基于机器学习的入侵检测技术研究
|
摘要
入侵检测技术作为动态安全系统(P2DRR)最核心的技术之一,在网络纵深防御体系中起着极为重要的作用,它是静态防护转化为动态防护的关键,也是强制执行安全策略的有力工具。随着网络攻击手段的日益复杂化、多样化和自动化,传统的入侵检测系统(IDS)已不能满足安全需求。为了对付目前越来越频繁出现的分布式、多目标、多阶段的组合式网络攻击和黑客行为,提高在高带宽、大规模网络环境下入侵检测的效率、降低漏报率和缩短检测时间,把先进的机器学习方法引入到IDS中来已成为一种共识。
本文的主要工作是将目前几种有生命力的机器学习策略应用于入侵检测技术中,论文从入侵检测的不同视角出发,系统深入地研究了统计学习理论、基于符号的归纳学习理论和遗传学习方法在入侵检测信号分析中的应用技术,并在可能近似正确(PAC)学习框架下,利用计算学习理论和统计假设检验方法对基于不同机器学习策略的入侵检测方法进行了性能比较和评估。
在基于统计学习理论的入侵检测研究中,把入侵检测看作是一个模式识别问题,即根据网络流量特征和主机审计记录等观测数据来区分系统的正常行为和异常行为。针对训练样本是未标定的不均衡数据集的情况,把攻击检测问题视为一个孤立点发现或样本密度估计问题,采用了超球面上的One-class SVM算法来处理这类问题;针对有标定的不均衡数据集对于数目较少的那类样本分类错误率较高的情况,引入了加权SVM算法-双v-SVM算法来进行异常检测;进一步,基于1998 DARPA入侵检测评估数据源,把两分类SVM算法推广至多分类SVM算法,并做了多分类SVM算法性能比较实验。
在把基于符号的归纳学习理论应用于入侵检测方面,基本思想是把入侵检测视为一个知识表达和规则提取问题。建立在不可区分关系上的粗糙集(Rough set)理论为这一类型的机器学习提供了共同的理论基础。论文详细地研究了基于Rough集知识表达和规则获取的进程正常行为的建模方法,在此基础上,结合统计机器学习理论,提出了一种Rough集约简和支持向量机分类相结合的混合异常检测算法,其基本思想是采用Rough集属性约简的方法压缩数据空间,然后利用v-SVM两分类算法处理约简和正规化后的数据,算法在不损失检测精度的前提下有效缩短了检测时间,更适用于实时入侵检测场合。
在基于遗传学习的入侵检测研究中,把机器学习看作一个搜索过程,即入侵检测可视为基于训练样本集,按照既定的搜索策略对入侵规则的搜索或逼近问题。在对遗传算法(GA)实现的相关技术问题,如关键参数选择、操作设计和算法改进等内容深入分析的基础上,论文研究了基于小生境遗传算法的入侵规则自动获取方法,同时给出了相应的异常检测仿真实验结果。然后,结合基于符号的归纳学习理论,提出了一种采用Rough集约简和遗传规则提取的混合检测方法,它利用Rough集约简得到的决策规则集作为GA的初始种群,从而节省了进化代数,提高了检测精度。
论文在上述研究的基础上,对基于不同机器学习方法的入侵检测技术进行了性能比较和评估。在可能近似正确学习(PAC)框架下,分析了学习算法的样本复杂度和计算复杂度
Intrusion detection, one of the most kernel technologies in dynamic security systems (P2DRR), plays a very important role in the deep defense hierarchy system of network, which is the key of the conversion from static defense to dynamic defense, and as well a powerful tool of forcibly implementing the security policy. With the increasing sophistication, diversification and automatization of network attack tricks, traditional intrusion detection systems (IDS) can't any longer meet the need of security. In order to withstand more and more frequent compound network attacks and hacker commitment of distribution, multiobjective, multistage nowadays, improve intrusion detection efficiency under the circumstance of high band width and large-scale network, decrease false negative rate and shorten detection time, incorporating advanced machine learning techniques into IDS is already a well-known thought.
The dissertation mainly aims at applying several active machine learning strategies to intrusion detection and systematically studies signal analysis techniques of intrusion detection based on statistical learning theory (SLT), symbol inductive learning theory and genetic learning method. Meanwhile, performance comparison and evaluation among intrusion detection techniques based on different machine learning strategies are presented according to computational learning theory and statistical hypothesis test methodology.
Intrusion detection is regarded as a pattern recognition problem in term of statistical learning theory; i. e., normal behavior and anomaly are distinguished on the basis of observed datum such as network flows and audit records of host. When a training sample set is unlabelled and unbalanced, attack detection is treated as outlier detection or density estimation of samples and one-class SVM of hypersphere can be utilized to solve it. When a training sample set is labelled and unbalanced so that the class with small size will reach a much high error rate of classification, a weighted SVM algorithm, i. e., dual v-SVM, is introduced into anomaly detection. Furthermore, the dissertation extends the binary SVM algorithm into multiclass SVM and illustrates the corresponding performance comparison experiment.
Symbol inductive learning theory also has application in intrusion detection and its fundamental idea is considering intrusion detection as the problem of knowledge representation and rule extraction. Rough set theory is founded on indiscernibility relations and the common theory basis of this kind of machine learning. The dissertation explores the modeling approaches of normal behavior of process on the ground of knowledge representation and rule acquisition of Rough set. Besides it, a hybrid anomaly detection algorithm associating reduct of rough set with classification of SVM is proposed. The underlying idea is reducing data dimension in virtue of attribute reduct, then operating reduced and normalized datum using the binary v-SVM algorithm. The algorithm efficiently shortens detection time but not loses detection precision, thus it is more suitable for real-time intrusion detection.
Another understanding about intrusion detection is viewing machine learning as a searching process, that is to say, intrusion detection is in essence the searching or approximation issue of intrusion rules in accordance to established searching strategy. After some concerned
本文的主要工作是将目前几种有生命力的机器学习策略应用于入侵检测技术中,论文从入侵检测的不同视角出发,系统深入地研究了统计学习理论、基于符号的归纳学习理论和遗传学习方法在入侵检测信号分析中的应用技术,并在可能近似正确(PAC)学习框架下,利用计算学习理论和统计假设检验方法对基于不同机器学习策略的入侵检测方法进行了性能比较和评估。
在基于统计学习理论的入侵检测研究中,把入侵检测看作是一个模式识别问题,即根据网络流量特征和主机审计记录等观测数据来区分系统的正常行为和异常行为。针对训练样本是未标定的不均衡数据集的情况,把攻击检测问题视为一个孤立点发现或样本密度估计问题,采用了超球面上的One-class SVM算法来处理这类问题;针对有标定的不均衡数据集对于数目较少的那类样本分类错误率较高的情况,引入了加权SVM算法-双v-SVM算法来进行异常检测;进一步,基于1998 DARPA入侵检测评估数据源,把两分类SVM算法推广至多分类SVM算法,并做了多分类SVM算法性能比较实验。
在把基于符号的归纳学习理论应用于入侵检测方面,基本思想是把入侵检测视为一个知识表达和规则提取问题。建立在不可区分关系上的粗糙集(Rough set)理论为这一类型的机器学习提供了共同的理论基础。论文详细地研究了基于Rough集知识表达和规则获取的进程正常行为的建模方法,在此基础上,结合统计机器学习理论,提出了一种Rough集约简和支持向量机分类相结合的混合异常检测算法,其基本思想是采用Rough集属性约简的方法压缩数据空间,然后利用v-SVM两分类算法处理约简和正规化后的数据,算法在不损失检测精度的前提下有效缩短了检测时间,更适用于实时入侵检测场合。
在基于遗传学习的入侵检测研究中,把机器学习看作一个搜索过程,即入侵检测可视为基于训练样本集,按照既定的搜索策略对入侵规则的搜索或逼近问题。在对遗传算法(GA)实现的相关技术问题,如关键参数选择、操作设计和算法改进等内容深入分析的基础上,论文研究了基于小生境遗传算法的入侵规则自动获取方法,同时给出了相应的异常检测仿真实验结果。然后,结合基于符号的归纳学习理论,提出了一种采用Rough集约简和遗传规则提取的混合检测方法,它利用Rough集约简得到的决策规则集作为GA的初始种群,从而节省了进化代数,提高了检测精度。
论文在上述研究的基础上,对基于不同机器学习方法的入侵检测技术进行了性能比较和评估。在可能近似正确学习(PAC)框架下,分析了学习算法的样本复杂度和计算复杂度
Intrusion detection, one of the most kernel technologies in dynamic security systems (P2DRR), plays a very important role in the deep defense hierarchy system of network, which is the key of the conversion from static defense to dynamic defense, and as well a powerful tool of forcibly implementing the security policy. With the increasing sophistication, diversification and automatization of network attack tricks, traditional intrusion detection systems (IDS) can't any longer meet the need of security. In order to withstand more and more frequent compound network attacks and hacker commitment of distribution, multiobjective, multistage nowadays, improve intrusion detection efficiency under the circumstance of high band width and large-scale network, decrease false negative rate and shorten detection time, incorporating advanced machine learning techniques into IDS is already a well-known thought.
The dissertation mainly aims at applying several active machine learning strategies to intrusion detection and systematically studies signal analysis techniques of intrusion detection based on statistical learning theory (SLT), symbol inductive learning theory and genetic learning method. Meanwhile, performance comparison and evaluation among intrusion detection techniques based on different machine learning strategies are presented according to computational learning theory and statistical hypothesis test methodology.
Intrusion detection is regarded as a pattern recognition problem in term of statistical learning theory; i. e., normal behavior and anomaly are distinguished on the basis of observed datum such as network flows and audit records of host. When a training sample set is unlabelled and unbalanced, attack detection is treated as outlier detection or density estimation of samples and one-class SVM of hypersphere can be utilized to solve it. When a training sample set is labelled and unbalanced so that the class with small size will reach a much high error rate of classification, a weighted SVM algorithm, i. e., dual v-SVM, is introduced into anomaly detection. Furthermore, the dissertation extends the binary SVM algorithm into multiclass SVM and illustrates the corresponding performance comparison experiment.
Symbol inductive learning theory also has application in intrusion detection and its fundamental idea is considering intrusion detection as the problem of knowledge representation and rule extraction. Rough set theory is founded on indiscernibility relations and the common theory basis of this kind of machine learning. The dissertation explores the modeling approaches of normal behavior of process on the ground of knowledge representation and rule acquisition of Rough set. Besides it, a hybrid anomaly detection algorithm associating reduct of rough set with classification of SVM is proposed. The underlying idea is reducing data dimension in virtue of attribute reduct, then operating reduced and normalized datum using the binary v-SVM algorithm. The algorithm efficiently shortens detection time but not loses detection precision, thus it is more suitable for real-time intrusion detection.
Another understanding about intrusion detection is viewing machine learning as a searching process, that is to say, intrusion detection is in essence the searching or approximation issue of intrusion rules in accordance to established searching strategy. After some concerned
引文
[1] J.P Anderson. Computer Security Threat Monitoring and Surveillance [R]. Technical report. Fort Washington, Pennsylvania: James P Anderson Co., April 1980.
[2] D.E Denning. An Intrusion Detection Model [J]. IEEE Transaction on Software Engineering, Vol. SE-13, No. 2, 1987, pp. 222-232.
[3] M. Roesch. Snort-Lightweight Intrusion Detection for Networks [EB/OL]. http://www.snort. org/docs/lisapaper.txt.
[4] V. Paxson. Bro: A system for detecting network intruders in real-time [A]. Proc. of the Seventh USENIX Security Symp, San Antonio, TX, Jan. 1998.
[5] V. Jacobson, C. Leres and S. McCanne. Libpcap [EB/OL]. Lawrence Berkeley National Laboratory, http://www-nrg.ee.lbl.gov/, 1994.
[6] C. Dowel and P. Ramstedt. The computer watch data reduction tool [A]. In Proc. of the 13th National Computer Conference, pp. 99-108, Washington DC, USA, Oct. 1990.
[7] M. M. Sebring, E. Shellhouse, M. E. Hanna, et al. Expert systems in intrusion detections: a case study [A]. In Proceedings of the 11th National Computer Security Conference, pp. 74-81, Baltimore, Marland, Oct. 17-20, 1998. National Institute of Standards and Technology/National Computer Security Center.
[8] T. F. Lunt, A. Tamaru, F. Gilham, et al. A real-time intrusion -detection expert system (IDES) [R]. Technical Report Project 6784, CSL, SRI International, Computer Science Laboratory, SRI Intl. 333 Ravenswood Ave., Menlo Park, CA 94925-3493, USA, Feb. 1992.
[9] D. Anderson, T. Frivold and A. Valdes. Next-generation intrusion detection expert system (NIDES): a summary [R]. Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, May 1995.
[10] U. Lindqvist and P.A. Porras. Detecting computer and network misuse through the Production-Based Expert System Toolset (P-BEST) [A]. In Proceedings of the 1999 Symposium on Security and Privacy, Oakland, California, May 1999.
[11] S. R. Snapp, S. E. Smaha, D. M. Teal, et al. The DIDS (distributed intrusion detection system) prototype [A]. In Proceedings of the Summer USENIX Conference, pp. 227-233, San Antonio, Texas, June 8-12, 1992. USENIX Association.
[12] K. Ilgun. USTAT: a real-time intrusion detection system for UNIX [A]. In Proc. of the 1993 IEEE Symposium on Security and Privacy, pp. 16-28, Oakland, California, May 24-26, 1993.
[13] S. Kumar. Classification and detection of computer intrusion [D]. PhD thesis, Purdue University, West Lafayette, Indiana, Aug. 1995.
[14] S. Kumar and E. H. Spafford. An application of pattern matching in intrusion detection [R]. Technical Report CSD-TR-94-013, The COAST Project, Dept. of Computer Sciences, Purde University, West Lafayette, IN, USA, Jun. 17, 1994.
[15] J. Habra, B. L. Charlier, A. Mounji, et al. ASAX: Software architecture and rule-based language for universal audit trail analysis [A]. In Yves Deswarte., editors, Computer Security-Proceedings of ESORICS 92, vol. 648 of LNCS, pp. 435-450, Toulouse, France, Nov. 23-25, 1992. Springer-Verlag.
[16] J. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff, et al. An architecture for intrusion detection using autonomous agents [R]. Technical Report Coast TR 98-05, The COAST Project, Dept. of Comp. Sciences, Purde Univ., West Lafayette, IN, 47907-1398, USA, 1998.
[17] Tripwire Inc. Safeguarding Data, Network and Your Business’ Integrity [EB/OL]. http://www.tripwire.com/, 2000.
[18] J. Hochberg, K. Jackson, C. Stallings, et al. NADIR: an automated system for detecting network intrusion and misuse [J]. Computer Security, 12 (3): 235-248, 1993.
[19] S. E. Smaha. Haystack: an intrusion detection system [A]. In Proceedings of the IEEE 4th Aerospace Computer Security Applications Conference, Orlando, FL, USA, Dec 1998. IEEE Computer Society Press, Los Alamitos, CA, USA.
[20] L. Lankewicz and M. Benard. A Nonparametric Pattern Recognition Approach to Intrusion Detection [R]. Technical Report, Tulane University Department of Computer Science, Number TUTR 90-106, October 1990.
[21] H. S. Vaccaro and G. E. Liepins. Detection of anomalous computer session activity [A]. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 280-289, Oakland, California, May 1-3, 1989.
[22] Teng, H. S., Chen, K., Lu, S. C. Security audit trail analysis using inductively generated predictive rules [A]. In Proceedings of the 6th Conference on Artificial Intelligence Applications, pages 24-29, May 1990.
