入侵检测中神经网络融合学习方法的研究
|
摘要
本文基于神经网络理论讨论大规模网络入侵检测学习的方法,主要研究网络流量监控、网络数据学习以及分布式数据融合问题。
采用ARIMA平稳时序建模方法实现了一种动态预测方法,预测未来时段内的流量特征,根据该流量特征对网络流量进行动态监控,并对异常流量发出流量超预期警告。方案在一定程度上避免了单阈值设定流量警告的困难,减少了系统的虚警率。
针对经典SVM不适用于大规模入侵检测数据学习的问题,基于网络入侵训练样本的特征分析,提出了适用于多分类的SVM增量学习算法。该算法利用SVM训练样本的凸二次特性,将多维样本映射到高维空间并使其可分,然后利用样本的聚类特性,选取一定“厚度”的外壳数据作为SV保留下来,提高了检测率。
针对模块化神经网络算法学习精度高但是效率相对较低的特点,采用SOM算法作为基本学习方法并利用其神经元竞争特性,引入模糊聚类FCM对SOM输出权值进行融合学习分类,不需要对任务进行特殊分解,采用自组织映射学习方法,对各模块所分配的任务进行学习,融合学习则采用类似的无监督学习方法,对相似解进行聚类。在保持SOM高精度的基础上,大幅度的减少了学习时间。
针对神经网络学习的过拟合现象,提出了一种以Kalman滤波器为基础的修剪算法。该算法将神经元与神经网络的输出建立对应关系,利用Kalman滤波器的预测特性,对神经网络中的每一个神经元及其权值进行预测,找出其重要性的排序,并依据其重要性对网络节点进行修剪。
这些算法均采用入侵检测数据集KDDCUP99进行测试,验证了算法的高检测率和较好的效率,表明算法适合大规模网络的入侵检测应用。
最后提出了一种以网络内因、外因等指标为输入的评价方法,利用所提出入侵检测算法的输出作为网络性能评价参数,并综合其它变量因素给出了网络性能评价公式。
In confront of large-scale network intrusion detection and increasing intrusion means, single-machine intrusion detection system cannot meet the detection requirement regarding the computing speed and rule storage. Modular neural networks, which decomposed tasks to learn, proposed an efficient solution to this problem. The different segmentation methods, however, limited its application, as it caused varying study effects. Diversity of attack and normal data flow determined that the intrusion detection must apply random or under simple rules segmentation to conduct distributed learning. But the learn result cannot be affected. This research analyzed the network data characterizations and related intelligent learning algorithms, and proposed a new learning method that could greatly reduce sample segmentation relevance, based on the research of network traffic monitoring, network data learning, data integration etc, which could complete task decomposition and integration learning.
In order to support the integrating learning, we also researched the neural network structure optimization problem, enhanced the generalization ability by pruning the useless neurons and further improved the learning effect.
Based on network security related monitoring and detecting content, we proposed a network performance scoring model that could supervise the learning algorithm effect from quantitative point of view reflecting the anti-intrusion and survivor ability of the network.
Detailed content were as followed:
(1)Establish a dynamic network traffic flow monitor system based on ARIMA model
Network traffic flow was abrupt and periodic. Many modeling methods always establish the model as stable flow. We firstly smoothed the traffic flow and extracted the noise information. Then model was established based on ARIMA, in the meantime, a dynamic monitoring system based on the model was established, which could predict the traffic property in the coming hours. Traffic flow was monitored according to traffic characterization where unusual traffic flow could be alerted. This method to some extent, avoided the high false alteration rate that was due to the single threshold setting.
(2) Propose an incremental learning method to multi-classification SVM
The advances in high dimension learning of SVM could solve the incremental learning problem in the data of large-scale network intrusion detection. SVM learning samples were convex quadratic after transforming by kernel function. The commonly used in model recognition was the closer samples from heterogeneous sample, thus ensuring the full partition between the samples and spared the most optimal hyperplane that maximum the distance between the two sample types. Our method utilized the separable property of the samples after kernel transformation, and deserved the edge data cluster as SV, in a certain extent, equivalent of retaining a shell of its cluster with certain thickness. These shells retained much enough SV data for hyperplane calculation within each model, and could significantly reduce the increasing data storage that happen using traditional KKT rule for incremental learning. In the meantime, the shell data choosing applied the Euclidean distance method, which had lower calculation and was easier to achieve. Result showed this method retained enough effective SV, improved the SVM incremental learning speed and accuracy, reduced data storage spaces, and was more suitable for multiple classification SVM incremental learning.
(3) propose integrated learning method based on FCM clustering
Large-scale network intrusion detection was basically to establish a comprehensive detection system that integrated learning result of each module. Although SVM could achieve great learning effect, it also depended upon the sample splitting method . SOM neural network learning benefited from the competition, namely, each winning neuron represented a sample model. The self-organizing clustering property, could further weaken the sample dependence of module learning. As Hebb learning method was introduced, the output differences between winning neurons widened. Therefore, utilize the winning neurons’properties in further vague clustering by FCM during integration method, each module of which was integrated and hereafter achieved modulated neuron network learning algorithm that uses SOM as basic learning method, FCM as the integrating method. From sample primary learning to further integration learning, sample dependence was avoided. In the meantime, while maintaining high accuracy based on SOM, the introduction of FCM could greatly reduce the number of iterations of learning, improving learning efficiency. Result showed this method in distributed intrusion detection system had a better detection rate and low false alarm rate.
(4) propose Kalman fiter-based neural network pruning algorithm
To solve the over-fitting and consequent neural network learning effect decline that commonly happened, we proposed Kalman fiter-based pruning algorithm. The main idea came from classic neural network pruning algorithm OBD, which pruning and removing part of the neurons. Kalman fiter utilized state equation and measurement equation to predict the output changes of neurons and neural network, find out the order of importance, identify the unrelated or negatively related neurons, and prune this part of network node. Unlike the traditional pruning method that introduced punishment during learning procedure, this method focused solely on learning completed neural network, and won’t disturb the learning procedure nor will delay the learning time period. Result showed, this prediction method could implement the pruning of neurons, and could improve the learning accuracy of neural network.
(5) propose a comprehensive method on network
The current anti-intrusion evaluations of network were mostly conducted with respect to network threat and loopholes in the network, with varying parameters and algorithms. In order to establish experimental conditions, the network traffic monitor mentioned above and related intrusion detection algorithm were integrated, and based on multi-factors that contributed to the commonly happened problems, we propose a quantification parameter with intrusion detection result as on of the network performance parameter. The possible influence to network of different intrusion means were set as input parameter. And we gave a performance evaluation equation, which could quantified the network performance and hereafter evaluate the network performance and test intrusion detection result.
