基于扩展D-S证据融合算法的网络异常入侵检测研究
|
摘要
计算机网络的广泛应用和黑客攻击的频繁出现使得人们更加关注网络安全问题。入侵检测技术作为保障计算机和网络安全的重要手段,成为近年来网络安全领域的研究热点。随着攻击手段的复杂化和网络规模的发展,基于网络的入侵检测越来越发挥更大的作用。网络入侵检测系统通过执行监测、预警、识别、决策和响应等一系列任务,完成网络对抗过程的重要功能,已经成为网络安全系统工程的重要组成部分。
目前,网络异常入侵检测仍然是入侵检测研究领域的热点和难点,存在着检测率不够高、检测范围不够全面、检测效率不能满足大规模高速网络实时检测的要求等问题。在无人指导的网络异常入侵检测领域,基于D-S证据理论的网络异常入侵检测技术已经吸引了国内外诸多学者的研究,但大都停留在应用经典的D-S证据理论对网络特征数据进行融合;然而网络数据不可避免地存在冲突,经典D-S证据理论对存在严重冲突的证据进行融合时却不能得到合理的结果,因此会导致检测系统的误报率和漏报率较高等问题。
本文结合经典的Dempster-Shafer证据理论和Fabio等提出的扩展D-S证据融合理论,提出一种证据融合算法EDS。该算法可实时地对大量存在严重冲突的证据进行融合并能够得到更加合理的结论;在两互斥目标的辨识框架下,该算法的时间复杂度仅为O(n),具有较高的融合效率,可应用于网络实时检测。鉴于此,本文将EDS融合算法应用于网络入侵检测,针对目前网络异常检测的不足,提出一种实时网络异常入侵检测模型。该模型对存在严重冲突的网络数据进行融合后能够获得较为合理的结果,从而降低模型系统的误报率和漏报率;同时该模型检测算法效率较高,可适用于大规模网络实时检测,并具有较大的检测范围。该模型属于无人指导的网络异常检测范畴,利用统计特征的期望偏方差确定基本概率分配函数,使用显著特征粗集分类机制降低融合严重冲突数据的频率来提高特征学习的准确性;同时采用数据区分度机制来实时反映网络流量特征,以提高模型系统的检测率。
最后通过UCI WBCD小维数据集和KDD Cupl999多维数据集的实验表明,该模型检测引擎基于有限维数据特征就能够在较低算法复杂度和较低误报率的前提下达到较高的检测率,具有实时检测的能力和良好的可扩展性,并对新型攻击有一定的免疫力。
With the development of computer networks and the popularization of their applications, more attentions have been paid on the computer sercurity problems. As an important tool assuring computer and networks security, intrusion detection technology has become a hot researching point in recent years. With the complexity of the attacks and the development of networks scale, network-based intrusion detection plays increasingly a more important role in detecting intrusions. Network intrusion detection system (Abbr. NIDS), which performs a series of tasks including monitoring, early warning, identification, decision-making and response, can complete the important functions of network system confrontation. It is an important component of network security systematic project.
At present, network anomaly intrusion detection is still of active and difficult field in the research of intrusion detection. However, it has not been widely used in practice due to some issues, which includes lower detecting rate, limited detecting range and lack of performing real-time intrusion detection in large and high speed networks. Network anomaly intrusion detection technology based on Dempster-Shafer(Abbr. D-S) evidence theory, which is of unsupervised network intrusion detection, has attracted lots of researchers. But most of them stay in the application of the classical D-S evidence theory which indeed can not make better fusions for some severely conflicted networks data so that it results in higher false alarm rate and higher omitted alarm rate.
Based on the classical D-S evidence theory and an extended D-S evidence fusion theory proposed by Fabio et al, this paper presents a novel evidence fusion algorithm named EDS which can finish better evidence fusions for severely conflicted data so as to get more reasonable results. The time complexity of EDS is only of O(n) so that it can be applied to real-time detection because of its short excution cycle. Following this EDS is imported into NIDS and then a real-time NEDS model is advanced based on it. The Model can get more reasonable conclusions for severely conflicted networks data so that it reduces false alarm rate and omitted alarm rate. Besides it has a wide range of intrusion detection and can be adapted for real-time network detection. It is of unsupervised network anomaly detector which defines the probability assignment function based on the deviation from expected variance of statistical characteristics. In addition, a rough sets'classification mechanism of light-remarkable features is produced to ruduce the frequency of the severely conflicted network data and to enhance the accuracy of feature learning process. A self-adaptive mechanism based on the data distinction is also proposed to reflect the real status of networks data flows.