[23] T. Heberlein, G. Dias, K. Levitt, et al. A network security monitor [A]. In Proc. of the 1990 IEEE Symposium on Research in Security and Privacy, pp. 296-304. IEEE Compt. Soc. Press, Los Alamitos, CA, USA, 1990.
[24] C. Wee, R. Yip, D. Zerkle. GrIDS - A Graph Based Intrusion Detection System for Large Networks [A]. Proc. of the 19th National Information Systems Security Conference, Baltimore, MD, Oct. 1996, 361 – 370.
[25] J. Balasubramaniyan, J. Garcia-Fernandez, E. H. Spafford, et al. An Architecture for Intrusion Detection using Autonomous Agents [R]. Department of Computer Sciences, Purdue University; Coast TR 98-05, 1998.
[26] P. A. Porras and P. G. Neumann. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances [A]. In Proceedings of the Nineteenth National Computer Security Conference, pp. 353-365. Baltimore, Maryland, 22-25 October 1997.
[27] J. Pickel and R. Danyliw. Enabling Automated Detection of Security Events that affect Multiple Administrative Domains [R]. Carnegie Mellon University Information Networking Institute. 2000.
[28] C. Krugel, T. Toth, and C. Kerer. Decentralized event correlation for intrusion detection [R]. In Proceedings of Information Security and Cryptology - ICISC 2001, Seoul, Korea, pp. 114–131, Dec. 6–7, 2001.
[29] Staniford-Chen, S., Tung, B., and Schnackenberg, D. The Common Intrusion Detection Framework (CIDF) [R]. Position paper accepted to the Information Survivability Workshop, Orlando FL, October 1998.
[30] T. Ptacek and T. Newsham. Insertion, Evasion, and Denial of Service: Eluding NetworkIntrusion Detection [EB/OL]. Secure Networks Inc., 1998. http://www.nai.com/services/support /whitepapers/security/IDSpaper.pdf.
[31] C. Sinclair, L. Pierce and S. Matzner. An application of machine learning to network intrusion detection [A]. In: Proceedings of the 15th Annual Computer Security Applications Conference, 1999, 371-377.
[32] T. Lane and C. Brodley. An application of machine learning to anomaly detection [A]. In: Proceedings of the 20th National Information Systems Security Conference, 1997, 366-377.
[33] F. Rosenblatt. The perceptron: a perceiving and recognizing automaton [R]. Technical report 85-460-1. Ithaca NY: Cornell Aeronautical Laboratory, 1957.
[34] B. Widrow and M. Hoff. Adaptive switching circuits [A]. IRE WESCON convention record (Part 4) [C]. New York: Institute of Radio Engineers, 1960, 96-104.
[35] L. Samuel. Some studies in machine learning using the game of checkers II [J]. IBM Journal Research and Development, 1967, 11 (4): 601-618.
[36] S. Michalski and L. Chilausky. Learning by being told and learning from examples: An experimental comparison of two methods of knowledge acquisition in context of developing on expert system for soybean disease diagnosis [J]. Inter-national Journal of Policy Analysis and Information Systems, 1980, 4 (2): 125-160.
[37] J. Quinlan. Induction to decision trees [J]. Machine Learning, 1986, 1(1): 81-106.
[38] JJ. Hopfield. Neural networks and physical systems with emergent collective computational abilities [A]. Proc. Natl. A-cad. Sci., USA, 1982, (79): 2254-2258.
[39] T. Kohonen. Self-organized formation of topologically correct feature maps [J]. Biio, Cybern., 1982, 43, 56-69.
[40] Grossberg. Competitive learning: from interactive activation to adaptive resonance [J]. Cognitives Science, 1987, 23 (11): 23-63.
[41] D. E. Remulhart and J. McClelland. Parallel distributed processing: exploration in the microstructure of cognition [M]. Vol 1 & 2. MIT Press, Cambridge, MA, 1986.
[42] M. Minsky and S. Papert. Perceptron: an introduction to computational geometry [M]. MA, MIT Press, 1969.
[43] L. Valiant. A theory of learn ability [J]. Communications of the ACM, 1984, 27: 1134-1142.
[44] J. Carbonell. Introduction: paradigms for machine learning [J]. Artificial Intelligence, 1989, 40 (1): 1-9.
[45] T. Dietterich. Machine learning research: four current directions (Final draft) [J]. Artificial Intelligence Magazine, 1997, 18 (4): 97-136.
[46] V. N. Vapnik. The nature of statistical learning theory [M]. New York: Springer, 1995.
[47] R. Duda and P. Hart. Pattern classification and scene analysis [M]. Hoboken, NJ: John Wiley & Sons, 1973.
[48] V. N. Vapnik. Estimation of dependence based on empirical data [M]. New York: Springer, 1982.
[49] V. N. Vapnik and A. Y. Chervoknenkis. On the uniform convergence of relative frequencies of events to their probabilities [J]. Theory of Probab. and its application, 1971, 16 (2).: 263-280.
[50] V. N. Vapnik, S. Golowich and A. Smola. Support vector method for function approximation,regression and signal processing [A]. In: Advances in Neural Information Processing Systems 9, Cambridge, MA, MIT Press, 1997: 281-287.
[51] E. Edgar, R. Freund and F. Girosi. Support vector machines: training and applications [M]. AI Memo 1602, MIT AI LAB, 1997.
[52] T. T. Friess, N. Cristianimi and C. Campbell. The kernel adatron algorithm: a fast and simple learning procedure for support vector machines [A]. In Proceedings of 15th Intl. Conf. Machine Learning. Morgan Kaufman Publishers, 1998.
[53] O. L. Mangasarian and D. R. Musicant. Successive overrelaxation for support vector machines [J]. IEEE Trans. Neural Networks, 1999, 10 (5): 1032-1037.
[54] B. Sch?lkopf, Smola A., Williamson R. C., et al. New support vector algorithms [J]. Neural Computation. 2000, 12(5): 1207-1245.
[55] B. Sch?lkopf, John C. Plattz. Estimating the support of a high-dimensional distributes [J]. Neural Computation, 2001, 13(7): 1443-1472.
[56] Tax D. and Duin R. Data domain description by support vectors [A]. In Proc. of ESANN99, M Verleysen (ed.), D. Facto Press, Brussels, Baldonado, M., Chang, 1999: 251-256.
[57] Y. Lee and O. L. Mangasarian. RSVM: Reduced Support Vector Machines [A]. In: Proc. of the First SIAM International Conference on Data Mining, Chicago, April 5-7, 2001.
[58] K. M. Lin and C. J. Lin. A study on reduced support vector machines. To appear in IEEE Trans. on Neural Network, 2003.
[59] J. Suykens and J. Vandewalle. Least square support vector machine classifiers [J]. Neural Processing Letters, 1999, 9 (3): 293-300.
[60] H. G. Chew, D. J. Crisp, R. E. Bogner, and C. C. Lim. Target Detection in Radar Imagery using Support Vector Machines with Training Size Biasing [A]. In Proc. of the Sixth International Conference on Control, Automation, Robotics and Vision (ICARCV 2000), CD-ROM, Singapore, 2000.
[61] H. G. Chew, R. E. Bogner, and C. C. Lim. Dual nu-Support Vector Machine with Error Rate and Training Size Biasing [A]. In Proceedings of the 26th International Conference on Acoustics, Speech and Signal Processing (ICASSP 2001), pp. 1269-1272, Salt Lake City, Utah, USA, 2001.
[62] W. J. Hu, Y. H. Liao and V. R. Vemuri. Robust anomaly detection using support vector machines [J]. IEEE Transactrions on Pattern Analysis and Machine Intelligence. In press.
[63] C. Domeniconi and D. Gunopulos. Incremental support vector machine construction [A]. Proceedings of IEEE Int. Conf. on Data Mining. San Jose, USA: IEEE, 2001, 589-592.
[64] F. Glenn and O. L. Mangasarian. Incremental support vector machine classification [R]. Data Mining Institute Technical Report 01-08, Sept. 2001.
[65] E. Osuna, R. Freund and F. Girosi. Training support vector machines: an application to face detection [A]. In: Proceedings of CVPR’97, New York, NY, IEEE, 1997: 130-136.
[66] T. Joachims. Transductive Inference for Text Classification using Support Vector Machines [A]. In: Proc. of the 16th International Conference on Machine Learning (ICML). Morgan Kaufmanm, 1999: 148-156, 1999.
[67] P. Laskov. Feasible direction decomposition algorithms for training support vector machines [J]. Machine Learning, 2002, 46 (1): 315-349.
[68] C.-W. Hsu and C.-J. Lin. A comparison of methods for multi-class support vector machines [J]. IEEE Transactions on Neural Networks, 13(2002), 415-425.
[69] C.-J. Lin. On the convergence of the decomposition method for support vector machines [J]. IEEE Transactions on Neural Networks 12(2001), 1288-1298.
[70] J. C. Platt. Fast training of support vector machines using sequential minimal optimization [A]. B. Sch?lkopf, C. Burges and A. J. Smola. Advances in kernel method-support vector learning [C]. Cambridge, MA: MIT Press, 1999: 185-208.
[71] N. E. Ayat, M. Cheriet and L. Remaki, et al. KMOD-a new support vector machine kernel with moderate decreasing for pattern recognition, application to digital image recognition [A]. Proceedings of 6th Int. Conf. on Document Analysis and Recognition [C]. Seattle, USA: IEEE, 2001, 1215-1211.
[72] S. Amari and S. Wu. An Information-Geometrical Method for Improving the Performance of Support Vector Machine Classifiers [A]. ICANN'99, pp.85-91.
[73] O. Chapelle, V. Vapnik, O. Bousquet, et al. Choosing Multiple Parameters for Support Vector Machines [J]. Machine Learning, 2002, 46(1-3): 131-159.
[74] J. Weston and C. Watkins. Multi-class support vector machines [A]. In: M. Verleysen, eritor. Proceedings of ESANN99, Brussels, 1999, D. Factor Press.
[75] D. J. Sebald and J. A. Bucklew. Support vector machines and the multiple hypothesis test problem [J]. IEEE Trans. Signal Processing, vol. 49, no. 11, pp. 2865-2872, Nov. 2001.
[76] F. Schwenker. Hierarchical support vector machines for multi-class pattern recognition [A]. Proceedings of the 4th Int. Conf. on Knowledge-based Intelligence Engineering Systems & Allied Technologies. Brighton, UK, 2000-08-30/09-01.
[77] J. C. Platt, N. Cristianimi and J. T. Shawe. Large margin DAGs for multi-class classification [A]. In: Advances in Neural Information Processing Systems, MIT Press, 2000 (12): 547-553.
[78] T. G. Dietterich and G. Bakiri. Solving multi-class learning problem via error-correcting output codes [J]. Journal of Artificial Intelligence Research, 1995 (2): 263-286.
[79] M. R. Sadjadi and S. A. Zekavat. Cloud classification using support vector machines [C]. In: Proc. of the 2000 IEEE Geoscience and Remote Sensing Symposium (GRASS 2000), Honolulu, Hawaii, 2000-07, (2): 669-671.
[80] B. Sch?lkopf, C. Burges and V. Vapnik. Extracting support data for a given task [A]. In: Fayyad U M, Uthurusamy R, eds. Proceedings of First Int. Conf. on Knowledge Discovery & Data Mining. German: AAAI Press, 1995: 262-267.
[81] S. Mukherjee, E. Osuna and F. Girosi. Nonlinear prediction of chaotic time series using a support vector machine [A]. In: Proc. of NNSP’97, 1997.
[82] J. Kwok. Support vector mixture for classification and regression problems [A]. ICPR’98, 1998.
[83] H. S. Seung and D.L. Daniel. The Manifold Ways of Perception [J]. Science, 12, pp. 2268-2269, 2000.
[84] S. T. Roweis, and K. S. Lawrance. Nonlinear Dimensionality reduction by locally linear embedding [J]. Science, 290, pp. 2323-2326, 2000.
[85] J. B. Tenenbaum, de Silva, V. and Langford, J. C. A global geometric framework fornonlinear dimensionality reduction [J]. Science, 290, pp. 2319-2323, 2000.
[86] V. de Silva and J. B. Tenenbaum. Global versus local methods in nonlinear dimensionality reduction [J]. Neural Information Processing Systems 15 (NIPS'2002), pp. 705-712, 2003.
[87] M. Belkin, P. Niyogi. Laplacian Eigenmaps for Dimensionality Reduction and Data Representation [J]. Neural Computation, Vol. 15, Issue 6, pp. 1373 –1396, 2003.
[88] A. Blumer, A. Ehrenfeuch and D. Haussler, et al. Learnability and the vapnik-chervonenkis dimension [J]. Journal of the ACM, 1989, 36 (4): 925-965.
[89] M. Kearns and U. Vazirani. An introduction to computational learning theory [M]. Cambridge, MA: MIT Press, 1994.
[90] R. Schapire. The strength of weak learnability [J]. Machine Learning, 1990, 5 (2): 197-227.
[91] Y. Freund and R. Schapire. A decision-theoretic generation of non-line learning and an application to boosting [J]. Journal of Computer and System Sciences, 1997, 55 (1): 119-139.
[92] R. Schapire, Y. Freund and Y. Bartlett, et al. Boosting the margin: a new explanation for the effectiveness of voting methods [J]. The Annals of Statistics, 1998, 26 (5): 1651-1686.
[93] J. Quinlan. Boosting first-order learning [A]. S. Arikawa, A. Sharma. In: Proc. of the 7th Int. Workshop on Algorithm learning theory [C]. Berlin: Springer, 1996, 1160: 143-155.
[94] M. Gold. Language identification in the limit [J]. Information and Control, 1967, 10 (5): 447-474.
[95] J. Hong and C. Unrik. The extension matrix approach to attribute-based learning [A]. Brartko I, Lavrac N. Progress in machine learning [C]. Wilmslow: SIGMA Press, 1987.
[96] Z. Pawlak. Rough set-theoretical aspects of reasoning about data [M]. Boston, MA: Kluwer Academic Publishers, 1991.
[97] A. Skowron and C. Rauszer. The discernibility matrices and functions in information systems [A]. Slowinski R. Intelligence decision support-handbook of application and advances of the rough sets theory [C]. Dordrecht: Kluwer Academic Publishers, 1992, 331-362.
[98] 熊丽君,许龙飞. Rough Set 理论及其应用研究进展(综述) [J]. 暨南大学学报(自然科学版). 2003, 24 (3): 70-75.
[99] Q. Mohamed. A-RST: a generation of rough set theory [J]. Information Science, 2000 (124): 301-316.
[100] G. Gunther and D. Ivo. Rough approximation quality revisited [J]. Artificial Intelligence, 2001 (132): 2219-2234.
[101] M. R. Anna and E. K. Etienne. A comparative study of fuzzy rough sets [J]. Fuzzy Sets and System, 2002 (126): 137-155.
[102] C. Kankana, B. Ranjit and N. Sudarsan. Fuzziness in rough sets [J]. Fuzzy Sets and System, 2000 (110): 247-251.
[103] L. Awan. Fuzzy-rough and rough-fuzzy serial combination in Neurocomputing [J]. Neurocomputing, 2001, 36: 29-44.
[104] W. S. Roman and H. Larry. Rough sets as a front end of neural-networks texture classifiers [J]. Neurocomputing, 2001, 36: 85-102.