采用ARIMA平稳时序建模方法实现了一种动态预测方法,预测未来时段内的流量特征,根据该流量特征对网络流量进行动态监控,并对异常流量发出流量超预期警告。方案在一定程度上避免了单阈值设定流量警告的困难,减少了系统的虚警率。
针对经典SVM不适用于大规模入侵检测数据学习的问题,基于网络入侵训练样本的特征分析,提出了适用于多分类的SVM增量学习算法。该算法利用SVM训练样本的凸二次特性,将多维样本映射到高维空间并使其可分,然后利用样本的聚类特性,选取一定“厚度”的外壳数据作为SV保留下来,提高了检测率。
针对模块化神经网络算法学习精度高但是效率相对较低的特点,采用SOM算法作为基本学习方法并利用其神经元竞争特性,引入模糊聚类FCM对SOM输出权值进行融合学习分类,不需要对任务进行特殊分解,采用自组织映射学习方法,对各模块所分配的任务进行学习,融合学习则采用类似的无监督学习方法,对相似解进行聚类。在保持SOM高精度的基础上,大幅度的减少了学习时间。
针对神经网络学习的过拟合现象,提出了一种以Kalman滤波器为基础的修剪算法。该算法将神经元与神经网络的输出建立对应关系,利用Kalman滤波器的预测特性,对神经网络中的每一个神经元及其权值进行预测,找出其重要性的排序,并依据其重要性对网络节点进行修剪。
这些算法均采用入侵检测数据集KDDCUP99进行测试,验证了算法的高检测率和较好的效率,表明算法适合大规模网络的入侵检测应用。
最后提出了一种以网络内因、外因等指标为输入的评价方法,利用所提出入侵检测算法的输出作为网络性能评价参数,并综合其它变量因素给出了网络性能评价公式。
In confront of large-scale network intrusion detection and increasing intrusion means, single-machine intrusion detection system cannot meet the detection requirement regarding the computing speed and rule storage. Modular neural networks, which decomposed tasks to learn, proposed an efficient solution to this problem. The different segmentation methods, however, limited its application, as it caused varying study effects. Diversity of attack and normal data flow determined that the intrusion detection must apply random or under simple rules segmentation to conduct distributed learning. But the learn result cannot be affected. This research analyzed the network data characterizations and related intelligent learning algorithms, and proposed a new learning method that could greatly reduce sample segmentation relevance, based on the research of network traffic monitoring, network data learning, data integration etc, which could complete task decomposition and integration learning.
In order to support the integrating learning, we also researched the neural network structure optimization problem, enhanced the generalization ability by pruning the useless neurons and further improved the learning effect.
Based on network security related monitoring and detecting content, we proposed a network performance scoring model that could supervise the learning algorithm effect from quantitative point of view reflecting the anti-intrusion and survivor ability of the network.
Detailed content were as followed:
(1)Establish a dynamic network traffic flow monitor system based on ARIMA model
Network traffic flow was abrupt and periodic. Many modeling methods always establish the model as stable flow. We firstly smoothed the traffic flow and extracted the noise information. Then model was established based on ARIMA, in the meantime, a dynamic monitoring system based on the model was established, which could predict the traffic property in the coming hours. Traffic flow was monitored according to traffic characterization where unusual traffic flow could be alerted. This method to some extent, avoided the high false alteration rate that was due to the single threshold setting.
(2) Propose an incremental learning method to multi-classification SVM
The advances in high dimension learning of SVM could solve the incremental learning problem in the data of large-scale network intrusion detection. SVM learning samples were convex quadratic after transforming by kernel function. The commonly used in model recognition was the closer samples from heterogeneous sample, thus ensuring the full partition between the samples and spared the most optimal hyperplane that maximum the distance between the two sample types. Our method utilized the separable property of the samples after kernel transformation, and deserved the edge data cluster as SV, in a certain extent, equivalent of retaining a shell of its cluster with certain thickness. These shells retained much enough SV data for hyperplane calculation within each model, and could significantly reduce the increasing data storage that happen using traditional KKT rule for incremental learning. In the meantime, the shell data choosing applied the Euclidean distance method, which had lower calculation and was easier to achieve. Result showed this method retained enough effective SV, improved the SVM incremental learning speed and accuracy, reduced data storage spaces, and was more suitable for multiple classification SVM incremental learning.
(3) propose integrated learning method based on FCM clustering
Large-scale network intrusion detection was basically to establish a comprehensive detection system that integrated learning result of each module. Although SVM could achieve great learning effect, it also depended upon the sample splitting method . SOM neural network learning benefited from the competition, namely, each winning neuron represented a sample model. The self-organizing clustering property, could further weaken the sample dependence of module learning. As Hebb learning method was introduced, the output differences between winning neurons widened. Therefore, utilize the winning neurons’properties in further vague clustering by FCM during integration method, each module of which was integrated and hereafter achieved modulated neuron network learning algorithm that uses SOM as basic learning method, FCM as the integrating method. From sample primary learning to further integration learning, sample dependence was avoided. In the meantime, while maintaining high accuracy based on SOM, the introduction of FCM could greatly reduce the number of iterations of learning, improving learning efficiency. Result showed this method in distributed intrusion detection system had a better detection rate and low false alarm rate.
(4) propose Kalman fiter-based neural network pruning algorithm
To solve the over-fitting and consequent neural network learning effect decline that commonly happened, we proposed Kalman fiter-based pruning algorithm. The main idea came from classic neural network pruning algorithm OBD, which pruning and removing part of the neurons. Kalman fiter utilized state equation and measurement equation to predict the output changes of neurons and neural network, find out the order of importance, identify the unrelated or negatively related neurons, and prune this part of network node. Unlike the traditional pruning method that introduced punishment during learning procedure, this method focused solely on learning completed neural network, and won’t disturb the learning procedure nor will delay the learning time period. Result showed, this prediction method could implement the pruning of neurons, and could improve the learning accuracy of neural network.
(5) propose a comprehensive method on network
The current anti-intrusion evaluations of network were mostly conducted with respect to network threat and loopholes in the network, with varying parameters and algorithms. In order to establish experimental conditions, the network traffic monitor mentioned above and related intrusion detection algorithm were integrated, and based on multi-factors that contributed to the commonly happened problems, we propose a quantification parameter with intrusion detection result as on of the network performance parameter. The possible influence to network of different intrusion means were set as input parameter. And we gave a performance evaluation equation, which could quantified the network performance and hereafter evaluate the network performance and test intrusion detection result.
引文
[1]James P. Anderson. Computer Security Threat Monitoring and Surveillance [R]. Technical report. James P. Anderson Company, fort Washington, Pennsylvania, 1980.
