule, The University of New Mexico, Albuquerque, NM, TR-CS-2002-03, 2002.
[156]. Zhou Ji, Dipankar Dasgupta. Estimating the Detector Coverage in a Negative Selection Algorithm. In the proceedings of the Genetic and Evolutionary Computation Conference (GECCO), Washington, D.C., June 25-29, 2005
[157]. P. D'haeseleer, S. Forrest, and P. Helman. An Immunological Approach to Change Detection: Algorithms, Analysis, and Implications. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy
[158]. S. T. Wierzchon. Generating Optimal Repertoire of Antibody Strings in an Artificial Immune System. In M. Klopotek, M. Michalewicz and S. T. Wierzchon (eds.) Intelligent Information Systems. Advances in Soft Computing Series of Physica-Verlag/Springer Verlag, Heidelberg/New York 2000, Physica-Verlag, 119-133.
[159]. J.K. Percus, O.E.Percus, and A. S. Perelson. Probability of self-nonself discrimination. In: A. S.Perelson and G. Weisbbuch, ed. Theoritical and Experimental Insights into Immunology, NY: Springer-Verlag, 183-197. 1992.
[160]. S. Forrest, A. Somayaji and D. H. Ackley. Building diverse computer systems. In Proceedings of the Sixth Workshop on Hot Topics in Operating Systems, IEEE Computer Society Press, Los Alamitos, CA, pp. 67-72, 1997.
[161]. [0]P. D'haeseleer, S. Forrest, and P. Helman. An Immunological Approach to Change Detection: Algorithms, Analysis, and Implications. In: Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy
[162]. Thomas Stibor, Jonathan Timmis and Eckert Claudia. The Link between r-contiguous Detectors and k-CNF Satisfiability. In the proceedings of IEEE World Congress on Computational Intelligence (special session on recent development in artificial immune systems) in Congress on Evolutionary Computation, Vancouver, Canada, July 17-21, 2006.
[163]. A. S. Perelson and G. F. Oster. Theoretical studies of clonal selection: Minimalantibody repertoire size and reliability of self- non-self discrimination. J. Theoret. Biol., 81:645-670, 1979