[105] J. Tegthem. Use of rough sets method to draw premonitory factors for earth-quakes by emphasizing gas geochemistry [A]. In: Intelligence Decision Support-handbook of Applicationsand Advances of the Rough Sets Theory [C]. Dordrecht: Kluwer Academic Publishers, 1992: 165-179.
[106] 王国胤. Rough 集理论与知识获取[M]. 西安:西安交通大学出版社, 2001.
[107] M. E. Yahia, R. Mahmod and N. Sulaiman, et al. Rough neural expert systems [J]. Expert Systems with Applications. 2002, 18: 87-99.
[108] G. Salvatore, M. Benetto and W. S. Roman. Rough sets theory for multicriteria decision analysis [J]. European Journal of Operational Research, 2001 (129): 1-47.
[109] T. E. McKee and L. Terje. Genetic programming and rough sets: a hybrid approach to bankruptcy classification [J]. European Journal of Operational Research, 2002 (138): 436-451.
[110] S. Padmini, E. R. Miguel and H. K. Donald, et al. Vocabulary mining for information retrieval: rough sets and fuzzy sets [J]. Information Processing and Management, 2002 (37): 15-38.
[111] A. T. Bjorvand. Rough Enough version 4.0 [EB/OL]. http://www.trolldata.no/ renough/, 2000-02-16.
[112] Grobian [EB/OL]. http://www.infj.ulst.ac.uk/~cccz23/grobian/grobian.html. Nov, 1999.
[113] Rosetta [EB/OL]. Knowledge Systems Group, Dept. of Computer and Info. Science, Norwegian University of Science and Technology, Trondheim, Norway and Group of Logic, Inst. of Mathematics, University of Warsaw, Poland. http://rosetta.lcb.uu.se/general/.
[114] K-DYS [EB/OL]. http://www.rs-systems.com/.
[115] Rough Analysis [EB/OL]. Enrique Alvarez. http://www.lsi.upc.es/~ealvarez /rough.html. Aug., 1998.
[116] L. Kaelbling, M. Littman and A. Moore. Reinforcement learning: A survey [J]. Journal of Artificial Intelligence Research, 1996, 4: 237-285.
[117] N. Wiener. 控制论(中译本)[M]. 北京:科学出版社,1962.
[118] J. Holland. Adaptation in natural and artificial systems [M]. Ann Arbor: Univ. of Michigan Press, 1975.
[119] R. Sutton and A. Barto. Reinforcement learning: an introduction [M]. Cambridge, MA: MIT Press, 1998.
[120] A. Barto, R. Sutton and C. Anderson. Neuronlike adaptive elements that can solve difficult learning control problems [J]. IEEE Trans. on Systems, Man, and Cybernetics, 1983, 13 (5): 834-846.
[121] R. Sutton. Learning to predict by the methods of temporal differences [J]. Machine Learning, 1988, 3, 9-44.
[122] P. Dayan. The convergencr of TD(λ) for general λ [M]. Machine Learning, 1992, 8, 341-362.
[123] C. Watkins. Learning from delayed rewards (Ph. D. dissertation) [D]. King’s College, Cambridge, England. 1989.
[124] L. Baird. Residual algorithms: reinforcement learning with function approximation [A]. Proceedings of the Twelfth Int. Conf. on Machine Learning, pp. 30-37. San Francisco: Morgan Kaufmann, 1995.
[125] S. Singh and R. Sutton. Reinforcement learning with replacing eligibility traces [J].Machine Learning, 1996, 22, 123.
[126] A. McCallum. Reinforcement learning with selective perception and hidden state (Ph. D. dissertation) [D]. Department of Computer Science, University of Rochester, NY. 1995.
[127] M. Littman. Algorithms for sequential decision making (Ph. D. dissertation) [D]. Department of Computer Science, Brown University, Providence, RI. 1996.
[128] R. Maclin and J. W. Shavlik. Creating advice-taking reinforcement learners [J]. Machine Learning. 1996, 22, 251-281.
[129] T. G. Dietterich and N. S. Flann. Explanation-based learning and reinforcement learning: a unified view [A]. Proceedings of the 12th Int. Conf. on Machine Learning. pp. 176-184. 1995.
[130] T. M. Mitchell. 机器学习(中译本)[M]. 北京:机械工业出版社,2003.
[131] R. Brooks. Intelligence without reason [A]. M. John, R. Ray. Proceedings of the 12th international joint conference on artificial intelligence [C]. San Mateo: Morgan Kaufmann Publishers, 1991, 569-595.
[132] R. W. Picard. Affective computing (Technical report 321) [R]. Cambridge, MA: MIT Medial Laboratory, 1995.
[133] M. Minsky. The society of mind [M]. New York: Simon & Schuster, 1986.
[134] M. Wooldridge. 多 Agent 系统引论[M]. 北京:电子工业出版社,2003.
[135] J. D. Bagley. The behavior of adaptive systems which employ genetic and correlation algorithms [J]. 1967
[136] Cavicchio, D. J. Adaptive Search Using Simulated Evolution (Ph.D. thesis) [D]. University of Michigan, Ann Arbor, Michigan. 1970.
[137] Holland J.H. Adaptation in natural and artificial system [M]. Ann Arbor, The University of Michigan Press, 1975.
[138] DeJong, K. A. An Analysis of the Behavior of a class of Genetic Adaptive Systems (Ph.D. thesis) [D]. University of Michigan, Ann Arbour. Department of Computer and Communication Sciences. 1975.
[139] Goldberg, D. E. Genetic Algorithms in Search, Optimization, and Machine Learning [M]. Addison-Wesley. 1989.
[140] Brindle, A. Genetic Algorithms for Function Optimization (Ph.D. thesis) [D]. Department of Computer Science, University of Alberta, Edmonton, Canada. 1981.
[141] T. Back. The interaction of mutation rate, selection and self-adaptation within genetic algorithms [A]. In: Manner R and Manderick B eds. Parallel Problems Solving from Nature II. Amstterdam, North Holland: Elsevier, 15-25. 1992.
[142] Starkweather, T., McDaniel, S., Mathias, K., et al. A Comparison of Genetic Sequencing Operators [A]. Proceedings of the Fourth International Conference on Genetic Algorithms, 1991, 69-76.
[143] Davis, L. Handbook of Genetic Algorithms [M]. New York: Van Nostrand Reinhold, 1991.
[144] Smith, D. Bin packing with adaptive search [A]. In Proceedings of an International Conference on Genetic Algorithms, pp. 202-206. Morgan Kauffman. 1985.
[145] Syswerda, G. Uniform crossover in genetic algorithms [A]. In Proceedings of the Third International Conference on Genetic Algorithms, pages 2-8. Morgan Kauffman. 1989.
[146] 王凌. 智能优化算法及其应用[M]. 北京:清华大学出版社,2001.
[147] Deb, K. and Goldberg, D. E. An investigation of niche and species formation in genetic function optimization [A]. In Proceedings of the Third International Conference on Genetic Algorithms, pp. 42-50. Morgan Kauffman, CA. 1989.
[148] 史忠值. 知识发现[M]. 北京:清华大学出版社,2002.
[149] 刑文训,谢金星. 现代优化计算方法[M]. 北京:清华大学出版社,1999.
[150] K. Krishnakumar. Micro-genetic algorithms for stationary and non-stationary function optimization [A]. SPIE Intelligence Control and Adaptive Systems, 1196: 289-296, 1989.
[151] N. N. Schraudolph and R. K. Belew. Dynamic parameter encoding for genetic algorithms [J]. Machine Learning, 1992, 9: 9-21.
[152] I. P. Androulakis and V. Venkatasubramanlan. A genetic algorithm framework for process design and optimization [J]. Computer Chem Engng, 1991, 15 (4): 217-228.
[153] J. C. Poths, T. D. Giddens and S. B. Yadaw. The development and evaluation for an improved genetic algorithm based on migration and artificial selection [J]. IEEE Trans. SMC, 24 (1): 73-86, 1994.
[154] J. J. Grefenstette. Parallel adaptive algorithms for function optimization [R]. Technical Report No. CS-81-19, Nashvilli: Vanderbilt University, Computer Science Department, 1981.
[155] 孟庆春. 基因算法及其应用[M]. 济南:山东大学出版社,1995.
[156] 王珏,石纯一. 机器学习研究[J]. 广西师范大学学报(自然科学版). 2003, 21 (6): 1-15.
[157] S. P. Shieh and V. D. Gligor. On a Pattern-Oriented Model for Intrusion Detection [J]. IEEE Transactions on Knowledge and Data Engineering. 1997, 9 (4): 661-667.
[158] A. Kanaoka, E. Okamoto. Multivariate Statistical Analysis of Network Traffic for Intrusion Detection [A]. 14th International Workshop on Database and Expert Systems Applications. pp. 472 -476. September, 2003. Prague, Czech Republic.
[159] J. Marin, D. Ragsdale snd J. Surdu. A Hybrid Approach to the Profile Creation and Intrusion Detection [A]. Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEXII 2001), June 2001.
[160] J .May, J. Peterson and J. Bauman. Attack Detection in Large Networks [A]. Proceedings of the Second DARPA Information Security Conference and Exposition (DISCEX II), Anaheim, CA, June 2001.
[161] M. Esmaili, B. Balachandran and R. Safavi-Naini. Case-Based Reasoning for Intrusion Detection [A]. 12th Annual Computer Security Applications Conference. pp. 214-222. December 09 - 13, 1996. San Diego California.
[162] Ning Jiang, Kien A. Hua, Simon Sheu. Considering Both Intra-Pattern and Inter-Pattern Anomalies for Intrusion Detection [A]. 2002 IEEE International Conference on Data Mining (ICDM'02). pp. 637-640, December 09-12, 2002.
[163] S. Forrest, S. A. Hofmeyr, A. Somayaji and T. A. Logstaff. A sense of self for Unix process [J]. Proceedings of 1996 IEEE Symposium on Computer Security and Privacy, 120-128, 1996.
[164] Wenke Lee, Sal Stolfo, and Phil Chan. Learning Patterns from Unix Process Execution Traces for Intrusion Detection [A]. AAAI Workshop: Al Approaches to Fraud Detection and RiskManagement, July 1997.
[165] C. Warrender, S. Forrest and B. Pearlmutt. Detecting Intrusion Detection Using System Calls: Alternative Data Model [J]. Proceedings of 1999 IEEE Symposium on Computer Security and Privacy, 133-145, 1999.
[166] A. Wespi, M. Dacier and H. Debar. Intrusion Detection using variable-length audit trail patterns [J]. RAID, 110-129, 2000.
[167] G. Tandon and P. Chan. Learning Useful System Call Attributes for Anomaly Detection [A]. Proc. 18th Intl. FLAIRS Conf., pp. 405-410, 2005.
[168] M. Sabhnani and G. Serpen. KDD Feature Set Complaint Heuristic Rules for R2L Attack Detection [J]. Security and Management 2003: 310-316.
[169] S. Jha, K. Tan, R.A. Maxion. Markov Chains, Classifiers, and Intrusion Detection [A]. 14th IEEE Computer Security Foundations Workshop (CSFW'01). pp. 0206-0219. June 11-13, 2001. Cape Breton, Novia Scotia, Canada.
[170] R. Puttini, Z. Marrakchi and L. Me. Bayesian Classification Model for Real-Time Intrusion Detection [A]. In: 22th International Workshop on Bayesian Inference and Maximum Entropy Methods in Science and Engineering, 2002.
[171] C. Sinclair, L. Pierce and S. Matzner. An Application of Machine Learning to Network Intrusion Detection [A]. 15th Annual Computer Security Applications Conference. pp. 371-377. December 06-10, 1999. Phoenix, Arizona.
[172] C. Krügel and T. Toth. Using Decision Trees to Improve Signature-Based Intrusion Detection [A]. RAID 2003: 173-191.
[173] 谭小彬,王卫平,奚宏生,殷保群. 计算机系统入侵检测的隐马尔科夫模型. 计算机研究与发展[J]. 2003, 40(2): 245-250
[174] Fox K, Henning R, Reed J, et al. A neural network approach towards intrusion detection [A]. In: Proceedings of the 13th National Computer Security Conference, 1990, 125-134.
[175] A. K. Ghosh and A. Schwartzbard. A study in using neural networks for anomaly and misuse detection [J]. Proceedings of the 8th USENIX Security Symposium, 1999.
[176] Lichodzijewski P., Zincir-Heywood A. N. Heywood M.I. Dynamic Intrusion Detection Using Self Organizing Maps [A]. 14th Annual Canadian Information Technology Security Symposium, May 2002.
[177] Lichodzijewski P., Zincir-Heywood A.N., Heywood M.I. Host-Based Intrusion Detection Using Self-Organizing Maps [A]. IEEE International Joint Conference on Neural Networks. May 2002.
[178] C. Jirapummin, N. Wattanapongsakorn and P. Kanthamanon. Hybrid Neural Networks for Intrusion Detection System [A]. The 2002 International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC 2002), pages 928-931, Phuket, Thailand, 16-19 July 2002.
[179] S. C. Lee and D. V. Heinbuch. Training a neural-network based intrusion detector to recognize novel attacks [J]. IEEE Transactions on Systems, Man, and Cybernetics, Part A 31(4): 294-299 (2001).
[180] J. M. Bonifacio et al. Neural Networks applied in intrusion detection systems [A]. Proc. ofthe IEEE World congress on. Comp. Intell. (WCCI ’98), 1998.
[181] Cannady, J., 1998. Artificial neural networks for misuse detection [A]. In: Proc. 1998 National Information Systems Security Conf. (NISSC'98) October 5-8, 1998.
[182] S. Mukkamala, G. Janoski, A H. Sung. Intrusion Detection Using Neural Networks and Support Vector Machines [A]. Proceedings of IEEE International Joint Conference on Neural Networks, IEEE Computer Society Press, pp.1702-1707, 2002.
[183] A. H. Sung and S. Mukkamala. Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks [A]. 2003 Symposium on Applications and the Internet. pp. 209-216. January 27-31, 2003. Orlando, Florida.
[184] D. S. Kim and J. S. Park. Network-based intrusion detection with support vector machines [A]. H.-K. Kahng (Ed.): ICOIN 2003, LNCS 2662, pp. 747-756, 2003.
[185] M. Luo, L. N. Wang, H. G. Zhang, etc. A research on intrusion detection based on unsupervised clustering and support vector machine [A]. S. Qing, D. Gollmann and J. Zhou (Eds.): ICOIN 2003, LNCS 2836, pp. 325-336, 2003.
[186] T. Sohn, J. T. Seo and J. S. Moon. A study on the covert channel detection of TCP/IP header using support vector machines [A]. S. Qing, D. Gollmann and J. Zhou (Eds.): ICOIN 2003, LNCS 2836, pp. 313-324, 2003.
[187] W. J. Hu, Y. H. Liao and V. R. Vemuri. Robust anomaly detection using support vector machines. IEEE Trans. on Pattern Analysis and Machine Intelligence. In press
[188] 饶鲜,董春曦,杨绍全. 基于支持向量机的入侵检测系统[J]. 软件学报,2003, 14(4): 798-803.
[189] 李辉,管晓宏,昝鑫,韩崇昭. 基于支持向量机的网络入侵检测[J]. 计算机研究与发展. 2003, 40 (6): 799-807.
[190] J. Mill and A. Inoue. Support vector classifiers and network intrusion detection [A]. IEEE International Conf. on Fuzzy Systems. Budapest, Hungary. Jul., 2004.
[191] Wenke Lee, Salvatore J. Stolfo. A framework for constructing features and models for intrusion detection systems [J]. ACM Trans. Inf. Syst. Secur. 2000, 03(4): 227-261.