[2]Denning D E. An Intrusion-Detection Model [C]. IEEE Symp on Security & Privacy, 1986: 118-131.
[3]LT Heberlein, G. Dias, KN Levitt, B. Mukherjee, J. Wbod, D. Wolber. A network security monitor [C]. Proceedings of the 1990 Symposium on Research in Security and Privacy, Oakland. CA, IEEE Computer Society. May 1990:296-303.
[4]S. Cheung, D. Dissertation. An Intrusion Tolerance Approach for Protecting Network Infrastructures [C]. University of California, Davis, September 1999: 104-122.
[5]Ghosh AK, Michael C, Schatz M. A Real-Time Intrusion Detection System Based on Learning Program Behavior [C]. In: Debar H, Wu SF, eds. Recent Advances in Intrusion Detection (RAID 2000). Toulouse: Spinger-Verlag, 2000: 93-109.
[6]Wun-Hwa Chen. Application of SVM and ANN for intrusion detection [J]. Computer & Operations Research. 2005, 32: 2617-2634.
[7]Srinivas Mukkamala et al. Intrusion Detection Using an Ensemble of Intelligent Paradigms [J]. Journal of Network and Computer Applications. 2005, 28: 167-182.
[8]Staniford-Chen S, Cheung S, Crawford R et al. Gr IDS:a graph based intrusion detection system for large networks [C]. Proceedings of the 9th National Information Systems Security Conference, Vol 1. National Institute of Standards and Technology, 1996: 361-370.
[9]Hochberg J, Jackson K, Stallings C et al. NADIR: an automated system for detecting network intrusion and misuse [J]. Computers and Security, 1993, 12(3): 235-248.
[10]White G B, Fisch E A, Pooch U W. Cooperating security managers: a peer-based intrusion detection system [J]. IEEE Network, 1996, 10(1): 20-23.
[11]Forrest S, Hofmeyr S A, Somayaji A. Computer immunology [J]. Communications of the ACM, 1997, 40(10): 88-96.
[12]Anderson D, Frivold T, Valdes A. Next-generation intrusion detection expert system(NIDES) [R]. Techniacal Report SRI-CSL-95-07. Computer Science Laboratory. SRI International, Menlo Park, CA 94025-3493, USA, May 1995.
[13]Porras P A, Neumann P G. EMEMRALD: event monitoring enabling responses to anomalous live disturbances [C]. Proceedings of the 20th National Information Systems Security Conference, National Institute of Standards and Technology, 1997: 183-201.
[14]Jai Sundar Balasubramaniyan, Jose Omar Garcia-Fernandez, Eugene Spa_ord, and Diego Zamboni. An architecture for intrusion detection using autonomous agents [R]. Technical Report 98-05. COAST Laboratory, Purdue University, West Lafayette, IN 47907-1398, May 1998.
[15]Eugene Spa_ord and Diego Zamboni. A framework and prototype for a distributed intrusion detection system [R]. Technical Report 98-06, COAST Laboratory, Purdue University, West Lafayette, IN 47907-1398, May 1998.
[16]E. Spafford, D. Zamboni. New directions for the AAFID architecture [R]. Talk proposal submitted to the Recent Advances in Intrusion Detection 99 Workshop.
[17]Internet Engineering Task Force.“Intrusion diction exchange format requirements”[EB/OL]. http://ww.ietf.org/internet-drafts/draft-ietf-idwgrequirements-02.txt, 1999.
[18]W. Elmenreich, S. Pirzek. The Time-Triggered Sensor Fusion Model [C]. Research Report 13/2001. Proceedings of the 5th IEEE International Conference on Intelligent Engineering Systems Helsinki, September 2001.
[19]Internet Engineering Task Force,“Intrusion detection exchange format data model”[EB/OL], http://www.ietf.org/internet-drafts/draft-ietf-idwgdata-model-03.txt, 1999.
[20]马恒太,蒋建春,陈伟锋,卿斯汉.基于Agent的分布式入侵检测系统模型[J].软件学报, 2000, 11(10):1312-1319.
[21]陈硕,安常青,李学农.分布式入侵检测系统及其认知能力[J].软件学报, 12(2): 225-232.
[22]王锋波,曾昭苏.一种基于多代理技术的分布式入侵检测系统[J].计算机工程与科学, 2000, 22(2):62-65.
[23]戴英侠,连一峰,王航编著.系统安全与入侵检测[M].清华大学出版社,北京, 2002.
[24]王颖,陈松灿,张道强等.模糊k-平面聚类算法[J].模式识别与人工智能, 2007, 20(5): 704-710.
[25]Ng, SK, Mclachlan, GJ, et.al A mixture model with random-effects components for clustering correlated gene-expression profiles [J]. Bioinformatics, 2006, 22(14): 1745-1752.
[26]Sitao Wu, Tommy W.S. Chow. Self-Organizing-Map Based Clustering Using a Local Clustering Validity Index [J]. Neural Processing Letters, 2003, 17(3):279-293.
[27]K. Diamantaras, S. Y. Kung. Principal Component Neural Networks: Theory and Applications [C]. Pattern Analysis & Applications. NY, USA: Wiley, 1996: 1-15.
[28]L. t. Heberlein, G.V. Dias, K.N. Levitt, et al. A Network Security Monitor [C]. In proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1990: 296-304.
[29]M. Rosech. Snort-Lightweight Intrusion Detection for Networks [C]. Proceedings of Usenix Lisa’99 Conf., Usenix. Assoc.,Berkelely, Calif., 1999:43-58.
[30]S. Cheung, K. N. Levitt. Protecting Routing Infrastructures from Denial of Service Using Cooperative Intrusion Detection [C]. Proceedings New Security Paradigms Workshop, Cumbria, U.K. 1997: 125-143.
[31]S. A. Hofineyr, S.Forrest, A.Somayaji. Intrusion Detection Using Sequences of System Call [J]. Journal of Computer Security, 1998, 6: 151-180.
[32]D. Marchette. Computer Intrusion Detection and Network Monitoring [C]. A Statistical Viewpoint, Springer Verlag, 2001: 443-461.
[33]D. J Burroughs, L. F Wilson, G.V.Cybenko. Analysis of Distributed Intrusion Detection Systems Using Bayesian Methods Performance [C]. Proceedings of the 21st IEEE International Computing and Communication Conference, 2002: 329-344.
[34]W Lee. A Data Mining Frame Work for Constructing Features and Models for Intrusion Detection Systems [D]. PhD Thesis, Columbia University, 1999.
[35]D.S. Bauer, F.R. Eichelman, R.M. Herrera, et al. Intrusion Detection: An Application of Expert Systems to Computer Security [C]. Proceeding of International Conference on Security Technology, Oct, 3-5, 1989: 97-100.