Finally, according to the result of the experiments with UCI WBCD few-dimensional dataset and KDD Cup1999 multi -dimensional dataset, it shows that the detecting engine of the model can achive higher detection rate with several selected features under the premise of lower computational complexity and lower false alarm rate. Furthermore, it can be applied to real-time detection and immune from new pattern intrusions.
目前,网络异常入侵检测仍然是入侵检测研究领域的热点和难点,存在着检测率不够高、检测范围不够全面、检测效率不能满足大规模高速网络实时检测的要求等问题。在无人指导的网络异常入侵检测领域,基于D-S证据理论的网络异常入侵检测技术已经吸引了国内外诸多学者的研究,但大都停留在应用经典的D-S证据理论对网络特征数据进行融合;然而网络数据不可避免地存在冲突,经典D-S证据理论对存在严重冲突的证据进行融合时却不能得到合理的结果,因此会导致检测系统的误报率和漏报率较高等问题。
本文结合经典的Dempster-Shafer证据理论和Fabio等提出的扩展D-S证据融合理论,提出一种证据融合算法EDS。该算法可实时地对大量存在严重冲突的证据进行融合并能够得到更加合理的结论;在两互斥目标的辨识框架下,该算法的时间复杂度仅为O(n),具有较高的融合效率,可应用于网络实时检测。鉴于此,本文将EDS融合算法应用于网络入侵检测,针对目前网络异常检测的不足,提出一种实时网络异常入侵检测模型。该模型对存在严重冲突的网络数据进行融合后能够获得较为合理的结果,从而降低模型系统的误报率和漏报率;同时该模型检测算法效率较高,可适用于大规模网络实时检测,并具有较大的检测范围。该模型属于无人指导的网络异常检测范畴,利用统计特征的期望偏方差确定基本概率分配函数,使用显著特征粗集分类机制降低融合严重冲突数据的频率来提高特征学习的准确性;同时采用数据区分度机制来实时反映网络流量特征,以提高模型系统的检测率。
最后通过UCI WBCD小维数据集和KDD Cupl999多维数据集的实验表明,该模型检测引擎基于有限维数据特征就能够在较低算法复杂度和较低误报率的前提下达到较高的检测率,具有实时检测的能力和良好的可扩展性,并对新型攻击有一定的免疫力。
With the development of computer networks and the popularization of their applications, more attentions have been paid on the computer sercurity problems. As an important tool assuring computer and networks security, intrusion detection technology has become a hot researching point in recent years. With the complexity of the attacks and the development of networks scale, network-based intrusion detection plays increasingly a more important role in detecting intrusions. Network intrusion detection system (Abbr. NIDS), which performs a series of tasks including monitoring, early warning, identification, decision-making and response, can complete the important functions of network system confrontation. It is an important component of network security systematic project.
At present, network anomaly intrusion detection is still of active and difficult field in the research of intrusion detection. However, it has not been widely used in practice due to some issues, which includes lower detecting rate, limited detecting range and lack of performing real-time intrusion detection in large and high speed networks. Network anomaly intrusion detection technology based on Dempster-Shafer(Abbr. D-S) evidence theory, which is of unsupervised network intrusion detection, has attracted lots of researchers. But most of them stay in the application of the classical D-S evidence theory which indeed can not make better fusions for some severely conflicted networks data so that it results in higher false alarm rate and higher omitted alarm rate.
Based on the classical D-S evidence theory and an extended D-S evidence fusion theory proposed by Fabio et al, this paper presents a novel evidence fusion algorithm named EDS which can finish better evidence fusions for severely conflicted data so as to get more reasonable results. The time complexity of EDS is only of O(n) so that it can be applied to real-time detection because of its short excution cycle. Following this EDS is imported into NIDS and then a real-time NEDS model is advanced based on it. The Model can get more reasonable conclusions for severely conflicted networks data so that it reduces false alarm rate and omitted alarm rate. Besides it has a wide range of intrusion detection and can be adapted for real-time network detection. It is of unsupervised network anomaly detector which defines the probability assignment function based on the deviation from expected variance of statistical characteristics. In addition, a rough sets'classification mechanism of light-remarkable features is produced to ruduce the frequency of the severely conflicted network data and to enhance the accuracy of feature learning process. A self-adaptive mechanism based on the data distinction is also proposed to reflect the real status of networks data flows.