[192] Wenke Lee, Salvatore J. Stolfo and Kui W. Mok. A Data Mining Framework for Building Intrusion Detection Models [A]. 1999 IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 1999.
[193] Lee Wenke, Fan. Wei and M. Matthew, et a. Toward cost-sensitive modeling for intrusion detection and response [J]. Journal of Computer Security, 2002, Vol. 10 Issue 1/2, pp.5-18.
[194] Matthew. Schultz, E. Eskin, et al. Data Mining Methods for Detection of New Malicious Executables [A]. Proceedings of the 2001 IEEE Symposium on Security and Privacy SP '01. May 2001, pp. 1-12.
[195] ZHANG Lian-hua, ZHANG Guan-hua, YU Lang, et al. Intrusion detection using rough set classification [J]. J. Zhejiang Univ SCI 2004 5(9):1076-1086.
[196] 励晓健,黄勇,黄厚宽. 基于 Poission 过程和 Rough 包含的计算免疫模型. 计算机学报[J]. 2003, 26 (1): 71-76.
[197] 蔡忠闽,管晓宏,邵萍等. 基于粗糙集理论的入侵检测新方法. 计算机学报[J]. 2003, 26(3): 361-366.
[198] A. Chittur. Model Generation for an Intrusion Detection System Using Genetic Algorithms [EB/OL]. http://www1.cs.columbia.edu/ids/publications/gaids-thesis01.pdf, Nov, 2001.
[199] Mé, L. Gassata, a genetic algorithm as an alternative tool for security audit analysis [A]. Proc. of the 1st International Workshop on the Recent Advances in Intrusion Detection (RAID'98), 1998.
[200] L. Wei. The integration of security sensors into the Intelligent Intrusion Detection System (IIDS) in a cluster environment [R]. Master’s Project Report. Department of Computer Science, Mississippi State University. 2002.
[201] F. Neri and C. Borsalino. Comparing Local Search with Respect to Genetic Evolution to Detect Intrusions in Computer Networks[C]. Evolutinary Computation: Proceedings of the 2000 Congress on, 2000 (1): 238-243.
[202] 张凤斌,杨永田,江子扬. 遗传算法在基于网络异常的入侵检测中的应用[J]. 电子学报. 2004, 32(5): 875-877.
[203] 凌军,曹阳等. 基于小生境技术的多样性抗体生成算法[J]. 电子报, 2003, 31 (8): 1130-1133.
[204] A. Fabio, González, D. Dasgupta. An Imunogenetic Technique To Detect Anomalies In Network Traffic [A]. GECCO 2002: 1081-1088.
[205] A. Fabio, González, J. Galeano, et al. Discriminating and visualizing anomalies using negative selection and self-organizing maps [A]. GECCO 2005: 297-304.
[206] D. Dasgupta, Y. Senhua and N. Majumdar. MILA-multilevel immune learning algorithm and its application to anomaly detection [J]. Soft Comput. 2005, 9(3): 172-184.
[207] S Hofmeyr and S Forrest. Immunity by Design: An Artificial Immune System [A]. Proc of GECCO'99[C]. 1999. 1289-1296.
[208] D. Dasgupta. An Immune Agent Architecture for Intrusion Detection [A]. Proceedings of the GECCO 2000 Workshop Prog. pp. 42-44, 2000.
[209] J. Kim and P. J. Bentley. Immune Memory in the Dynamic Clonal Selection Algorithm [A]. Proceedings of the First International Conference on Artificial Immune Systems (ICARIS). pp.57-65, September 9-11, 2002.
[210] J. Kim,A. Ong and R. Overill, R. Design of an Artificial Immune System as a Novel Anomaly Detector for Combating Financial Fraud in Retail Sector [A]. To appear in the Congress on Evolutionary Computation (CEC-2003), Canberra, Dec 8-12, 2003.
[211] J. Galeano, A. Veloza-Suan and F. González. A comparative analysis of artificial immune network models [A]. GECCO 2005: 361-368.
[212] G. Helmer, J. Wong and V. Honavar. Automated Discovery of Concise Predictive Rules for Intrusion Detection [J]. Journal of Systems and Software. 2002, 60 (3): 165-175.
[213] J. E. Dickerson, J. Juslin, O. Koukousoula, et al. Fuzzy intrusion detection [A]. IFSA World Congress and 20th North American Fuzzy Information Proc. Society (NAFIPS) International Conference, Vancouver, British Columbia, Volume 3, 1506-1510, July, 2001.
[214] D. Caragea., Silvescu and V.Honavar. Agents that Learn from Distributed Dynamic Data Sources [A]. Proceedings of the Workshop on Learning Agents, Agents- 00/ECML-00. Barcelona, Spain. June 2000.
[215] J. Cannady. Applying CMAC-Based On-Line Learning to Intrusion Detection [A]. IJCNN 2000 (5): 405-410.
[216] W. Jansen, P. Mell, T. Karygiannis, et al. Applying Mobile Agents to Intrusion Detection and Response [R]. NISTIR 6416, September 1999.
[217] 戴英侠,连一峰,王航编著. 系统安全与入侵检测[M]. 北京:清华大学出版社. 2002.
[218] 南湘浩,陈钟编著. 网络安全技术概论[M]. 北京:国防工业出版社. 2003.
[219] W. R. Stevens. TCP/IP 详解卷 1:协议[M]. 范建华等译. 北京:机械工业出版社,2000.
[220] W. R. Stevens,G. R. Wright. TCP/IP 详解卷 2:实现[M]. 陆雪莹等译. 北京:机械工业出版社,2000.
[221] A. S. Tanenbaum. 计算机网络[M]. 北京:清华大学出版社,1998.
[222] Fyodor. The Art of Scanning [EB/OL]. Phrack 51, http://www.phrack.com.
[223] J. Scambray, S. McClure 著. 黑客大曝光(第 2 版)[M]. 钟向群, 杨继张译. 北京:清华大学出版社, 2002.
[224] E. Skoudis 著. 反击黑客[M]. 宁科等译. 北京:机械工业出版社,2002.
[225] 刘进. 基于攻击图模型的网络系统脆弱性评估研究[D]. 硕士学位论文. 长沙:国防科技大学,2004,11.
[226] B. Schneier. Attack Trees: Modeling Security Threats [J]. Dr. Dobb’s Journal, December 1999.
[227] T.Tidwell, R.Larson, K.Fitch et al. Modeling Internet Attacks [A]. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, pp.54-59, 2001.
[228] F. Moderg. Security analysis of an information system using an attack tree-based methodology [D]. Master’s Thesis. Chalmers University of Technology. 2000.
[229] 庄朝辉. 基于攻击树的大规模入侵检测及其在Linux上的原型[D]. 硕士学位论文. 厦门:厦门大学硕士论文,2002.
[230] J. Steffan and M. Schumacher. Collaborative Attack Modeling [A]. In Proc. of the 2002 ACM Symposium on Applied Computing (SAC'02, Madrid, Spain). 2002.
[231] J. P. McDermott. Attack Net Penetration Testing [A]. In The 2000 New Security Paradigms Workshop, ACM SIGSAC, ACM Press, pp.15-22.
[232] 魏强. 网络攻击行动建模与攻击方案推理算法研究[D]. 硕士学位论文. 长沙:国防科学技术大学,2004,11.
[233] S. Eckmann, G. Vigna and R. Kemmerer. STATL Definition [R]. Technical Report TRCS00-19. Department of Computer Science, UC Santa Barbara, September 2000.
[234] 闫怀志,胡昌振,谭惠民. 基于模糊矩阵博弈的网络安全威胁评估[J]. 计算机工程与应用,2002. 13.
[235] Ronald W. Ritchey and P. Ammann. Using Model Checking to Analyze Network Vulnerability [A]. In Proceeding of IEEE Symposium on Security and Privacy. 2000.
[236] O. Sheyner, et al. Automated Generation and Analysis of Attack Graphs [A]. In Proceeding of the 2002 IEEE Symposium on Security and Privacy. 2002.
[237] O. M. Sheyner. Scenario Graphs and Attack Graphs [R]. CMU-CS-04-122, 2004.
[238] 尹飞. 形式验证方法[J]. 电子计算机, 2002, 154: 24-28.
[239] 董威, 王戟, 齐治昌. UML Statecharts 的模型检验方法[J]. 软件学报,2003,14(4): 750-756.
[240] Clarke E. M., Grumberg J. O., Peled D. A.. Model Checking [M]. MA: MIT. 1999.
[241] Trusted Computer System Evaluation Criteria[S]. US National Computer Security Center. NCSC 5200.28-STD, 1985.
[242] 张义荣,赵志超,鲜明,王国玉. 网络安全评估中的实时信息采集技术研究[J]. 计算机应用研究,2004,21(增刊):222-224.
[243] R. P. Lippmann, D. J. Fried, I. Graf, et al. Evaluating Intrusion Detection Systems: the 1998 DARPA Off-Line Intrusion Detection Evaluation [A]. In: Proc. of the 2000 DARPA Information Survivability Conference and Exposition, 2000, Vol. 2.
[244] Kris Kendall. A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems [D]. Master's Thesis, Massachusetts Institute of Technology, 1998.
[245] DARPA 1998 data set. http://www.ll.mit.edu/IST/ideval/data/1998/1998_data_ index.html. Cited 2005.
[246] 1999 KDD Cup competition data set [EB/OL]. http://kdd.ics.uci.edu/ databases/ kddcup99/kddcup99.html. Cited 2005.
[247] UNM Sequence-based Intrusion Detection data set [EB/OL]. http://www.cs. unm.edu/~immsec/data/. Cited 2005.
[248] V. Vapnik and A. Chervonenkis. The necessary and sufficient conditions for consistency in the empirical risk minimization method [J]. Pattern Recognition and Image Analysis, 1(3):283-305, 1991.
[249] V. Vapnik 著. 统计学习理论[M]. 许健华, 张学工译. 北京:电子工业出版社,2004.
[250] V. Vapnik and A. Chervonenkis. On the uniform convergence of relative frequencies of events to their probabilities [J]. Theory of Probability and its Applications, 16(2):264-280, 1971.
[251] 范昕炜. 支持向量机算法的研究与应用[D]. 博士学位论文. 杭州:浙江大学,2003.
[252] 粟塔山等编著. 最优化计算原理与算法程序设计[M]. 长沙:国防科技大学出版社,2001.
[253] B. E. Boser, I. Guyon, and V. N. Vapnik, A Training Algorithm for Optimal Margin Classifiers, in Proc. of the 5-th Workshop of computational learning theory, Morgan Kaufman, S. Mateo, CA, 1992, pp. 144-153.
[254] N. Cristianini, J. Taylor 著. 支持向量机导论[M]. 李国正等译. 北京:电子工业出版社,2004.
[255] C.-C. Chang and C.-J. Lin. Training nu-Support Vector Classifiers: Theory and Algorithms [J]. Neural Computation 13(9), 2001, 2119-2147.
[256] David J. Crisp and Christopher J. C. Burges. A Geometric Interpretation of v-SVM Classifiers [A]. NIPS 1999: 244-250.
[257] Chih-Chung Chang and Chih-Jen Lin, LIBSVM : a library for support vector machines [EB/OL], 2001. Software available at http://www.csie.ntu.edu.tw/~cjlin/ libsvm.
[258] T. Joachims. SVMlight-Support Vector Machine [EB/OL]. http://svmlight. joachims.org/, 2004-07-20.
[259] M. Sabhnani and G. Serpen. Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set [J]. Journal of Intelligent Data Analysis, 2004.
[260] D. R. Wilson and T. R. Martinez. Improved heterogeneous distance functions [J]. Journal of Artificial Intelligence Research, 1997, 6 (1): 1-34.
[261] P.-H. Chen, C.-J. Lin, and B. Sch?lkopf. A tutorial on nu-support vector machines [J]. Applied Stochastic Models in Business and Industry, 21(2005), 111-136.
[262] Skowron, A. Rough sets in KDD [A]. in: Z. Shi, B. Faltings, and M. Musem (Eds.), 16-th World Computer Congress (IFIP'2000): Proceedings of Conference on Intelligent Information Processing (IIP'2000), Publishing House of Electronic Industry, Beijing, 2000, 1-17.
[263] R. W. Swiniarski and A. Skowron. Rough set methods in feature selection and recognition [J]. Pattern Recognition Letters 24(6): 833-849 (2003).
[264] A. Skowron, R. W. Swiniarski and P. Synak. Approximation Spaces and Information Granulation [J]. T. Rough Sets 2005: 175-189
[265] J. G. Bazan, J. F. Peters and A. Skowron, et al. Rough Set Approach to Pattern Extraction from Classifiers [J]. Electr. Notes Theor. Comput. Sci. 82(4): (2003).
[266] Z. Pawlak. Rough Sets and Decision Algorithms [J]. Rough Sets and Current Trends in Computing 2000: 30-45.
[267] Z. Pawlak: Reasoning about Data - A Rough Set Perspective [J]. Rough Sets and Current Trends in Computing 1998: 25-34.
[268] Z. Pawlak. Drawing conclusions from data - The rough set way [J]. Int. J. Intell. Syst. 16(1): 3-11 (2001).
[269] Dempster, A.P. A generalization of Bayesian inference [J]. Journal of the Royal Statistical Society,Series B 30 205-247, 1968.
[270] Shafer, G., A Mathematical Theory of Evidence [M], Princeton University Press, Princeton, N.J., 1976.
[271] E. Shortliffe and B. Buchanan. A Model of Inexact Reasoning in Medicine [A], in: RuleBased Expert Systems, BG Buchanan and EH Shortliffe (Eds.), 233-262, Addison-Wesley, Reading, MA (1984).
[272] Lotfi A. Zadeh. Fuzzy Sets [J]. Information and Control 8(3): 338-353, 1965.
[273] 刘清著. Rough 集和 Rough 推理[M]. 北京:科学出版社,2001.
[274] Y. H. Liao and V. R. Vemuri. Use of K-Nearest Neighbor classifier for intrusion detection [J]. Computers & Security 21(5): 439-448 (2002).
[275] M. Mahoney and P. Chan. Learning Rules for Anomaly Detection of Hostile Network Traffic [A]. Proc. Third IEEE Intl. Conf. on Data Mining (ICDM), pp. 601-4, 2003.
[276] G. Rudolph. Convergence analysis of canonical genetic algorithms [J]. IEEE Transactions on Neural Networks, 1994 (5): 96-101.
[277] L. D. Whitley. Using Reproductive Evaluation to Improve Genetic Search and HeuristicDiscovery [A]. ICGA 1987: 108-115.
[278] D. Keb and D. E. Goldberg. An investigation of niche and species formation in genetic function optimization [A]. In:Schaffer JDed. Proceedings of the Third International Conference on Genetic Algorithms. San Mateo, California, Morgan Kaufmann, 1989:42~50.
[279] R. Koza. Genetic Programming: on the Programming of Computers by Means of Natural Selection [M]. The MIT Press, 1992, 189-200.
[280] 张义荣,鲜明,赵志超等. 计算机网络攻击效果评估技术研究. 国防科技大学学报,2002,24(5):24-28.
[281] 张义荣,鲜明,王国玉. 一种基于网络熵的计算机网络攻击效果度量评估方法. 通信学报,2004,25(11):158-165.
[282] 胡影,鲜明,肖顺平. DoS 攻击效果评估系统的设计[J]. 计算机工程与科学, 2005 (2).
[283] J. P. Nicholas, K. Zhang and M. Chung. A methodology for testing intrusion detection systems [J] .IEEE Transactions on Software Engineering, 1996, 22 (10): 719-729.