[36]V. Paxon. Bro. A System for Detection Network Intruders in Real-time [C]. Proceedingof the 7th USENIX Security Symposium, San Antonio, TX, 1998: 255-284.
[37]P. K. Karmer, P.D. Williams, G.H. Gunsch, et al. An Artificial Immune System Architecture for Computer Security Applications [J]. IEEE Transactions on Evolutionary Computation, 2003, 6(3): 252-280.
[38]Gao MeiMei, Zhou MengChu. Fuzzy Intrusion Detection Based on Fuzzy Reasoning Petri Nets [J]. IEEE International Conference on Svstems. Man and Cvbernetics. 2003, 2: 1272-1277.
[39]N. Ye. A Markov Chain Model of Temporal Behavior for Anomaly Detection [C]. Proceedings of the IEEE Systems, Man, Cybernetics Information Assurance and Security Workshop, 2000: 118-146.
[40]Gao Fei, Sun Jizhou, Wei Zunce. The Prediction Role of Hidden Markov Model in Intrusion Detection [J]. Electrical and Computer Engineering, 2003, 2: 893-896.
[41]Dong Yongle, Qian Jun, Shi Meilin. A Cooperative Intrusion Detection System Based on Autonomous Agents [J]. Electrical and Computer Engineering, 2003: .
[42]J.Barrus, N.C. Rowe. ADistributed Autonomous-Agent Network Intrusion Detection and Response System [J]. Command and Control Research and Technology Symposium, 1998: 577-586.
[43]Kruegel C, Mutz D, Robertson W,et al. Bayesian event classification for intrusion detection [C]. Proc of the 19th Annual Computer Security Applications Conference (ACSAC). Los Alamitos, USA:IEEE Computer Society Press, 2003: 14-23.
[44]Kim G H, Spafford E H. Experiences with tripwire: Using integrity checkers for intrusion detection [R]. West Lafayette, USA: Purdue University, Department of Computer Sciences, 1994.
[45]Lee W, Stolfo S J, Chan P K, et al. Real time data mining-based intrusion detection [C]. Proceeding of 2nd DARPA Information Survivability Conference and Exposition (DISCEX). Los Alamitos, USA: IEEE Computer Society Press, 2001: 89-100.
[46]周志华,曹存根.神经网络及其应用[M].清华大学出版社,北京, 2004.9.
[47]Hansen L, Salamon P. Neural network ensembles [J]. IEEE trans on Pattern Analysis and Machine Intelligence, 1990, 12(10): 993-1001.
[48]Osherson D N Weinstein S Stoli M. Modular learning [M]. 1990.
[49]KDDCUP99 [EB/OL]. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[50]Tsybakov B. Self-similar Process in Communications Networks [J]. IEEE Trans on Information Theory, 1998, 44(5): 1713-1725.
[51]Ma S. Traffic Modeling and Analysis [D]. New York: Dept of Electrical Computer and Systems Eng, Rensselaer Polytechnic Inst, 1998.
[52]Vern Paxon and Sally Floyd.Wide-Area Traffic:The Failure of Poisson Modeling [J]. IEEE Acm Transaction on Networking, 1995, 3(3): 226-224.
[53]Basu S, Mukherjee A. Time series models for internet traffic [R]. Technical Report GIT-CC-95-27, Georgia Institure of Technology, 1996.
[54]Rudolf H R, Matthew S C, Vinay J R, Richard G B. A multifractal wavelet model with application to network traffic [J]. IEEE Transactions on Information Theory, Apr.1999, 45(3): 992-1018.
[55]程光,龚俭.大规模网络流量宏观行为周期性分析研究[J].小型微型计算机系统, 2003, 24(6): 991-994.
[56]丛锁,韩良秀,刘岩.基于离散小波变换的网络流量多重分形模型[J].通信学报, 2003, 24(5): 43-48.
[57]程光,龚俭,丁伟.基于小波的网络流量分解模型[J].小型微型计算机系统, 2005, 26(3): 400-403.
[58]Shi, X.H., Liang, Y.C., Lee, H.P., Lin, W.Z., Xu,X., Lim, S.P.. Improved Elman networks and applications for controlling ultrasonic motors [J]. Applied Artificial Intelligence, 2004, 18: 603-629.
[59]王攀,苏智,冯珊.局部回归Elman网络学习算法的注记[J].武汉理土大学学报, 2002, 2: 14-15.
[60]金旗,裴昌幸,朱畅华. ARIMA模型法分析网络流量[J].西安电子科技大学学报(自然科学版), 2003, 30(1): 6-10.
[61]韩良秀,丛锁,阎华,等.基于小波技术的网络流量特性刻画[J].小型微型计算机系统, 2001, 22(9): 1110-1113.
[62]李国勇.智能控制及其MATLAB实现[M].电子工业出版社,北京, 2005.5.
[63]Cortes C, Vapnik V. Support Vector Networks [J]. Machine Learning. 1995, (20): 273-297.
[64]Osunna E, Freund R, Firosi. An Improved Training Algorithm for Support Vector Machines [C]. Proceedings of the 1997 IEEE Workshop on Neural Networks for Signal Processing, New York, 1997: 276-285.
[65]E. Osunna, R Freund , E Girosi. Training support vector machines:An application to face detection [C]. In Proc. CVPR(Conference on Computer Vision and Pattern Recognition)’97, 1997.
[66]VAPNIK V. The Nature of Statistical Learning Theory [C]. New York: Springer-Verlag, 1995: 326-328.
[67]SYED N,LIU H, SUNG K. Handling Incremental learning with support Vector machines [C]. Workshop on Support Vector Machines At the International Joint Conference on Artificial Intelligence(i-ICAI99). Stockholm, Sweden: Morgan Kaufmann, 1999: 458-462.
[68]萧嵘,王继成,孙正兴等.一种SVM增量学习算法α-ISVM [J].软件学报. 2001, 12(12): 1818-1824.
[69]Cauwenberghs G, Poggio T. Incremental and Decremental Support Vector Machines [J]. Machines Learning, 2001, 44(13): 409-415.
[70]Ralaivola L, d’Alch-Buc F. Incremental Support Vector Machine Learning [J]. A Local Approach. Proc of ICANN’01. Vienna, Austria Springer, 2001: 322-330.
[71]R. Fletcher, Practical Methods of Optimization [R]. John Wiley and Sons, New York, second edition, 1987.
[72]陶亮.基于活跃集迭代法的支持向量机快速增量算法[J].系统仿真学报, 2006, 18(11): 3305-3312.
[73]杨涛,谢剑英.一种片率增量SVM多用户检测器算法仿真研究[J].系统仿真学报, 2004, 16(10): 2185-2188.