Finally, according to the result of the experiments with UCI WBCD few-dimensional dataset and KDD Cup1999 multi -dimensional dataset, it shows that the detecting engine of the model can achive higher detection rate with several selected features under the premise of lower computational complexity and lower false alarm rate. Furthermore, it can be applied to real-time detection and immune from new pattern intrusions.
引文
[1]Biswanath Mukherjee,L.Todd Heberlein,and Karl N.Levitt.Network Intrusion Detection.IEEE Network,May/June 1994:26-41.
[2]John McHugh,Alan Christie,and Julia Allen.Defending Yourself:The Role of Intrusion Detection Systems.IEEE SOFTWARE,September/October 2000:42-51.
[3]Tim Bass.The federation of critical infrastructure information via publish and subscribe enabled multi-sensor data fusion.In:Proceedings of the 15th International Conference on information Fusion:Fusion 2002,Annapolis,MD,July 2002:1076-1083.
[4]Byung-joo Kim,Il-kon Kim.Kernel Based Intrusion Detection System.IEEE(ICIS),2005.
[5]De-gang Yang,Chun-yan Hu,Yong-hong Chen.A framework of cooperating Intrusion Detection based on Clustering analysis and expert system.ACM,2004:150-154.
[6]J.McHugh.Intrusion and Intrusion Detection.International Journal of.Information Security.Vol 1,No 1.Springer Verlag,August 2001.
[7]Piya Techateerawat,Andrew Jennings.Energy Efficiency of Intrusion Detection Systems in Wireless Sensor Networks.WI-IATW'06,IEEE,2006.
[8]Luciano Bononi,Carlo Tacconi.Intrusion detection for secure clustering and routing in Mobile Multi-hopWireless Networks.Int.J.Inf.Secur.(2007)6:379-392,DOI 10.1007/s10207-007-0035-9,Springer-Verlag 2007.7.
[9]Herwig Mannaert,Paul Adriaenssens.Web Services Based Systems for Network Management and Provisioning:A Case Study.IEEE Proceedings of the Advanced Industrial Conference on Telecommunications/Service Assurance,2005.
[10]Markus Miettinen,Perttu Halonen.Host-Based Intrusion Detection for Advanced Mobile Devices.Proceedings of the 20th International Conference on Advanced Information Networking and Applications(AINA'06),2006 IEEE
[ll]Kai Hwang,MinCai,et al.Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes.IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,Vol.4(1),JANUARY-MARCH 2007:41-55.
[12]Julia Allen et al.State of the practice of intrusion detection technologies.CMU/SEI-99-TR-028 Technical report,2000.
[13]李洋,方滨兴等.基于直推式方法的网络异常检测方法.Journal of Software,Vol.18,No.10,October 2007:2595-2604.
[14]Muhammad Ashraf Nadeem,Raja Haider Ali,and Muhammad Usman Bajwa.Intrusion Detection and Response using Mobile Agent Technology.IEEE INMIC,2004:492-497.
[15]Zhuowei Li,Amitabha Dad,Jianying Zhou.Theoretical Basis for Intrusion.IEEE Detection,Workshop on Information Assurance and Security,2005:184-192.
[16]Atsushi Inoue.Perceptual Intrusion Detection System.IEEE,2003:513-518.
[17]Van-Nam Huynh,Yoshiteru Nakamori,et al.Multiple-Attribute Decision Making Under Uncertainty:The Evidential Reasoning Approach Revisited.IEEE Transactions on Systems,Vol 36(4),July 2006.
[18]Yaxin Bi,Werner Dubitzky.An Evidential Approach in Ensembles.SAC'06,April,ACM,2006
[19]Dmitri Iourinski,Soodamani Ramalingam.Using Dempster Sharer Theory to Aggregate Usability Study Data.ICITA'05,IEEE,2005.
[20]Dong Yu,Deborah Frincke.Alert Confidence Fusion in Intrusion Detection Systems with Extended Dempster-Shafer Theory.ACM 43rd Southeast Conference,2005:2-142~2-147.
[21]Thierry Denceux.A Neural Network Classifier Based on Dempster-Shafer Theory.IEEE TRANSACTIONS ON SYSTEMS,Vol 30,No.2,March 2000:131-150.
[22]Thomas M.Chen and Venkataramanan.Dempster-Shafer Theory for Intrusion Detection in Ad Hoc Networks.IEEE INTERNET COMPUTING November,2005:35-41.