[284] S. J. Stolfo, W. Fan and Wenke Lee. Cost-based Modeling for Fraud and Intrusion Detection: Results from the JAM Project [A]. Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000.
[285] J. E. Gaffney and J. W. Ulvila. Evaluation of Intrusion Detectors: A Decision Theory [A]. Proceedings of the IEEE Symposium on Security and Privacy (S&P’01). Oakland, California. pp. 50-61. May 14-16, 2001.
[286] M. John. Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory [J]. ACM Transactions on Information and System Security, 2000, 3 (4): 262-294.
[287] Haines, W. Joshua, Rossey, et al. Extending the DARPA off-line intrusion detection evaluation [A]. In the Proc. of DISCEX 2001, Jun. 11-12, Anaheim, CA.
[288] N. Athanasiades, R. Abler, J. Levine, et al. Intrusion Detection Testing and Benchmarking Methodologies [A]. First IEEE International Workshop on Information Assurance (IWIA'03), March 24 - 24, 2003. Darmstadt, Germany.
[289] 侯定丕,王战军. 非线性评估的理论探索与应用[M]. 合肥:中国科学技术大学出版社,2001.
[290] 赵志超. 网络攻击及效果评估技术研究[D]. 硕士学位论文. 长沙:国防科技大学,2002,11.
[291] 胡影. 网络攻击效果评估建模与技术实现研究[D]. 硕士学位论文. 长沙:国防科技大学,2003,11.
[292] 黄敏. 无线网络攻击技术及攻击效果评估研究[D]. 硕士学位论文. 长沙:国防科技大学,2003,11.
[293] 陆汝钎主编. 知识科学与计算科学[M]. 北京:清华大学出版社,2003.
[294] M. Karpinski and A. Macintyre. Polynomial bounds for VC dimension of Sigmoid and general Pfaffian Neural Networks [J]. Journal of Computer and System Sciences, 1997, 54: 169-176.
[295] P. L. Barlett, V. Maiorov, R. Meir. Almost linear VC-Dimension bounds for piecewise polynomial networks [J]. Neural Computation, 1998, 10 (8): 2159-2173.
[296] 梁之舜,邓集贤等编著. 概率论及数理统计[M]. 北京:高等教育出版社,1988.
[297] 马恒太. 基于 Agent 分布式入侵检测系统模型的建模及实践[D]. 博士学位论文. 北京:中国科学院研究生院,2001,2.
[298] D. N. Chorafas. Agent Technology Hansbook [M]. 北京:世界图书出版公司北京公司,1999.
[299] Nils J. Nilson 著,郑扣根,庄越挺译. 人工智能[M]. 北京:机械工业出版社. 2002.
[300] Stephen, Mark Cooper, Matt Fearnow 等著,林琪等译. 入侵特征与分析[M]. 北京:中国电力出版社. 2002
[301] 孙即祥等编著. 现代模式识别[M]. 北京:国防科技大学出版社. 2002.
[302] 徐宗本编著. 计算智能—模拟进化计算[M]. 北京:高等教育出版社. 2004.
[303] 凌云,王勋,费玉莲著. 智能技术与信息处理[M]. 北京:科学出版社. 2003.
[304] 吴泉源,刘江宁编著. 人工智能与专家系统[M]. 长沙:国防科技大学出版社. 2000.
[305] 杨善林,倪志伟著. 机器学习与智能决策支持系统[M]. 北京:科学出版社. 2004.
[306] 吉天龙,蔡国永著. 网络协议的形式化分析与设计[M]. 北京:电子工业出版社. 2003.
[307] R. O. Duda, P. E. Hart, D. G. Stork 著. 李宏东,姚天翔译. 模式分类[M]. 北京:机械工业出版社,中信出版社. 2003.
[308] 蒋宗礼,姜守旭编著. 形式语言与自动机理论[M]. 北京:清华大学出版社. 2003.
[309] 李敏强,寇纪淞,林丹等著. 遗传算法的基本理论与应用[M]. 北京:科学出版社. 2002.
[310] 吴作顺. 基于免疫学的入侵检测系统研究[D]. 博士学位论文. 长沙:国防科技大学,2003,4.
[311] 王晓蒲. 基于核函数的机器学习方法研究[D]. 博士学位论文. 合肥:中国科技大学,2002,11.
[312] 代建华. 粗糙集理论及其在知识发现中的应用研究[D]. 博士学位论文. 武汉:武汉大学,2003,3.
[313] 李小勇. 网络入侵检测关键技术研究[D]. 博士学位论文. 上海:上海交通大学,2003,10.
[314] 田新广. 基于主机的入侵检测技术研究[D]. 博士学位论文. 长沙:国防科技大学,2005,6.
[315] Wenke Lee. A data mining framework for constructing features and models for intrusion detection systems (Ph. D. dissertation) [D]. Columbia University, NY, USA. 1999.
[316] A. Grossmann, J. Morlet. Decomposition of Hardy functions into square integrable wavelets of constant shape [J]. SIAM J. Math. Anal, 1984, (15): 723-736.
[317] S. Mallat. A theory for multiresolution signal decomposition: The wavelet representation [J]. IEEE Trans. on PAMI, 1989, 11 (7): 674-693.
[318] W. Sweldens. The lifting scheme: A custom-design construction of second generation wavelets [J]. SIAM J. Math. Anal, 1998, 29 (2): 511-546.
[319] Joint Photographic Expert Group. JPEG-2000 Part I: Final Committee Version 1.0 [S]. ISO/IEC/FCD/15444-1. March, 2000.
[320] T. Sikora. Development of Video Tools and Algorithms for MPEG-4 [EB/OL]. http://www.MPEG.org.
[2] D.E Denning. An Intrusion Detection Model [J]. IEEE Transaction on Software Engineering, Vol. SE-13, No. 2, 1987, pp. 222-232.
[3] M. Roesch. Snort-Lightweight Intrusion Detection for Networks [EB/OL]. http://www.snort. org/docs/lisapaper.txt.
[4] V. Paxson. Bro: A system for detecting network intruders in real-time [A]. Proc. of the Seventh USENIX Security Symp, San Antonio, TX, Jan. 1998.
[5] V. Jacobson, C. Leres and S. McCanne. Libpcap [EB/OL]. Lawrence Berkeley National Laboratory, http://www-nrg.ee.lbl.gov/, 1994.
[6] C. Dowel and P. Ramstedt. The computer watch data reduction tool [A]. In Proc. of the 13th National Computer Conference, pp. 99-108, Washington DC, USA, Oct. 1990.
[7] M. M. Sebring, E. Shellhouse, M. E. Hanna, et al. Expert systems in intrusion detections: a case study [A]. In Proceedings of the 11th National Computer Security Conference, pp. 74-81, Baltimore, Marland, Oct. 17-20, 1998. National Institute of Standards and Technology/National Computer Security Center.
[8] T. F. Lunt, A. Tamaru, F. Gilham, et al. A real-time intrusion -detection expert system (IDES) [R]. Technical Report Project 6784, CSL, SRI International, Computer Science Laboratory, SRI Intl. 333 Ravenswood Ave., Menlo Park, CA 94925-3493, USA, Feb. 1992.
[9] D. Anderson, T. Frivold and A. Valdes. Next-generation intrusion detection expert system (NIDES): a summary [R]. Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International, May 1995.
[10] U. Lindqvist and P.A. Porras. Detecting computer and network misuse through the Production-Based Expert System Toolset (P-BEST) [A]. In Proceedings of the 1999 Symposium on Security and Privacy, Oakland, California, May 1999.
[11] S. R. Snapp, S. E. Smaha, D. M. Teal, et al. The DIDS (distributed intrusion detection system) prototype [A]. In Proceedings of the Summer USENIX Conference, pp. 227-233, San Antonio, Texas, June 8-12, 1992. USENIX Association.
[12] K. Ilgun. USTAT: a real-time intrusion detection system for UNIX [A]. In Proc. of the 1993 IEEE Symposium on Security and Privacy, pp. 16-28, Oakland, California, May 24-26, 1993.
[13] S. Kumar. Classification and detection of computer intrusion [D]. PhD thesis, Purdue University, West Lafayette, Indiana, Aug. 1995.
[14] S. Kumar and E. H. Spafford. An application of pattern matching in intrusion detection [R]. Technical Report CSD-TR-94-013, The COAST Project, Dept. of Computer Sciences, Purde University, West Lafayette, IN, USA, Jun. 17, 1994.
[15] J. Habra, B. L. Charlier, A. Mounji, et al. ASAX: Software architecture and rule-based language for universal audit trail analysis [A]. In Yves Deswarte., editors, Computer Security-Proceedings of ESORICS 92, vol. 648 of LNCS, pp. 435-450, Toulouse, France, Nov. 23-25, 1992. Springer-Verlag.
[16] J. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff, et al. An architecture for intrusion detection using autonomous agents [R]. Technical Report Coast TR 98-05, The COAST Project, Dept. of Comp. Sciences, Purde Univ., West Lafayette, IN, 47907-1398, USA, 1998.
[17] Tripwire Inc. Safeguarding Data, Network and Your Business’ Integrity [EB/OL]. http://www.tripwire.com/, 2000.
[18] J. Hochberg, K. Jackson, C. Stallings, et al. NADIR: an automated system for detecting network intrusion and misuse [J]. Computer Security, 12 (3): 235-248, 1993.
[19] S. E. Smaha. Haystack: an intrusion detection system [A]. In Proceedings of the IEEE 4th Aerospace Computer Security Applications Conference, Orlando, FL, USA, Dec 1998. IEEE Computer Society Press, Los Alamitos, CA, USA.
[20] L. Lankewicz and M. Benard. A Nonparametric Pattern Recognition Approach to Intrusion Detection [R]. Technical Report, Tulane University Department of Computer Science, Number TUTR 90-106, October 1990.
[21] H. S. Vaccaro and G. E. Liepins. Detection of anomalous computer session activity [A]. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 280-289, Oakland, California, May 1-3, 1989.
[22] Teng, H. S., Chen, K., Lu, S. C. Security audit trail analysis using inductively generated predictive rules [A]. In Proceedings of the 6th Conference on Artificial Intelligence Applications, pages 24-29, May 1990.
[23] T. Heberlein, G. Dias, K. Levitt, et al. A network security monitor [A]. In Proc. of the 1990 IEEE Symposium on Research in Security and Privacy, pp. 296-304. IEEE Compt. Soc. Press, Los Alamitos, CA, USA, 1990.
[24] C. Wee, R. Yip, D. Zerkle. GrIDS - A Graph Based Intrusion Detection System for Large Networks [A]. Proc. of the 19th National Information Systems Security Conference, Baltimore, MD, Oct. 1996, 361 – 370.
[25] J. Balasubramaniyan, J. Garcia-Fernandez, E. H. Spafford, et al. An Architecture for Intrusion Detection using Autonomous Agents [R]. Department of Computer Sciences, Purdue University; Coast TR 98-05, 1998.
[26] P. A. Porras and P. G. Neumann. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances [A]. In Proceedings of the Nineteenth National Computer Security Conference, pp. 353-365. Baltimore, Maryland, 22-25 October 1997.
[27] J. Pickel and R. Danyliw. Enabling Automated Detection of Security Events that affect Multiple Administrative Domains [R]. Carnegie Mellon University Information Networking Institute. 2000.
[28] C. Krugel, T. Toth, and C. Kerer. Decentralized event correlation for intrusion detection [R]. In Proceedings of Information Security and Cryptology - ICISC 2001, Seoul, Korea, pp. 114–131, Dec. 6–7, 2001.
[29] Staniford-Chen, S., Tung, B., and Schnackenberg, D. The Common Intrusion Detection Framework (CIDF) [R]. Position paper accepted to the Information Survivability Workshop, Orlando FL, October 1998.
[30] T. Ptacek and T. Newsham. Insertion, Evasion, and Denial of Service: Eluding NetworkIntrusion Detection [EB/OL]. Secure Networks Inc., 1998. http://www.nai.com/services/support /whitepapers/security/IDSpaper.pdf.
[31] C. Sinclair, L. Pierce and S. Matzner. An application of machine learning to network intrusion detection [A]. In: Proceedings of the 15th Annual Computer Security Applications Conference, 1999, 371-377.
[32] T. Lane and C. Brodley. An application of machine learning to anomaly detection [A]. In: Proceedings of the 20th National Information Systems Security Conference, 1997, 366-377.
[33] F. Rosenblatt. The perceptron: a perceiving and recognizing automaton [R]. Technical report 85-460-1. Ithaca NY: Cornell Aeronautical Laboratory, 1957.
[34] B. Widrow and M. Hoff. Adaptive switching circuits [A]. IRE WESCON convention record (Part 4) [C]. New York: Institute of Radio Engineers, 1960, 96-104.
[35] L. Samuel. Some studies in machine learning using the game of checkers II [J]. IBM Journal Research and Development, 1967, 11 (4): 601-618.
[36] S. Michalski and L. Chilausky. Learning by being told and learning from examples: An experimental comparison of two methods of knowledge acquisition in context of developing on expert system for soybean disease diagnosis [J]. Inter-national Journal of Policy Analysis and Information Systems, 1980, 4 (2): 125-160.
[37] J. Quinlan. Induction to decision trees [J]. Machine Learning, 1986, 1(1): 81-106.
[38] JJ. Hopfield. Neural networks and physical systems with emergent collective computational abilities [A]. Proc. Natl. A-cad. Sci., USA, 1982, (79): 2254-2258.
[39] T. Kohonen. Self-organized formation of topologically correct feature maps [J]. Biio, Cybern., 1982, 43, 56-69.
[40] Grossberg. Competitive learning: from interactive activation to adaptive resonance [J]. Cognitives Science, 1987, 23 (11): 23-63.
[41] D. E. Remulhart and J. McClelland. Parallel distributed processing: exploration in the microstructure of cognition [M]. Vol 1 & 2. MIT Press, Cambridge, MA, 1986.
[42] M. Minsky and S. Papert. Perceptron: an introduction to computational geometry [M]. MA, MIT Press, 1969.
[43] L. Valiant. A theory of learn ability [J]. Communications of the ACM, 1984, 27: 1134-1142.
[44] J. Carbonell. Introduction: paradigms for machine learning [J]. Artificial Intelligence, 1989, 40 (1): 1-9.
[45] T. Dietterich. Machine learning research: four current directions (Final draft) [J]. Artificial Intelligence Magazine, 1997, 18 (4): 97-136.
[46] V. N. Vapnik. The nature of statistical learning theory [M]. New York: Springer, 1995.
[47] R. Duda and P. Hart. Pattern classification and scene analysis [M]. Hoboken, NJ: John Wiley & Sons, 1973.
[48] V. N. Vapnik. Estimation of dependence based on empirical data [M]. New York: Springer, 1982.
[49] V. N. Vapnik and A. Y. Chervoknenkis. On the uniform convergence of relative frequencies of events to their probabilities [J]. Theory of Probab. and its application, 1971, 16 (2).: 263-280.
[50] V. N. Vapnik, S. Golowich and A. Smola. Support vector method for function approximation,regression and signal processing [A]. In: Advances in Neural Information Processing Systems 9, Cambridge, MA, MIT Press, 1997: 281-287.
[51] E. Edgar, R. Freund and F. Girosi. Support vector machines: training and applications [M]. AI Memo 1602, MIT AI LAB, 1997.
[52] T. T. Friess, N. Cristianimi and C. Campbell. The kernel adatron algorithm: a fast and simple learning procedure for support vector machines [A]. In Proceedings of 15th Intl. Conf. Machine Learning. Morgan Kaufman Publishers, 1998.