[74]S. KNERR, L. PERSONNAZ, G. DREYFUS. Single-layer learning revisited: A stepwise procedure for building and training a neural network [J]. Neurocomputing: algorithms, architectures and applications. New York:Springer-Verlag, 1999: 667-670.
[75]李东晖,杜树新,吴铁军.基于壳向量的线性支持向量机快速增量学习算法[J].浙江大学学报(工学版), 2006, 40(2): 203-207.
[76]普雷帕拉塔,沙莫斯.计算几何导论.庄心谷译[M].科学出版社,北京, 1990: 183-187.
[77]邓乃扬,田英杰.数据挖掘中的新方法—支持向量机[M].科学出版社,北京, 2004.
[78]王瑞平,陈杰,山世光等.基于支持向量机的人脸检测训练集增强[J].软件学报, 2008, 19(11): 2921-2931.
[79]武方方,赵银亮.基于尺度核函数的最小二乘支持向量机[J].模式识别与人工智能, 2006, 19(5): 598-603.
[80]ESKIN E, ARNOLD A, PRERAU M, et al. A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data [C]. Applications of data mining in computer security, New York:Kluwer, 2002.
[81]Wanas N, Kamel M S. Feature-based decision aggregation in modular neural network classifiers [J]. Pattern Recognition Letters, 1999, 20(11): 1353-1359.
[82]凌卫新,郑启伦.基于梯度的并行协作模块化神经网络体系结构[J].计算机学报, 2004, 9: 1256-1263.
[83]Littlestone N, Warmuth M K. The weighted majority algonithm [J]. Information and Computation, 1994, 108(2): 212-261.
[84]Chan P K,Stolfo S J. One the accuracy of meta-learning for scalable data mining [J]. Journal of Intelligent Information Systems, 1997, 8(1): 5-28.
[85]Merz C J. Using correspondence analysis to combine classifiers [J]. Machine Learning, 1999, 36(1): 33-58.
[86]Wang Na, Shen Dongri.eg. Fault Diagnosis problem by using neural network based on data fusion [C]. 2004 Chinese Control and Decision Conference, 2004: 612-614.
[87]Chan P K, Fan W,eg. Distributed data mining in credit card fraud detection [J]. IEEE Intelligent Systems, 1999,14(6): 67-74.
[88]Hall L O, Chawla N, Bowyer K W. Dicision tree learning on very large data sets [C]. Proceedings of the IEEE SMC Conference. San Diego, California, 1998: 2579-2584.
[89]Amado N, Gama J,Sliva F. Parallel implementation of decision tree learning algorithms [C]. Proceedings of the 10th Portuguess Conference on artificial Intelligence. Proto Protugal, 2001: 6-13.
[90]Todorovski L Dzeroski S. Combining classifiers with meta decision trees [J]. MachineLearning, 2003, 50(3): 223-249.
[91]Wang Jiayang, Wang Guoren. Decision fusion of redundant knowledge based on rough set [J]. Control and Decision, 2007, 6: 657-662.
[92]T. Kohonen. Automatic Formation of Topological Maps in Self-Organizing system [C]. Proceeding of the 2nd Scandinavian Conf. Image Analysis, 1981: 214-220.
[93]Hebb, D.O., Penfield, W. Human behaviour after extensive bilateral removal from the frontal lobes [J], Archives of Neurology and Psychiatry, 1940, 44: 421-436.
[94]J. C. Dunn. A Fuzzy Relative of the ISODATA Process and Its Use in Detecting Compact Well-Separated Clusters [J]. Journal of Cybernetics, 1973, 3: 32-57.
[95]韩力群.人工神经网络教程[M].北京邮电大学出版社,北京, 2006.
[96]Pal N R,Bezdek J C.On clustering for the fuzzy c-means model [J]. IEEE Trans FS, 1995, 3(3): 370-379.
[97]Folino G, Pizzuti C, Spezzano G.GP ensemble for distributed intrusion detection systems [C]. Singh S, ed. Proc. of the 3rd Int’l Conf. on Advanced in Pattern Recognition.
[98]Yann Le Cun. Optimal Brain Damage [C]. Advances in Neural Information Process- ing Systems, 1990, 2: 598-605.
[99]Rudy Setiono. A penalty-function approach for pruning feedforward neural networks [J]. Neural Computation, Jan.1, 1997.
[100]Adam Gaweda. Neural Network Pruning for Function Approximation [C]. Proceed- ings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN’00), July, 2000.
[101]刘英敏等.使用最小二乘法减少神经网络的隐单元[J].北京理工大学学报, 2000, 6: 223-245.
[102]费芸洁等.一种基于灵敏度分析的神经网络剪枝方法[J].计算机工程与应用, 2007, 7: 28-30.
[103]吴建昱,何小荣. DOBD Algorithm for Training Neural Network: Part I. Method [J].过程工程学报, 2002, 2: 1-7.
[104]吴建昱,何小荣. DOBD Algorithm for Training Neural Network: Part II. Application [J].过程工程学报, 2002, 2: 1-8.
[105]Ortalo R, Deswarte Y, Kaaniche M. Experimenting with quantitative evaluation tools formonitoring operational security [J]. IEEE Trans. On Software Engineering, 1999, 25(5): 633-651.
[106]肖道举,杨素娟,周开锋,陈晓苏.网络安全评估模型研究[J].华中科技大学学报(自然科学版), 2002, 30(4): 37-39.
[107]冯登国,张阳,张玉清.信息安全风险评估综述[J].通信学报, 2004, 25(7): 10-18.
[108]赵冬梅,刘海峰,刘晨光.基于BP神经网络的信息安全风险评估[J].计算机工程与应用, 2007, 43(1): 139-141.
[109]任伟,蒋兴浩,孙炎锋.基于RBF神经网络的网络安全态势预测方法[J].计算机工程与应用, 2006, 31: 136-138.
[110]王永杰,鲜明,刘进,王国玉.基于攻击图模型的网络安全评估研究[J].通信学报, 2007.3, 28(3): 29-34.
[111]邢栩嘉,林闯,蒋屹新.计算机系统脆弱性评估研究[J].计算机学报, 2004.1, 27(1): 1-11.
[112]宋瑞,邓宝.神经元网络在安全评价中的应用[J].中国安全科学学报, 2005.3, 15(3): 78-81.
[113]张永铮,方滨兴,迟悦,云晓春.网络风险评估中网络节点关联性的研究[J].计算机学报, 2007.2, 30(2): 234-240.
[114]陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法[J].软件学报, 2006.4, 17(4): 885-897.
[115]CVE. Common Vulnerabilities and Exposures [EB/OL]. http://www.cve.mitre.org/. 2008.
[116]Bugtraq [EB/OL]. http://www.securityfocus.com/.2008.