[23]Chenb Qi and Aickelin Uwe,Dempster-Shafer for Anomaly Detection.Proceedings of the International Conference on Data Mining(DMIN),Las Vegas,USA.2006.
[24]诸葛建伟等.基于D-S证据理论的网络异常检测方法.软件学报,2006,17(3):463-471.
[25]Wei Xiong,Shier Ju,et al.A Clash in Dempster-Shafer Theory.IEEE International Fuzzy Systems Conference,2001:793-796.
[26]William H.Wolberg.UCI machine learning repository(WBCD).University of Wisconsin Hospitals Madison,Wisconsin,USA.http://mlearn.ics.uci.edu/databases/breast-cancer-wisconsin
[27]Sal Stolfo,WenkeLee.KDD-Cup1999 Dataset.The 5th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining in 1999.http://www.sigkdd.org/kddcup/index.php?section=1999&method=info
[28]Spafford,E.Crisis and aftermath.Communication of ACM,1989,32(6):678-687.
[29]Smaha,S.E.Haystack:an intrusion detection system.In:Orlando ed.Proceedings of the 4th Aerospace computer Security Application Conference.Washington.DC:IEEE Computer Society Press.1988.37-44.
[30]Sandeep Kumar.Classification and Detection of Computer Intrusions[Ph.D Thesis].ftp://ftp.cerias.purdue.edu/pub/papers/sandeep-kumar/kumar-intdet-phddiss.ps.Z.1994.
[31]Abhijit Sarmah.Intrusion Detection Systems:Definition,Need and Challenges.http://rr.sans.org/intrusion/IDS_definition.php,October 3,2001.
[32]Anderson,J.P.Computer security threat monitoring and surveillance.Technical Report,James P Anderson Co.,Fort.Washington,Pennsylvania,1980.
[33]Denning,D.E.An Intrusion-detection Model.IEEE Transaction on Software Engineering,1987.13(2):222-232.
[34]张连华.基于粗糙集理论的NIDS算法和模型研究.上海交通大学博士学位论文.2005.1.
[35]Steven R.Snapp,James.DIDS(Distributed Intrusion Detection System):Motivation,Architecture,and An Early Prototype.1991.http//compass.net.edu.cn:8000/documents/./DIDS.ncsc91.pdf
[36]Wenhui.S,Daniel,T.T.H.A novel intrusion detection system model for securing web-based database systems.IEEE Computer Society's International Computer Software and Applications Conference,2001:249-254.
[37]W.Lee,S.J.Stolfo,A framework for constructing features and models for intrusion detection systems.ACM Trans.On Inform and System Security,Vol 3(4):227-261,2000.
[38]Eugene H.Spafford,Diego Zamboni.Intrusion detection using autonomous agents.Computer Networks.34(4):547-570,Oct.2000.
[39]G B.White,E.A.Fisch,U.W.Pooch.Cooperating Security Manager:A Peer-based Intrusion Detection System.IEEE Network,Jan.,1996:20-23.
[40]Vern Paxson.Bro:A System for Detecting Network Intruders in Real-Time.Computer Networks,1999:2435-2463.
[41]Murali Kodialam,T.V.Lakshman.Detecting Network Intrusions via Sampling:A Game Theoretic Approach.IEEE INFOCOM,2003.
[42]Stefan Axelsson.The Base-Rate Fallacy and the Difficulty of Intrusion Detection.ACM Transactions on Information and System Security,Vol 3(3),August 2000:186-205.
[43]王文杰,叶世伟.人工智能原理与应用.北京:人民邮电出版社,2004.3:157-199.
[44]Fabio Campos,Sergio Cavalcante.An Extended Approach for Dempster-Shafer Theory.IEEE,2003:338-344.
[45]胡昌振.网络入侵检测原理与技术.北京:北京理工大学出版社,2006.1:181-205.
[46]Don Koks,Subhash Challa.An Introduction to Bayesian and Dempster-Shafer Data Fusion.DSTO Systems Sciences Laboratory,DSTO-TR-1436,Australia,2005.
[47]R.R.Yager,On the dempster-shafer framework and new combination rules.Information Sciences,Vol 41:93-137,1987.
[48]J.Dezert,F.Smarandache.DSmT:A new paradigm shift for information fusion.Cogis'06 Conference,Paris,March 2006.
[49]S.C.,Bagui,S.Bagui,K.Pal,N.R.Pal.Breast cancer detection using rank nearest neighbor classification rules.Pattern Recognition,2003:25-34.