[53] O. L. Mangasarian and D. R. Musicant. Successive overrelaxation for support vector machines [J]. IEEE Trans. Neural Networks, 1999, 10 (5): 1032-1037.
[54] B. Sch?lkopf, Smola A., Williamson R. C., et al. New support vector algorithms [J]. Neural Computation. 2000, 12(5): 1207-1245.
[55] B. Sch?lkopf, John C. Plattz. Estimating the support of a high-dimensional distributes [J]. Neural Computation, 2001, 13(7): 1443-1472.
[56] Tax D. and Duin R. Data domain description by support vectors [A]. In Proc. of ESANN99, M Verleysen (ed.), D. Facto Press, Brussels, Baldonado, M., Chang, 1999: 251-256.
[57] Y. Lee and O. L. Mangasarian. RSVM: Reduced Support Vector Machines [A]. In: Proc. of the First SIAM International Conference on Data Mining, Chicago, April 5-7, 2001.
[58] K. M. Lin and C. J. Lin. A study on reduced support vector machines. To appear in IEEE Trans. on Neural Network, 2003.
[59] J. Suykens and J. Vandewalle. Least square support vector machine classifiers [J]. Neural Processing Letters, 1999, 9 (3): 293-300.
[60] H. G. Chew, D. J. Crisp, R. E. Bogner, and C. C. Lim. Target Detection in Radar Imagery using Support Vector Machines with Training Size Biasing [A]. In Proc. of the Sixth International Conference on Control, Automation, Robotics and Vision (ICARCV 2000), CD-ROM, Singapore, 2000.
[61] H. G. Chew, R. E. Bogner, and C. C. Lim. Dual nu-Support Vector Machine with Error Rate and Training Size Biasing [A]. In Proceedings of the 26th International Conference on Acoustics, Speech and Signal Processing (ICASSP 2001), pp. 1269-1272, Salt Lake City, Utah, USA, 2001.
[62] W. J. Hu, Y. H. Liao and V. R. Vemuri. Robust anomaly detection using support vector machines [J]. IEEE Transactrions on Pattern Analysis and Machine Intelligence. In press.
[63] C. Domeniconi and D. Gunopulos. Incremental support vector machine construction [A]. Proceedings of IEEE Int. Conf. on Data Mining. San Jose, USA: IEEE, 2001, 589-592.
[64] F. Glenn and O. L. Mangasarian. Incremental support vector machine classification [R]. Data Mining Institute Technical Report 01-08, Sept. 2001.
[65] E. Osuna, R. Freund and F. Girosi. Training support vector machines: an application to face detection [A]. In: Proceedings of CVPR’97, New York, NY, IEEE, 1997: 130-136.
[66] T. Joachims. Transductive Inference for Text Classification using Support Vector Machines [A]. In: Proc. of the 16th International Conference on Machine Learning (ICML). Morgan Kaufmanm, 1999: 148-156, 1999.
[67] P. Laskov. Feasible direction decomposition algorithms for training support vector machines [J]. Machine Learning, 2002, 46 (1): 315-349.
[68] C.-W. Hsu and C.-J. Lin. A comparison of methods for multi-class support vector machines [J]. IEEE Transactions on Neural Networks, 13(2002), 415-425.
[69] C.-J. Lin. On the convergence of the decomposition method for support vector machines [J]. IEEE Transactions on Neural Networks 12(2001), 1288-1298.
[70] J. C. Platt. Fast training of support vector machines using sequential minimal optimization [A]. B. Sch?lkopf, C. Burges and A. J. Smola. Advances in kernel method-support vector learning [C]. Cambridge, MA: MIT Press, 1999: 185-208.
[71] N. E. Ayat, M. Cheriet and L. Remaki, et al. KMOD-a new support vector machine kernel with moderate decreasing for pattern recognition, application to digital image recognition [A]. Proceedings of 6th Int. Conf. on Document Analysis and Recognition [C]. Seattle, USA: IEEE, 2001, 1215-1211.
[72] S. Amari and S. Wu. An Information-Geometrical Method for Improving the Performance of Support Vector Machine Classifiers [A]. ICANN'99, pp.85-91.
[73] O. Chapelle, V. Vapnik, O. Bousquet, et al. Choosing Multiple Parameters for Support Vector Machines [J]. Machine Learning, 2002, 46(1-3): 131-159.
[74] J. Weston and C. Watkins. Multi-class support vector machines [A]. In: M. Verleysen, eritor. Proceedings of ESANN99, Brussels, 1999, D. Factor Press.
[75] D. J. Sebald and J. A. Bucklew. Support vector machines and the multiple hypothesis test problem [J]. IEEE Trans. Signal Processing, vol. 49, no. 11, pp. 2865-2872, Nov. 2001.
[76] F. Schwenker. Hierarchical support vector machines for multi-class pattern recognition [A]. Proceedings of the 4th Int. Conf. on Knowledge-based Intelligence Engineering Systems & Allied Technologies. Brighton, UK, 2000-08-30/09-01.
[77] J. C. Platt, N. Cristianimi and J. T. Shawe. Large margin DAGs for multi-class classification [A]. In: Advances in Neural Information Processing Systems, MIT Press, 2000 (12): 547-553.
[78] T. G. Dietterich and G. Bakiri. Solving multi-class learning problem via error-correcting output codes [J]. Journal of Artificial Intelligence Research, 1995 (2): 263-286.
[79] M. R. Sadjadi and S. A. Zekavat. Cloud classification using support vector machines [C]. In: Proc. of the 2000 IEEE Geoscience and Remote Sensing Symposium (GRASS 2000), Honolulu, Hawaii, 2000-07, (2): 669-671.
[80] B. Sch?lkopf, C. Burges and V. Vapnik. Extracting support data for a given task [A]. In: Fayyad U M, Uthurusamy R, eds. Proceedings of First Int. Conf. on Knowledge Discovery & Data Mining. German: AAAI Press, 1995: 262-267.
[81] S. Mukherjee, E. Osuna and F. Girosi. Nonlinear prediction of chaotic time series using a support vector machine [A]. In: Proc. of NNSP’97, 1997.
[82] J. Kwok. Support vector mixture for classification and regression problems [A]. ICPR’98, 1998.
[83] H. S. Seung and D.L. Daniel. The Manifold Ways of Perception [J]. Science, 12, pp. 2268-2269, 2000.
[84] S. T. Roweis, and K. S. Lawrance. Nonlinear Dimensionality reduction by locally linear embedding [J]. Science, 290, pp. 2323-2326, 2000.
[85] J. B. Tenenbaum, de Silva, V. and Langford, J. C. A global geometric framework fornonlinear dimensionality reduction [J]. Science, 290, pp. 2319-2323, 2000.
[86] V. de Silva and J. B. Tenenbaum. Global versus local methods in nonlinear dimensionality reduction [J]. Neural Information Processing Systems 15 (NIPS'2002), pp. 705-712, 2003.
[87] M. Belkin, P. Niyogi. Laplacian Eigenmaps for Dimensionality Reduction and Data Representation [J]. Neural Computation, Vol. 15, Issue 6, pp. 1373 –1396, 2003.
[88] A. Blumer, A. Ehrenfeuch and D. Haussler, et al. Learnability and the vapnik-chervonenkis dimension [J]. Journal of the ACM, 1989, 36 (4): 925-965.
[89] M. Kearns and U. Vazirani. An introduction to computational learning theory [M]. Cambridge, MA: MIT Press, 1994.
[90] R. Schapire. The strength of weak learnability [J]. Machine Learning, 1990, 5 (2): 197-227.
[91] Y. Freund and R. Schapire. A decision-theoretic generation of non-line learning and an application to boosting [J]. Journal of Computer and System Sciences, 1997, 55 (1): 119-139.
[92] R. Schapire, Y. Freund and Y. Bartlett, et al. Boosting the margin: a new explanation for the effectiveness of voting methods [J]. The Annals of Statistics, 1998, 26 (5): 1651-1686.
[93] J. Quinlan. Boosting first-order learning [A]. S. Arikawa, A. Sharma. In: Proc. of the 7th Int. Workshop on Algorithm learning theory [C]. Berlin: Springer, 1996, 1160: 143-155.
[94] M. Gold. Language identification in the limit [J]. Information and Control, 1967, 10 (5): 447-474.
[95] J. Hong and C. Unrik. The extension matrix approach to attribute-based learning [A]. Brartko I, Lavrac N. Progress in machine learning [C]. Wilmslow: SIGMA Press, 1987.
[96] Z. Pawlak. Rough set-theoretical aspects of reasoning about data [M]. Boston, MA: Kluwer Academic Publishers, 1991.
[97] A. Skowron and C. Rauszer. The discernibility matrices and functions in information systems [A]. Slowinski R. Intelligence decision support-handbook of application and advances of the rough sets theory [C]. Dordrecht: Kluwer Academic Publishers, 1992, 331-362.
[98] 熊丽君,许龙飞. Rough Set 理论及其应用研究进展(综述) [J]. 暨南大学学报(自然科学版). 2003, 24 (3): 70-75.
[99] Q. Mohamed. A-RST: a generation of rough set theory [J]. Information Science, 2000 (124): 301-316.
[100] G. Gunther and D. Ivo. Rough approximation quality revisited [J]. Artificial Intelligence, 2001 (132): 2219-2234.
[101] M. R. Anna and E. K. Etienne. A comparative study of fuzzy rough sets [J]. Fuzzy Sets and System, 2002 (126): 137-155.
[102] C. Kankana, B. Ranjit and N. Sudarsan. Fuzziness in rough sets [J]. Fuzzy Sets and System, 2000 (110): 247-251.
[103] L. Awan. Fuzzy-rough and rough-fuzzy serial combination in Neurocomputing [J]. Neurocomputing, 2001, 36: 29-44.
[104] W. S. Roman and H. Larry. Rough sets as a front end of neural-networks texture classifiers [J]. Neurocomputing, 2001, 36: 85-102.
[105] J. Tegthem. Use of rough sets method to draw premonitory factors for earth-quakes by emphasizing gas geochemistry [A]. In: Intelligence Decision Support-handbook of Applicationsand Advances of the Rough Sets Theory [C]. Dordrecht: Kluwer Academic Publishers, 1992: 165-179.
[106] 王国胤. Rough 集理论与知识获取[M]. 西安:西安交通大学出版社, 2001.
[107] M. E. Yahia, R. Mahmod and N. Sulaiman, et al. Rough neural expert systems [J]. Expert Systems with Applications. 2002, 18: 87-99.
[108] G. Salvatore, M. Benetto and W. S. Roman. Rough sets theory for multicriteria decision analysis [J]. European Journal of Operational Research, 2001 (129): 1-47.
[109] T. E. McKee and L. Terje. Genetic programming and rough sets: a hybrid approach to bankruptcy classification [J]. European Journal of Operational Research, 2002 (138): 436-451.
[110] S. Padmini, E. R. Miguel and H. K. Donald, et al. Vocabulary mining for information retrieval: rough sets and fuzzy sets [J]. Information Processing and Management, 2002 (37): 15-38.
[111] A. T. Bjorvand. Rough Enough version 4.0 [EB/OL]. http://www.trolldata.no/ renough/, 2000-02-16.
[112] Grobian [EB/OL]. http://www.infj.ulst.ac.uk/~cccz23/grobian/grobian.html. Nov, 1999.
[113] Rosetta [EB/OL]. Knowledge Systems Group, Dept. of Computer and Info. Science, Norwegian University of Science and Technology, Trondheim, Norway and Group of Logic, Inst. of Mathematics, University of Warsaw, Poland. http://rosetta.lcb.uu.se/general/.
[114] K-DYS [EB/OL]. http://www.rs-systems.com/.
[115] Rough Analysis [EB/OL]. Enrique Alvarez. http://www.lsi.upc.es/~ealvarez /rough.html. Aug., 1998.
[116] L. Kaelbling, M. Littman and A. Moore. Reinforcement learning: A survey [J]. Journal of Artificial Intelligence Research, 1996, 4: 237-285.
[117] N. Wiener. 控制论(中译本)[M]. 北京:科学出版社,1962.
[118] J. Holland. Adaptation in natural and artificial systems [M]. Ann Arbor: Univ. of Michigan Press, 1975.
[119] R. Sutton and A. Barto. Reinforcement learning: an introduction [M]. Cambridge, MA: MIT Press, 1998.
[120] A. Barto, R. Sutton and C. Anderson. Neuronlike adaptive elements that can solve difficult learning control problems [J]. IEEE Trans. on Systems, Man, and Cybernetics, 1983, 13 (5): 834-846.
[121] R. Sutton. Learning to predict by the methods of temporal differences [J]. Machine Learning, 1988, 3, 9-44.
[122] P. Dayan. The convergencr of TD(λ) for general λ [M]. Machine Learning, 1992, 8, 341-362.
[123] C. Watkins. Learning from delayed rewards (Ph. D. dissertation) [D]. King’s College, Cambridge, England. 1989.
[124] L. Baird. Residual algorithms: reinforcement learning with function approximation [A]. Proceedings of the Twelfth Int. Conf. on Machine Learning, pp. 30-37. San Francisco: Morgan Kaufmann, 1995.
[125] S. Singh and R. Sutton. Reinforcement learning with replacing eligibility traces [J].Machine Learning, 1996, 22, 123.
[126] A. McCallum. Reinforcement learning with selective perception and hidden state (Ph. D. dissertation) [D]. Department of Computer Science, University of Rochester, NY. 1995.
[127] M. Littman. Algorithms for sequential decision making (Ph. D. dissertation) [D]. Department of Computer Science, Brown University, Providence, RI. 1996.
[128] R. Maclin and J. W. Shavlik. Creating advice-taking reinforcement learners [J]. Machine Learning. 1996, 22, 251-281.
[129] T. G. Dietterich and N. S. Flann. Explanation-based learning and reinforcement learning: a unified view [A]. Proceedings of the 12th Int. Conf. on Machine Learning. pp. 176-184. 1995.
[130] T. M. Mitchell. 机器学习(中译本)[M]. 北京:机械工业出版社,2003.
[131] R. Brooks. Intelligence without reason [A]. M. John, R. Ray. Proceedings of the 12th international joint conference on artificial intelligence [C]. San Mateo: Morgan Kaufmann Publishers, 1991, 569-595.
[132] R. W. Picard. Affective computing (Technical report 321) [R]. Cambridge, MA: MIT Medial Laboratory, 1995.
[133] M. Minsky. The society of mind [M]. New York: Simon & Schuster, 1986.
[134] M. Wooldridge. 多 Agent 系统引论[M]. 北京:电子工业出版社,2003.
[135] J. D. Bagley. The behavior of adaptive systems which employ genetic and correlation algorithms [J]. 1967
[136] Cavicchio, D. J. Adaptive Search Using Simulated Evolution (Ph.D. thesis) [D]. University of Michigan, Ann Arbor, Michigan. 1970.
[137] Holland J.H. Adaptation in natural and artificial system [M]. Ann Arbor, The University of Michigan Press, 1975.
[138] DeJong, K. A. An Analysis of the Behavior of a class of Genetic Adaptive Systems (Ph.D. thesis) [D]. University of Michigan, Ann Arbour. Department of Computer and Communication Sciences. 1975.
[139] Goldberg, D. E. Genetic Algorithms in Search, Optimization, and Machine Learning [M]. Addison-Wesley. 1989.
[140] Brindle, A. Genetic Algorithms for Function Optimization (Ph.D. thesis) [D]. Department of Computer Science, University of Alberta, Edmonton, Canada. 1981.