[2]Denning D E. An Intrusion-Detection Model [C]. IEEE Symp on Security & Privacy, 1986: 118-131.
[3]LT Heberlein, G. Dias, KN Levitt, B. Mukherjee, J. Wbod, D. Wolber. A network security monitor [C]. Proceedings of the 1990 Symposium on Research in Security and Privacy, Oakland. CA, IEEE Computer Society. May 1990:296-303.
[4]S. Cheung, D. Dissertation. An Intrusion Tolerance Approach for Protecting Network Infrastructures [C]. University of California, Davis, September 1999: 104-122.
[5]Ghosh AK, Michael C, Schatz M. A Real-Time Intrusion Detection System Based on Learning Program Behavior [C]. In: Debar H, Wu SF, eds. Recent Advances in Intrusion Detection (RAID 2000). Toulouse: Spinger-Verlag, 2000: 93-109.
[6]Wun-Hwa Chen. Application of SVM and ANN for intrusion detection [J]. Computer & Operations Research. 2005, 32: 2617-2634.
[7]Srinivas Mukkamala et al. Intrusion Detection Using an Ensemble of Intelligent Paradigms [J]. Journal of Network and Computer Applications. 2005, 28: 167-182.
[8]Staniford-Chen S, Cheung S, Crawford R et al. Gr IDS:a graph based intrusion detection system for large networks [C]. Proceedings of the 9th National Information Systems Security Conference, Vol 1. National Institute of Standards and Technology, 1996: 361-370.
[9]Hochberg J, Jackson K, Stallings C et al. NADIR: an automated system for detecting network intrusion and misuse [J]. Computers and Security, 1993, 12(3): 235-248.
[10]White G B, Fisch E A, Pooch U W. Cooperating security managers: a peer-based intrusion detection system [J]. IEEE Network, 1996, 10(1): 20-23.
[11]Forrest S, Hofmeyr S A, Somayaji A. Computer immunology [J]. Communications of the ACM, 1997, 40(10): 88-96.
[12]Anderson D, Frivold T, Valdes A. Next-generation intrusion detection expert system(NIDES) [R]. Techniacal Report SRI-CSL-95-07. Computer Science Laboratory. SRI International, Menlo Park, CA 94025-3493, USA, May 1995.
[13]Porras P A, Neumann P G. EMEMRALD: event monitoring enabling responses to anomalous live disturbances [C]. Proceedings of the 20th National Information Systems Security Conference, National Institute of Standards and Technology, 1997: 183-201.
[14]Jai Sundar Balasubramaniyan, Jose Omar Garcia-Fernandez, Eugene Spa_ord, and Diego Zamboni. An architecture for intrusion detection using autonomous agents [R]. Technical Report 98-05. COAST Laboratory, Purdue University, West Lafayette, IN 47907-1398, May 1998.
[15]Eugene Spa_ord and Diego Zamboni. A framework and prototype for a distributed intrusion detection system [R]. Technical Report 98-06, COAST Laboratory, Purdue University, West Lafayette, IN 47907-1398, May 1998.
[16]E. Spafford, D. Zamboni. New directions for the AAFID architecture [R]. Talk proposal submitted to the Recent Advances in Intrusion Detection 99 Workshop.
[17]Internet Engineering Task Force.“Intrusion diction exchange format requirements”[EB/OL]. http://ww.ietf.org/internet-drafts/draft-ietf-idwgrequirements-02.txt, 1999.
[18]W. Elmenreich, S. Pirzek. The Time-Triggered Sensor Fusion Model [C]. Research Report 13/2001. Proceedings of the 5th IEEE International Conference on Intelligent Engineering Systems Helsinki, September 2001.
[19]Internet Engineering Task Force,“Intrusion detection exchange format data model”[EB/OL], http://www.ietf.org/internet-drafts/draft-ietf-idwgdata-model-03.txt, 1999.
[20]马恒太,蒋建春,陈伟锋,卿斯汉.基于Agent的分布式入侵检测系统模型[J].软件学报, 2000, 11(10):1312-1319.
[21]陈硕,安常青,李学农.分布式入侵检测系统及其认知能力[J].软件学报, 12(2): 225-232.
[22]王锋波,曾昭苏.一种基于多代理技术的分布式入侵检测系统[J].计算机工程与科学, 2000, 22(2):62-65.
[23]戴英侠,连一峰,王航编著.系统安全与入侵检测[M].清华大学出版社,北京, 2002.
[24]王颖,陈松灿,张道强等.模糊k-平面聚类算法[J].模式识别与人工智能, 2007, 20(5): 704-710.
[25]Ng, SK, Mclachlan, GJ, et.al A mixture model with random-effects components for clustering correlated gene-expression profiles [J]. Bioinformatics, 2006, 22(14): 1745-1752.
[26]Sitao Wu, Tommy W.S. Chow. Self-Organizing-Map Based Clustering Using a Local Clustering Validity Index [J]. Neural Processing Letters, 2003, 17(3):279-293.
[27]K. Diamantaras, S. Y. Kung. Principal Component Neural Networks: Theory and Applications [C]. Pattern Analysis & Applications. NY, USA: Wiley, 1996: 1-15.
[28]L. t. Heberlein, G.V. Dias, K.N. Levitt, et al. A Network Security Monitor [C]. In proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1990: 296-304.
[29]M. Rosech. Snort-Lightweight Intrusion Detection for Networks [C]. Proceedings of Usenix Lisa’99 Conf., Usenix. Assoc.,Berkelely, Calif., 1999:43-58.
[30]S. Cheung, K. N. Levitt. Protecting Routing Infrastructures from Denial of Service Using Cooperative Intrusion Detection [C]. Proceedings New Security Paradigms Workshop, Cumbria, U.K. 1997: 125-143.
[31]S. A. Hofineyr, S.Forrest, A.Somayaji. Intrusion Detection Using Sequences of System Call [J]. Journal of Computer Security, 1998, 6: 151-180.
[32]D. Marchette. Computer Intrusion Detection and Network Monitoring [C]. A Statistical Viewpoint, Springer Verlag, 2001: 443-461.
[33]D. J Burroughs, L. F Wilson, G.V.Cybenko. Analysis of Distributed Intrusion Detection Systems Using Bayesian Methods Performance [C]. Proceedings of the 21st IEEE International Computing and Communication Conference, 2002: 329-344.
[34]W Lee. A Data Mining Frame Work for Constructing Features and Models for Intrusion Detection Systems [D]. PhD Thesis, Columbia University, 1999.
[35]D.S. Bauer, F.R. Eichelman, R.M. Herrera, et al. Intrusion Detection: An Application of Expert Systems to Computer Security [C]. Proceeding of International Conference on Security Technology, Oct, 3-5, 1989: 97-100.
[36]V. Paxon. Bro. A System for Detection Network Intruders in Real-time [C]. Proceedingof the 7th USENIX Security Symposium, San Antonio, TX, 1998: 255-284.
[37]P. K. Karmer, P.D. Williams, G.H. Gunsch, et al. An Artificial Immune System Architecture for Computer Security Applications [J]. IEEE Transactions on Evolutionary Computation, 2003, 6(3): 252-280.
[38]Gao MeiMei, Zhou MengChu. Fuzzy Intrusion Detection Based on Fuzzy Reasoning Petri Nets [J]. IEEE International Conference on Svstems. Man and Cvbernetics. 2003, 2: 1272-1277.
[39]N. Ye. A Markov Chain Model of Temporal Behavior for Anomaly Detection [C]. Proceedings of the IEEE Systems, Man, Cybernetics Information Assurance and Security Workshop, 2000: 118-146.
[40]Gao Fei, Sun Jizhou, Wei Zunce. The Prediction Role of Hidden Markov Model in Intrusion Detection [J]. Electrical and Computer Engineering, 2003, 2: 893-896.
[41]Dong Yongle, Qian Jun, Shi Meilin. A Cooperative Intrusion Detection System Based on Autonomous Agents [J]. Electrical and Computer Engineering, 2003: .
[42]J.Barrus, N.C. Rowe. ADistributed Autonomous-Agent Network Intrusion Detection and Response System [J]. Command and Control Research and Technology Symposium, 1998: 577-586.
[43]Kruegel C, Mutz D, Robertson W,et al. Bayesian event classification for intrusion detection [C]. Proc of the 19th Annual Computer Security Applications Conference (ACSAC). Los Alamitos, USA:IEEE Computer Society Press, 2003: 14-23.
[44]Kim G H, Spafford E H. Experiences with tripwire: Using integrity checkers for intrusion detection [R]. West Lafayette, USA: Purdue University, Department of Computer Sciences, 1994.
[45]Lee W, Stolfo S J, Chan P K, et al. Real time data mining-based intrusion detection [C]. Proceeding of 2nd DARPA Information Survivability Conference and Exposition (DISCEX). Los Alamitos, USA: IEEE Computer Society Press, 2001: 89-100.
[46]周志华,曹存根.神经网络及其应用[M].清华大学出版社,北京, 2004.9.
[47]Hansen L, Salamon P. Neural network ensembles [J]. IEEE trans on Pattern Analysis and Machine Intelligence, 1990, 12(10): 993-1001.
[48]Osherson D N Weinstein S Stoli M. Modular learning [M]. 1990.
[49]KDDCUP99 [EB/OL]. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[50]Tsybakov B. Self-similar Process in Communications Networks [J]. IEEE Trans on Information Theory, 1998, 44(5): 1713-1725.
[51]Ma S. Traffic Modeling and Analysis [D]. New York: Dept of Electrical Computer and Systems Eng, Rensselaer Polytechnic Inst, 1998.
[52]Vern Paxon and Sally Floyd.Wide-Area Traffic:The Failure of Poisson Modeling [J]. IEEE Acm Transaction on Networking, 1995, 3(3): 226-224.
[53]Basu S, Mukherjee A. Time series models for internet traffic [R]. Technical Report GIT-CC-95-27, Georgia Institure of Technology, 1996.
[54]Rudolf H R, Matthew S C, Vinay J R, Richard G B. A multifractal wavelet model with application to network traffic [J]. IEEE Transactions on Information Theory, Apr.1999, 45(3): 992-1018.
[55]程光,龚俭.大规模网络流量宏观行为周期性分析研究[J].小型微型计算机系统, 2003, 24(6): 991-994.
[56]丛锁,韩良秀,刘岩.基于离散小波变换的网络流量多重分形模型[J].通信学报, 2003, 24(5): 43-48.
[57]程光,龚俭,丁伟.基于小波的网络流量分解模型[J].小型微型计算机系统, 2005, 26(3): 400-403.
[58]Shi, X.H., Liang, Y.C., Lee, H.P., Lin, W.Z., Xu,X., Lim, S.P.. Improved Elman networks and applications for controlling ultrasonic motors [J]. Applied Artificial Intelligence, 2004, 18: 603-629.
[59]王攀,苏智,冯珊.局部回归Elman网络学习算法的注记[J].武汉理土大学学报, 2002, 2: 14-15.
[60]金旗,裴昌幸,朱畅华. ARIMA模型法分析网络流量[J].西安电子科技大学学报(自然科学版), 2003, 30(1): 6-10.
[61]韩良秀,丛锁,阎华,等.基于小波技术的网络流量特性刻画[J].小型微型计算机系统, 2001, 22(9): 1110-1113.
[62]李国勇.智能控制及其MATLAB实现[M].电子工业出版社,北京, 2005.5.
[63]Cortes C, Vapnik V. Support Vector Networks [J]. Machine Learning. 1995, (20): 273-297.
[64]Osunna E, Freund R, Firosi. An Improved Training Algorithm for Support Vector Machines [C]. Proceedings of the 1997 IEEE Workshop on Neural Networks for Signal Processing, New York, 1997: 276-285.
[65]E. Osunna, R Freund , E Girosi. Training support vector machines:An application to face detection [C]. In Proc. CVPR(Conference on Computer Vision and Pattern Recognition)’97, 1997.
[66]VAPNIK V. The Nature of Statistical Learning Theory [C]. New York: Springer-Verlag, 1995: 326-328.
[67]SYED N,LIU H, SUNG K. Handling Incremental learning with support Vector machines [C]. Workshop on Support Vector Machines At the International Joint Conference on Artificial Intelligence(i-ICAI99). Stockholm, Sweden: Morgan Kaufmann, 1999: 458-462.
[68]萧嵘,王继成,孙正兴等.一种SVM增量学习算法α-ISVM [J].软件学报. 2001, 12(12): 1818-1824.
[69]Cauwenberghs G, Poggio T. Incremental and Decremental Support Vector Machines [J]. Machines Learning, 2001, 44(13): 409-415.
[70]Ralaivola L, d’Alch-Buc F. Incremental Support Vector Machine Learning [J]. A Local Approach. Proc of ICANN’01. Vienna, Austria Springer, 2001: 322-330.
[71]R. Fletcher, Practical Methods of Optimization [R]. John Wiley and Sons, New York, second edition, 1987.
[72]陶亮.基于活跃集迭代法的支持向量机快速增量算法[J].系统仿真学报, 2006, 18(11): 3305-3312.
[73]杨涛,谢剑英.一种片率增量SVM多用户检测器算法仿真研究[J].系统仿真学报, 2004, 16(10): 2185-2188.