[141] T. Back. The interaction of mutation rate, selection and self-adaptation within genetic algorithms [A]. In: Manner R and Manderick B eds. Parallel Problems Solving from Nature II. Amstterdam, North Holland: Elsevier, 15-25. 1992.
[142] Starkweather, T., McDaniel, S., Mathias, K., et al. A Comparison of Genetic Sequencing Operators [A]. Proceedings of the Fourth International Conference on Genetic Algorithms, 1991, 69-76.
[143] Davis, L. Handbook of Genetic Algorithms [M]. New York: Van Nostrand Reinhold, 1991.
[144] Smith, D. Bin packing with adaptive search [A]. In Proceedings of an International Conference on Genetic Algorithms, pp. 202-206. Morgan Kauffman. 1985.
[145] Syswerda, G. Uniform crossover in genetic algorithms [A]. In Proceedings of the Third International Conference on Genetic Algorithms, pages 2-8. Morgan Kauffman. 1989.
[146] 王凌. 智能优化算法及其应用[M]. 北京:清华大学出版社,2001.
[147] Deb, K. and Goldberg, D. E. An investigation of niche and species formation in genetic function optimization [A]. In Proceedings of the Third International Conference on Genetic Algorithms, pp. 42-50. Morgan Kauffman, CA. 1989.
[148] 史忠值. 知识发现[M]. 北京:清华大学出版社,2002.
[149] 刑文训,谢金星. 现代优化计算方法[M]. 北京:清华大学出版社,1999.
[150] K. Krishnakumar. Micro-genetic algorithms for stationary and non-stationary function optimization [A]. SPIE Intelligence Control and Adaptive Systems, 1196: 289-296, 1989.
[151] N. N. Schraudolph and R. K. Belew. Dynamic parameter encoding for genetic algorithms [J]. Machine Learning, 1992, 9: 9-21.
[152] I. P. Androulakis and V. Venkatasubramanlan. A genetic algorithm framework for process design and optimization [J]. Computer Chem Engng, 1991, 15 (4): 217-228.
[153] J. C. Poths, T. D. Giddens and S. B. Yadaw. The development and evaluation for an improved genetic algorithm based on migration and artificial selection [J]. IEEE Trans. SMC, 24 (1): 73-86, 1994.
[154] J. J. Grefenstette. Parallel adaptive algorithms for function optimization [R]. Technical Report No. CS-81-19, Nashvilli: Vanderbilt University, Computer Science Department, 1981.
[155] 孟庆春. 基因算法及其应用[M]. 济南:山东大学出版社,1995.
[156] 王珏,石纯一. 机器学习研究[J]. 广西师范大学学报(自然科学版). 2003, 21 (6): 1-15.
[157] S. P. Shieh and V. D. Gligor. On a Pattern-Oriented Model for Intrusion Detection [J]. IEEE Transactions on Knowledge and Data Engineering. 1997, 9 (4): 661-667.
[158] A. Kanaoka, E. Okamoto. Multivariate Statistical Analysis of Network Traffic for Intrusion Detection [A]. 14th International Workshop on Database and Expert Systems Applications. pp. 472 -476. September, 2003. Prague, Czech Republic.
[159] J. Marin, D. Ragsdale snd J. Surdu. A Hybrid Approach to the Profile Creation and Intrusion Detection [A]. Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEXII 2001), June 2001.
[160] J .May, J. Peterson and J. Bauman. Attack Detection in Large Networks [A]. Proceedings of the Second DARPA Information Security Conference and Exposition (DISCEX II), Anaheim, CA, June 2001.
[161] M. Esmaili, B. Balachandran and R. Safavi-Naini. Case-Based Reasoning for Intrusion Detection [A]. 12th Annual Computer Security Applications Conference. pp. 214-222. December 09 - 13, 1996. San Diego California.
[162] Ning Jiang, Kien A. Hua, Simon Sheu. Considering Both Intra-Pattern and Inter-Pattern Anomalies for Intrusion Detection [A]. 2002 IEEE International Conference on Data Mining (ICDM'02). pp. 637-640, December 09-12, 2002.
[163] S. Forrest, S. A. Hofmeyr, A. Somayaji and T. A. Logstaff. A sense of self for Unix process [J]. Proceedings of 1996 IEEE Symposium on Computer Security and Privacy, 120-128, 1996.
[164] Wenke Lee, Sal Stolfo, and Phil Chan. Learning Patterns from Unix Process Execution Traces for Intrusion Detection [A]. AAAI Workshop: Al Approaches to Fraud Detection and RiskManagement, July 1997.
[165] C. Warrender, S. Forrest and B. Pearlmutt. Detecting Intrusion Detection Using System Calls: Alternative Data Model [J]. Proceedings of 1999 IEEE Symposium on Computer Security and Privacy, 133-145, 1999.
[166] A. Wespi, M. Dacier and H. Debar. Intrusion Detection using variable-length audit trail patterns [J]. RAID, 110-129, 2000.
[167] G. Tandon and P. Chan. Learning Useful System Call Attributes for Anomaly Detection [A]. Proc. 18th Intl. FLAIRS Conf., pp. 405-410, 2005.
[168] M. Sabhnani and G. Serpen. KDD Feature Set Complaint Heuristic Rules for R2L Attack Detection [J]. Security and Management 2003: 310-316.
[169] S. Jha, K. Tan, R.A. Maxion. Markov Chains, Classifiers, and Intrusion Detection [A]. 14th IEEE Computer Security Foundations Workshop (CSFW'01). pp. 0206-0219. June 11-13, 2001. Cape Breton, Novia Scotia, Canada.
[170] R. Puttini, Z. Marrakchi and L. Me. Bayesian Classification Model for Real-Time Intrusion Detection [A]. In: 22th International Workshop on Bayesian Inference and Maximum Entropy Methods in Science and Engineering, 2002.
[171] C. Sinclair, L. Pierce and S. Matzner. An Application of Machine Learning to Network Intrusion Detection [A]. 15th Annual Computer Security Applications Conference. pp. 371-377. December 06-10, 1999. Phoenix, Arizona.
[172] C. Krügel and T. Toth. Using Decision Trees to Improve Signature-Based Intrusion Detection [A]. RAID 2003: 173-191.
[173] 谭小彬,王卫平,奚宏生,殷保群. 计算机系统入侵检测的隐马尔科夫模型. 计算机研究与发展[J]. 2003, 40(2): 245-250
[174] Fox K, Henning R, Reed J, et al. A neural network approach towards intrusion detection [A]. In: Proceedings of the 13th National Computer Security Conference, 1990, 125-134.
[175] A. K. Ghosh and A. Schwartzbard. A study in using neural networks for anomaly and misuse detection [J]. Proceedings of the 8th USENIX Security Symposium, 1999.
[176] Lichodzijewski P., Zincir-Heywood A. N. Heywood M.I. Dynamic Intrusion Detection Using Self Organizing Maps [A]. 14th Annual Canadian Information Technology Security Symposium, May 2002.
[177] Lichodzijewski P., Zincir-Heywood A.N., Heywood M.I. Host-Based Intrusion Detection Using Self-Organizing Maps [A]. IEEE International Joint Conference on Neural Networks. May 2002.
[178] C. Jirapummin, N. Wattanapongsakorn and P. Kanthamanon. Hybrid Neural Networks for Intrusion Detection System [A]. The 2002 International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC 2002), pages 928-931, Phuket, Thailand, 16-19 July 2002.
[179] S. C. Lee and D. V. Heinbuch. Training a neural-network based intrusion detector to recognize novel attacks [J]. IEEE Transactions on Systems, Man, and Cybernetics, Part A 31(4): 294-299 (2001).
[180] J. M. Bonifacio et al. Neural Networks applied in intrusion detection systems [A]. Proc. ofthe IEEE World congress on. Comp. Intell. (WCCI ’98), 1998.
[181] Cannady, J., 1998. Artificial neural networks for misuse detection [A]. In: Proc. 1998 National Information Systems Security Conf. (NISSC'98) October 5-8, 1998.
[182] S. Mukkamala, G. Janoski, A H. Sung. Intrusion Detection Using Neural Networks and Support Vector Machines [A]. Proceedings of IEEE International Joint Conference on Neural Networks, IEEE Computer Society Press, pp.1702-1707, 2002.
[183] A. H. Sung and S. Mukkamala. Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks [A]. 2003 Symposium on Applications and the Internet. pp. 209-216. January 27-31, 2003. Orlando, Florida.
[184] D. S. Kim and J. S. Park. Network-based intrusion detection with support vector machines [A]. H.-K. Kahng (Ed.): ICOIN 2003, LNCS 2662, pp. 747-756, 2003.
[185] M. Luo, L. N. Wang, H. G. Zhang, etc. A research on intrusion detection based on unsupervised clustering and support vector machine [A]. S. Qing, D. Gollmann and J. Zhou (Eds.): ICOIN 2003, LNCS 2836, pp. 325-336, 2003.
[186] T. Sohn, J. T. Seo and J. S. Moon. A study on the covert channel detection of TCP/IP header using support vector machines [A]. S. Qing, D. Gollmann and J. Zhou (Eds.): ICOIN 2003, LNCS 2836, pp. 313-324, 2003.
[187] W. J. Hu, Y. H. Liao and V. R. Vemuri. Robust anomaly detection using support vector machines. IEEE Trans. on Pattern Analysis and Machine Intelligence. In press
[188] 饶鲜,董春曦,杨绍全. 基于支持向量机的入侵检测系统[J]. 软件学报,2003, 14(4): 798-803.
[189] 李辉,管晓宏,昝鑫,韩崇昭. 基于支持向量机的网络入侵检测[J]. 计算机研究与发展. 2003, 40 (6): 799-807.
[190] J. Mill and A. Inoue. Support vector classifiers and network intrusion detection [A]. IEEE International Conf. on Fuzzy Systems. Budapest, Hungary. Jul., 2004.
[191] Wenke Lee, Salvatore J. Stolfo. A framework for constructing features and models for intrusion detection systems [J]. ACM Trans. Inf. Syst. Secur. 2000, 03(4): 227-261.
[192] Wenke Lee, Salvatore J. Stolfo and Kui W. Mok. A Data Mining Framework for Building Intrusion Detection Models [A]. 1999 IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 1999.
[193] Lee Wenke, Fan. Wei and M. Matthew, et a. Toward cost-sensitive modeling for intrusion detection and response [J]. Journal of Computer Security, 2002, Vol. 10 Issue 1/2, pp.5-18.
[194] Matthew. Schultz, E. Eskin, et al. Data Mining Methods for Detection of New Malicious Executables [A]. Proceedings of the 2001 IEEE Symposium on Security and Privacy SP '01. May 2001, pp. 1-12.
[195] ZHANG Lian-hua, ZHANG Guan-hua, YU Lang, et al. Intrusion detection using rough set classification [J]. J. Zhejiang Univ SCI 2004 5(9):1076-1086.
[196] 励晓健,黄勇,黄厚宽. 基于 Poission 过程和 Rough 包含的计算免疫模型. 计算机学报[J]. 2003, 26 (1): 71-76.
[197] 蔡忠闽,管晓宏,邵萍等. 基于粗糙集理论的入侵检测新方法. 计算机学报[J]. 2003, 26(3): 361-366.
[198] A. Chittur. Model Generation for an Intrusion Detection System Using Genetic Algorithms [EB/OL]. http://www1.cs.columbia.edu/ids/publications/gaids-thesis01.pdf, Nov, 2001.
[199] Mé, L. Gassata, a genetic algorithm as an alternative tool for security audit analysis [A]. Proc. of the 1st International Workshop on the Recent Advances in Intrusion Detection (RAID'98), 1998.
[200] L. Wei. The integration of security sensors into the Intelligent Intrusion Detection System (IIDS) in a cluster environment [R]. Master’s Project Report. Department of Computer Science, Mississippi State University. 2002.
[201] F. Neri and C. Borsalino. Comparing Local Search with Respect to Genetic Evolution to Detect Intrusions in Computer Networks[C]. Evolutinary Computation: Proceedings of the 2000 Congress on, 2000 (1): 238-243.
[202] 张凤斌,杨永田,江子扬. 遗传算法在基于网络异常的入侵检测中的应用[J]. 电子学报. 2004, 32(5): 875-877.
[203] 凌军,曹阳等. 基于小生境技术的多样性抗体生成算法[J]. 电子报, 2003, 31 (8): 1130-1133.
[204] A. Fabio, González, D. Dasgupta. An Imunogenetic Technique To Detect Anomalies In Network Traffic [A]. GECCO 2002: 1081-1088.
[205] A. Fabio, González, J. Galeano, et al. Discriminating and visualizing anomalies using negative selection and self-organizing maps [A]. GECCO 2005: 297-304.
[206] D. Dasgupta, Y. Senhua and N. Majumdar. MILA-multilevel immune learning algorithm and its application to anomaly detection [J]. Soft Comput. 2005, 9(3): 172-184.
[207] S Hofmeyr and S Forrest. Immunity by Design: An Artificial Immune System [A]. Proc of GECCO'99[C]. 1999. 1289-1296.
[208] D. Dasgupta. An Immune Agent Architecture for Intrusion Detection [A]. Proceedings of the GECCO 2000 Workshop Prog. pp. 42-44, 2000.
[209] J. Kim and P. J. Bentley. Immune Memory in the Dynamic Clonal Selection Algorithm [A]. Proceedings of the First International Conference on Artificial Immune Systems (ICARIS). pp.57-65, September 9-11, 2002.
[210] J. Kim,A. Ong and R. Overill, R. Design of an Artificial Immune System as a Novel Anomaly Detector for Combating Financial Fraud in Retail Sector [A]. To appear in the Congress on Evolutionary Computation (CEC-2003), Canberra, Dec 8-12, 2003.
[211] J. Galeano, A. Veloza-Suan and F. González. A comparative analysis of artificial immune network models [A]. GECCO 2005: 361-368.
[212] G. Helmer, J. Wong and V. Honavar. Automated Discovery of Concise Predictive Rules for Intrusion Detection [J]. Journal of Systems and Software. 2002, 60 (3): 165-175.
[213] J. E. Dickerson, J. Juslin, O. Koukousoula, et al. Fuzzy intrusion detection [A]. IFSA World Congress and 20th North American Fuzzy Information Proc. Society (NAFIPS) International Conference, Vancouver, British Columbia, Volume 3, 1506-1510, July, 2001.
[214] D. Caragea., Silvescu and V.Honavar. Agents that Learn from Distributed Dynamic Data Sources [A]. Proceedings of the Workshop on Learning Agents, Agents- 00/ECML-00. Barcelona, Spain. June 2000.
[215] J. Cannady. Applying CMAC-Based On-Line Learning to Intrusion Detection [A]. IJCNN 2000 (5): 405-410.
[216] W. Jansen, P. Mell, T. Karygiannis, et al. Applying Mobile Agents to Intrusion Detection and Response [R]. NISTIR 6416, September 1999.
[217] 戴英侠,连一峰,王航编著. 系统安全与入侵检测[M]. 北京:清华大学出版社. 2002.
[218] 南湘浩,陈钟编著. 网络安全技术概论[M]. 北京:国防工业出版社. 2003.
[219] W. R. Stevens. TCP/IP 详解卷 1:协议[M]. 范建华等译. 北京:机械工业出版社,2000.
[220] W. R. Stevens,G. R. Wright. TCP/IP 详解卷 2:实现[M]. 陆雪莹等译. 北京:机械工业出版社,2000.
[221] A. S. Tanenbaum. 计算机网络[M]. 北京:清华大学出版社,1998.