[74]S. KNERR, L. PERSONNAZ, G. DREYFUS. Single-layer learning revisited: A stepwise procedure for building and training a neural network [J]. Neurocomputing: algorithms, architectures and applications. New York:Springer-Verlag, 1999: 667-670.
[75]李东晖,杜树新,吴铁军.基于壳向量的线性支持向量机快速增量学习算法[J].浙江大学学报(工学版), 2006, 40(2): 203-207.
[76]普雷帕拉塔,沙莫斯.计算几何导论.庄心谷译[M].科学出版社,北京, 1990: 183-187.
[77]邓乃扬,田英杰.数据挖掘中的新方法—支持向量机[M].科学出版社,北京, 2004.
[78]王瑞平,陈杰,山世光等.基于支持向量机的人脸检测训练集增强[J].软件学报, 2008, 19(11): 2921-2931.
[79]武方方,赵银亮.基于尺度核函数的最小二乘支持向量机[J].模式识别与人工智能, 2006, 19(5): 598-603.
[80]ESKIN E, ARNOLD A, PRERAU M, et al. A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data [C]. Applications of data mining in computer security, New York:Kluwer, 2002.
[81]Wanas N, Kamel M S. Feature-based decision aggregation in modular neural network classifiers [J]. Pattern Recognition Letters, 1999, 20(11): 1353-1359.
[82]凌卫新,郑启伦.基于梯度的并行协作模块化神经网络体系结构[J].计算机学报, 2004, 9: 1256-1263.
[83]Littlestone N, Warmuth M K. The weighted majority algonithm [J]. Information and Computation, 1994, 108(2): 212-261.
[84]Chan P K,Stolfo S J. One the accuracy of meta-learning for scalable data mining [J]. Journal of Intelligent Information Systems, 1997, 8(1): 5-28.
[85]Merz C J. Using correspondence analysis to combine classifiers [J]. Machine Learning, 1999, 36(1): 33-58.
[86]Wang Na, Shen Dongri.eg. Fault Diagnosis problem by using neural network based on data fusion [C]. 2004 Chinese Control and Decision Conference, 2004: 612-614.
[87]Chan P K, Fan W,eg. Distributed data mining in credit card fraud detection [J]. IEEE Intelligent Systems, 1999,14(6): 67-74.
[88]Hall L O, Chawla N, Bowyer K W. Dicision tree learning on very large data sets [C]. Proceedings of the IEEE SMC Conference. San Diego, California, 1998: 2579-2584.
[89]Amado N, Gama J,Sliva F. Parallel implementation of decision tree learning algorithms [C]. Proceedings of the 10th Portuguess Conference on artificial Intelligence. Proto Protugal, 2001: 6-13.
[90]Todorovski L Dzeroski S. Combining classifiers with meta decision trees [J]. MachineLearning, 2003, 50(3): 223-249.
[91]Wang Jiayang, Wang Guoren. Decision fusion of redundant knowledge based on rough set [J]. Control and Decision, 2007, 6: 657-662.
[92]T. Kohonen. Automatic Formation of Topological Maps in Self-Organizing system [C]. Proceeding of the 2nd Scandinavian Conf. Image Analysis, 1981: 214-220.
[93]Hebb, D.O., Penfield, W. Human behaviour after extensive bilateral removal from the frontal lobes [J], Archives of Neurology and Psychiatry, 1940, 44: 421-436.
[94]J. C. Dunn. A Fuzzy Relative of the ISODATA Process and Its Use in Detecting Compact Well-Separated Clusters [J]. Journal of Cybernetics, 1973, 3: 32-57.
[95]韩力群.人工神经网络教程[M].北京邮电大学出版社,北京, 2006.
[96]Pal N R,Bezdek J C.On clustering for the fuzzy c-means model [J]. IEEE Trans FS, 1995, 3(3): 370-379.
[97]Folino G, Pizzuti C, Spezzano G.GP ensemble for distributed intrusion detection systems [C]. Singh S, ed. Proc. of the 3rd Int’l Conf. on Advanced in Pattern Recognition.
[98]Yann Le Cun. Optimal Brain Damage [C]. Advances in Neural Information Process- ing Systems, 1990, 2: 598-605.
[99]Rudy Setiono. A penalty-function approach for pruning feedforward neural networks [J]. Neural Computation, Jan.1, 1997.
[100]Adam Gaweda. Neural Network Pruning for Function Approximation [C]. Proceed- ings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN’00), July, 2000.
[101]刘英敏等.使用最小二乘法减少神经网络的隐单元[J].北京理工大学学报, 2000, 6: 223-245.
[102]费芸洁等.一种基于灵敏度分析的神经网络剪枝方法[J].计算机工程与应用, 2007, 7: 28-30.
[103]吴建昱,何小荣. DOBD Algorithm for Training Neural Network: Part I. Method [J].过程工程学报, 2002, 2: 1-7.
[104]吴建昱,何小荣. DOBD Algorithm for Training Neural Network: Part II. Application [J].过程工程学报, 2002, 2: 1-8.
[105]Ortalo R, Deswarte Y, Kaaniche M. Experimenting with quantitative evaluation tools formonitoring operational security [J]. IEEE Trans. On Software Engineering, 1999, 25(5): 633-651.
[106]肖道举,杨素娟,周开锋,陈晓苏.网络安全评估模型研究[J].华中科技大学学报(自然科学版), 2002, 30(4): 37-39.
[107]冯登国,张阳,张玉清.信息安全风险评估综述[J].通信学报, 2004, 25(7): 10-18.
[108]赵冬梅,刘海峰,刘晨光.基于BP神经网络的信息安全风险评估[J].计算机工程与应用, 2007, 43(1): 139-141.
[109]任伟,蒋兴浩,孙炎锋.基于RBF神经网络的网络安全态势预测方法[J].计算机工程与应用, 2006, 31: 136-138.
[110]王永杰,鲜明,刘进,王国玉.基于攻击图模型的网络安全评估研究[J].通信学报, 2007.3, 28(3): 29-34.
[111]邢栩嘉,林闯,蒋屹新.计算机系统脆弱性评估研究[J].计算机学报, 2004.1, 27(1): 1-11.
[112]宋瑞,邓宝.神经元网络在安全评价中的应用[J].中国安全科学学报, 2005.3, 15(3): 78-81.
[113]张永铮,方滨兴,迟悦,云晓春.网络风险评估中网络节点关联性的研究[J].计算机学报, 2007.2, 30(2): 234-240.
[114]陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法[J].软件学报, 2006.4, 17(4): 885-897.
[115]CVE. Common Vulnerabilities and Exposures [EB/OL]. http://www.cve.mitre.org/. 2008.
[116]Bugtraq [EB/OL]. http://www.securityfocus.com/.2008.