[222] Fyodor. The Art of Scanning [EB/OL]. Phrack 51, http://www.phrack.com.
[223] J. Scambray, S. McClure 著. 黑客大曝光(第 2 版)[M]. 钟向群, 杨继张译. 北京:清华大学出版社, 2002.
[224] E. Skoudis 著. 反击黑客[M]. 宁科等译. 北京:机械工业出版社,2002.
[225] 刘进. 基于攻击图模型的网络系统脆弱性评估研究[D]. 硕士学位论文. 长沙:国防科技大学,2004,11.
[226] B. Schneier. Attack Trees: Modeling Security Threats [J]. Dr. Dobb’s Journal, December 1999.
[227] T.Tidwell, R.Larson, K.Fitch et al. Modeling Internet Attacks [A]. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, pp.54-59, 2001.
[228] F. Moderg. Security analysis of an information system using an attack tree-based methodology [D]. Master’s Thesis. Chalmers University of Technology. 2000.
[229] 庄朝辉. 基于攻击树的大规模入侵检测及其在Linux上的原型[D]. 硕士学位论文. 厦门:厦门大学硕士论文,2002.
[230] J. Steffan and M. Schumacher. Collaborative Attack Modeling [A]. In Proc. of the 2002 ACM Symposium on Applied Computing (SAC'02, Madrid, Spain). 2002.
[231] J. P. McDermott. Attack Net Penetration Testing [A]. In The 2000 New Security Paradigms Workshop, ACM SIGSAC, ACM Press, pp.15-22.
[232] 魏强. 网络攻击行动建模与攻击方案推理算法研究[D]. 硕士学位论文. 长沙:国防科学技术大学,2004,11.
[233] S. Eckmann, G. Vigna and R. Kemmerer. STATL Definition [R]. Technical Report TRCS00-19. Department of Computer Science, UC Santa Barbara, September 2000.
[234] 闫怀志,胡昌振,谭惠民. 基于模糊矩阵博弈的网络安全威胁评估[J]. 计算机工程与应用,2002. 13.
[235] Ronald W. Ritchey and P. Ammann. Using Model Checking to Analyze Network Vulnerability [A]. In Proceeding of IEEE Symposium on Security and Privacy. 2000.
[236] O. Sheyner, et al. Automated Generation and Analysis of Attack Graphs [A]. In Proceeding of the 2002 IEEE Symposium on Security and Privacy. 2002.
[237] O. M. Sheyner. Scenario Graphs and Attack Graphs [R]. CMU-CS-04-122, 2004.
[238] 尹飞. 形式验证方法[J]. 电子计算机, 2002, 154: 24-28.
[239] 董威, 王戟, 齐治昌. UML Statecharts 的模型检验方法[J]. 软件学报,2003,14(4): 750-756.
[240] Clarke E. M., Grumberg J. O., Peled D. A.. Model Checking [M]. MA: MIT. 1999.
[241] Trusted Computer System Evaluation Criteria[S]. US National Computer Security Center. NCSC 5200.28-STD, 1985.
[242] 张义荣,赵志超,鲜明,王国玉. 网络安全评估中的实时信息采集技术研究[J]. 计算机应用研究,2004,21(增刊):222-224.
[243] R. P. Lippmann, D. J. Fried, I. Graf, et al. Evaluating Intrusion Detection Systems: the 1998 DARPA Off-Line Intrusion Detection Evaluation [A]. In: Proc. of the 2000 DARPA Information Survivability Conference and Exposition, 2000, Vol. 2.
[244] Kris Kendall. A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems [D]. Master's Thesis, Massachusetts Institute of Technology, 1998.
[245] DARPA 1998 data set. http://www.ll.mit.edu/IST/ideval/data/1998/1998_data_ index.html. Cited 2005.
[246] 1999 KDD Cup competition data set [EB/OL]. http://kdd.ics.uci.edu/ databases/ kddcup99/kddcup99.html. Cited 2005.
[247] UNM Sequence-based Intrusion Detection data set [EB/OL]. http://www.cs. unm.edu/~immsec/data/. Cited 2005.
[248] V. Vapnik and A. Chervonenkis. The necessary and sufficient conditions for consistency in the empirical risk minimization method [J]. Pattern Recognition and Image Analysis, 1(3):283-305, 1991.
[249] V. Vapnik 著. 统计学习理论[M]. 许健华, 张学工译. 北京:电子工业出版社,2004.
[250] V. Vapnik and A. Chervonenkis. On the uniform convergence of relative frequencies of events to their probabilities [J]. Theory of Probability and its Applications, 16(2):264-280, 1971.
[251] 范昕炜. 支持向量机算法的研究与应用[D]. 博士学位论文. 杭州:浙江大学,2003.
[252] 粟塔山等编著. 最优化计算原理与算法程序设计[M]. 长沙:国防科技大学出版社,2001.
[253] B. E. Boser, I. Guyon, and V. N. Vapnik, A Training Algorithm for Optimal Margin Classifiers, in Proc. of the 5-th Workshop of computational learning theory, Morgan Kaufman, S. Mateo, CA, 1992, pp. 144-153.
[254] N. Cristianini, J. Taylor 著. 支持向量机导论[M]. 李国正等译. 北京:电子工业出版社,2004.
[255] C.-C. Chang and C.-J. Lin. Training nu-Support Vector Classifiers: Theory and Algorithms [J]. Neural Computation 13(9), 2001, 2119-2147.
[256] David J. Crisp and Christopher J. C. Burges. A Geometric Interpretation of v-SVM Classifiers [A]. NIPS 1999: 244-250.
[257] Chih-Chung Chang and Chih-Jen Lin, LIBSVM : a library for support vector machines [EB/OL], 2001. Software available at http://www.csie.ntu.edu.tw/~cjlin/ libsvm.
[258] T. Joachims. SVMlight-Support Vector Machine [EB/OL]. http://svmlight. joachims.org/, 2004-07-20.
[259] M. Sabhnani and G. Serpen. Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set [J]. Journal of Intelligent Data Analysis, 2004.
[260] D. R. Wilson and T. R. Martinez. Improved heterogeneous distance functions [J]. Journal of Artificial Intelligence Research, 1997, 6 (1): 1-34.
[261] P.-H. Chen, C.-J. Lin, and B. Sch?lkopf. A tutorial on nu-support vector machines [J]. Applied Stochastic Models in Business and Industry, 21(2005), 111-136.
[262] Skowron, A. Rough sets in KDD [A]. in: Z. Shi, B. Faltings, and M. Musem (Eds.), 16-th World Computer Congress (IFIP'2000): Proceedings of Conference on Intelligent Information Processing (IIP'2000), Publishing House of Electronic Industry, Beijing, 2000, 1-17.
[263] R. W. Swiniarski and A. Skowron. Rough set methods in feature selection and recognition [J]. Pattern Recognition Letters 24(6): 833-849 (2003).
[264] A. Skowron, R. W. Swiniarski and P. Synak. Approximation Spaces and Information Granulation [J]. T. Rough Sets 2005: 175-189
[265] J. G. Bazan, J. F. Peters and A. Skowron, et al. Rough Set Approach to Pattern Extraction from Classifiers [J]. Electr. Notes Theor. Comput. Sci. 82(4): (2003).
[266] Z. Pawlak. Rough Sets and Decision Algorithms [J]. Rough Sets and Current Trends in Computing 2000: 30-45.
[267] Z. Pawlak: Reasoning about Data - A Rough Set Perspective [J]. Rough Sets and Current Trends in Computing 1998: 25-34.
[268] Z. Pawlak. Drawing conclusions from data - The rough set way [J]. Int. J. Intell. Syst. 16(1): 3-11 (2001).
[269] Dempster, A.P. A generalization of Bayesian inference [J]. Journal of the Royal Statistical Society,Series B 30 205-247, 1968.
[270] Shafer, G., A Mathematical Theory of Evidence [M], Princeton University Press, Princeton, N.J., 1976.
[271] E. Shortliffe and B. Buchanan. A Model of Inexact Reasoning in Medicine [A], in: RuleBased Expert Systems, BG Buchanan and EH Shortliffe (Eds.), 233-262, Addison-Wesley, Reading, MA (1984).
[272] Lotfi A. Zadeh. Fuzzy Sets [J]. Information and Control 8(3): 338-353, 1965.
[273] 刘清著. Rough 集和 Rough 推理[M]. 北京:科学出版社,2001.
[274] Y. H. Liao and V. R. Vemuri. Use of K-Nearest Neighbor classifier for intrusion detection [J]. Computers & Security 21(5): 439-448 (2002).
[275] M. Mahoney and P. Chan. Learning Rules for Anomaly Detection of Hostile Network Traffic [A]. Proc. Third IEEE Intl. Conf. on Data Mining (ICDM), pp. 601-4, 2003.
[276] G. Rudolph. Convergence analysis of canonical genetic algorithms [J]. IEEE Transactions on Neural Networks, 1994 (5): 96-101.
[277] L. D. Whitley. Using Reproductive Evaluation to Improve Genetic Search and HeuristicDiscovery [A]. ICGA 1987: 108-115.
[278] D. Keb and D. E. Goldberg. An investigation of niche and species formation in genetic function optimization [A]. In:Schaffer JDed. Proceedings of the Third International Conference on Genetic Algorithms. San Mateo, California, Morgan Kaufmann, 1989:42~50.
[279] R. Koza. Genetic Programming: on the Programming of Computers by Means of Natural Selection [M]. The MIT Press, 1992, 189-200.
[280] 张义荣,鲜明,赵志超等. 计算机网络攻击效果评估技术研究. 国防科技大学学报,2002,24(5):24-28.
[281] 张义荣,鲜明,王国玉. 一种基于网络熵的计算机网络攻击效果度量评估方法. 通信学报,2004,25(11):158-165.
[282] 胡影,鲜明,肖顺平. DoS 攻击效果评估系统的设计[J]. 计算机工程与科学, 2005 (2).
[283] J. P. Nicholas, K. Zhang and M. Chung. A methodology for testing intrusion detection systems [J] .IEEE Transactions on Software Engineering, 1996, 22 (10): 719-729.
[284] S. J. Stolfo, W. Fan and Wenke Lee. Cost-based Modeling for Fraud and Intrusion Detection: Results from the JAM Project [A]. Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000.
[285] J. E. Gaffney and J. W. Ulvila. Evaluation of Intrusion Detectors: A Decision Theory [A]. Proceedings of the IEEE Symposium on Security and Privacy (S&P’01). Oakland, California. pp. 50-61. May 14-16, 2001.
[286] M. John. Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory [J]. ACM Transactions on Information and System Security, 2000, 3 (4): 262-294.
[287] Haines, W. Joshua, Rossey, et al. Extending the DARPA off-line intrusion detection evaluation [A]. In the Proc. of DISCEX 2001, Jun. 11-12, Anaheim, CA.
[288] N. Athanasiades, R. Abler, J. Levine, et al. Intrusion Detection Testing and Benchmarking Methodologies [A]. First IEEE International Workshop on Information Assurance (IWIA'03), March 24 - 24, 2003. Darmstadt, Germany.
[289] 侯定丕,王战军. 非线性评估的理论探索与应用[M]. 合肥:中国科学技术大学出版社,2001.
[290] 赵志超. 网络攻击及效果评估技术研究[D]. 硕士学位论文. 长沙:国防科技大学,2002,11.
[291] 胡影. 网络攻击效果评估建模与技术实现研究[D]. 硕士学位论文. 长沙:国防科技大学,2003,11.
[292] 黄敏. 无线网络攻击技术及攻击效果评估研究[D]. 硕士学位论文. 长沙:国防科技大学,2003,11.
[293] 陆汝钎主编. 知识科学与计算科学[M]. 北京:清华大学出版社,2003.
[294] M. Karpinski and A. Macintyre. Polynomial bounds for VC dimension of Sigmoid and general Pfaffian Neural Networks [J]. Journal of Computer and System Sciences, 1997, 54: 169-176.
[295] P. L. Barlett, V. Maiorov, R. Meir. Almost linear VC-Dimension bounds for piecewise polynomial networks [J]. Neural Computation, 1998, 10 (8): 2159-2173.
[296] 梁之舜,邓集贤等编著. 概率论及数理统计[M]. 北京:高等教育出版社,1988.
[297] 马恒太. 基于 Agent 分布式入侵检测系统模型的建模及实践[D]. 博士学位论文. 北京:中国科学院研究生院,2001,2.
[298] D. N. Chorafas. Agent Technology Hansbook [M]. 北京:世界图书出版公司北京公司,1999.
[299] Nils J. Nilson 著,郑扣根,庄越挺译. 人工智能[M]. 北京:机械工业出版社. 2002.
[300] Stephen, Mark Cooper, Matt Fearnow 等著,林琪等译. 入侵特征与分析[M]. 北京:中国电力出版社. 2002
[301] 孙即祥等编著. 现代模式识别[M]. 北京:国防科技大学出版社. 2002.
[302] 徐宗本编著. 计算智能—模拟进化计算[M]. 北京:高等教育出版社. 2004.
[303] 凌云,王勋,费玉莲著. 智能技术与信息处理[M]. 北京:科学出版社. 2003.
[304] 吴泉源,刘江宁编著. 人工智能与专家系统[M]. 长沙:国防科技大学出版社. 2000.
[305] 杨善林,倪志伟著. 机器学习与智能决策支持系统[M]. 北京:科学出版社. 2004.
[306] 吉天龙,蔡国永著. 网络协议的形式化分析与设计[M]. 北京:电子工业出版社. 2003.
[307] R. O. Duda, P. E. Hart, D. G. Stork 著. 李宏东,姚天翔译. 模式分类[M]. 北京:机械工业出版社,中信出版社. 2003.
[308] 蒋宗礼,姜守旭编著. 形式语言与自动机理论[M]. 北京:清华大学出版社. 2003.
[309] 李敏强,寇纪淞,林丹等著. 遗传算法的基本理论与应用[M]. 北京:科学出版社. 2002.
[310] 吴作顺. 基于免疫学的入侵检测系统研究[D]. 博士学位论文. 长沙:国防科技大学,2003,4.
[311] 王晓蒲. 基于核函数的机器学习方法研究[D]. 博士学位论文. 合肥:中国科技大学,2002,11.
[312] 代建华. 粗糙集理论及其在知识发现中的应用研究[D]. 博士学位论文. 武汉:武汉大学,2003,3.
[313] 李小勇. 网络入侵检测关键技术研究[D]. 博士学位论文. 上海:上海交通大学,2003,10.
[314] 田新广. 基于主机的入侵检测技术研究[D]. 博士学位论文. 长沙:国防科技大学,2005,6.
[315] Wenke Lee. A data mining framework for constructing features and models for intrusion detection systems (Ph. D. dissertation) [D]. Columbia University, NY, USA. 1999.
[316] A. Grossmann, J. Morlet. Decomposition of Hardy functions into square integrable wavelets of constant shape [J]. SIAM J. Math. Anal, 1984, (15): 723-736.
[317] S. Mallat. A theory for multiresolution signal decomposition: The wavelet representation [J]. IEEE Trans. on PAMI, 1989, 11 (7): 674-693.
[318] W. Sweldens. The lifting scheme: A custom-design construction of second generation wavelets [J]. SIAM J. Math. Anal, 1998, 29 (2): 511-546.
[319] Joint Photographic Expert Group. JPEG-2000 Part I: Final Committee Version 1.0 [S]. ISO/IEC/FCD/15444-1. March, 2000.
[320] T. Sikora. Development of Video Tools and Algorithms for MPEG-4 [EB/OL]. http://www.MPEG.org.