[50]D.Nauk,and R.Kruse.A neuro-fuzzy method to learn fuzzy classification rulesfrom data.Fuzzy sets and Systems,1997:277-288.
[2]John McHugh,Alan Christie,and Julia Allen.Defending Yourself:The Role of Intrusion Detection Systems.IEEE SOFTWARE,September/October 2000:42-51.
[3]Tim Bass.The federation of critical infrastructure information via publish and subscribe enabled multi-sensor data fusion.In:Proceedings of the 15th International Conference on information Fusion:Fusion 2002,Annapolis,MD,July 2002:1076-1083.
[4]Byung-joo Kim,Il-kon Kim.Kernel Based Intrusion Detection System.IEEE(ICIS),2005.
[5]De-gang Yang,Chun-yan Hu,Yong-hong Chen.A framework of cooperating Intrusion Detection based on Clustering analysis and expert system.ACM,2004:150-154.
[6]J.McHugh.Intrusion and Intrusion Detection.International Journal of.Information Security.Vol 1,No 1.Springer Verlag,August 2001.
[7]Piya Techateerawat,Andrew Jennings.Energy Efficiency of Intrusion Detection Systems in Wireless Sensor Networks.WI-IATW'06,IEEE,2006.
[8]Luciano Bononi,Carlo Tacconi.Intrusion detection for secure clustering and routing in Mobile Multi-hopWireless Networks.Int.J.Inf.Secur.(2007)6:379-392,DOI 10.1007/s10207-007-0035-9,Springer-Verlag 2007.7.
[9]Herwig Mannaert,Paul Adriaenssens.Web Services Based Systems for Network Management and Provisioning:A Case Study.IEEE Proceedings of the Advanced Industrial Conference on Telecommunications/Service Assurance,2005.
[10]Markus Miettinen,Perttu Halonen.Host-Based Intrusion Detection for Advanced Mobile Devices.Proceedings of the 20th International Conference on Advanced Information Networking and Applications(AINA'06),2006 IEEE
[ll]Kai Hwang,MinCai,et al.Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes.IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,Vol.4(1),JANUARY-MARCH 2007:41-55.
[12]Julia Allen et al.State of the practice of intrusion detection technologies.CMU/SEI-99-TR-028 Technical report,2000.
[13]李洋,方滨兴等.基于直推式方法的网络异常检测方法.Journal of Software,Vol.18,No.10,October 2007:2595-2604.
[14]Muhammad Ashraf Nadeem,Raja Haider Ali,and Muhammad Usman Bajwa.Intrusion Detection and Response using Mobile Agent Technology.IEEE INMIC,2004:492-497.
[15]Zhuowei Li,Amitabha Dad,Jianying Zhou.Theoretical Basis for Intrusion.IEEE Detection,Workshop on Information Assurance and Security,2005:184-192.
[16]Atsushi Inoue.Perceptual Intrusion Detection System.IEEE,2003:513-518.
[17]Van-Nam Huynh,Yoshiteru Nakamori,et al.Multiple-Attribute Decision Making Under Uncertainty:The Evidential Reasoning Approach Revisited.IEEE Transactions on Systems,Vol 36(4),July 2006.
[18]Yaxin Bi,Werner Dubitzky.An Evidential Approach in Ensembles.SAC'06,April,ACM,2006
[19]Dmitri Iourinski,Soodamani Ramalingam.Using Dempster Sharer Theory to Aggregate Usability Study Data.ICITA'05,IEEE,2005.
[20]Dong Yu,Deborah Frincke.Alert Confidence Fusion in Intrusion Detection Systems with Extended Dempster-Shafer Theory.ACM 43rd Southeast Conference,2005:2-142~2-147.
[21]Thierry Denceux.A Neural Network Classifier Based on Dempster-Shafer Theory.IEEE TRANSACTIONS ON SYSTEMS,Vol 30,No.2,March 2000:131-150.
[22]Thomas M.Chen and Venkataramanan.Dempster-Shafer Theory for Intrusion Detection in Ad Hoc Networks.IEEE INTERNET COMPUTING November,2005:35-41.
[23]Chenb Qi and Aickelin Uwe,Dempster-Shafer for Anomaly Detection.Proceedings of the International Conference on Data Mining(DMIN),Las Vegas,USA.2006.
[24]诸葛建伟等.基于D-S证据理论的网络异常检测方法.软件学报,2006,17(3):463-471.
[25]Wei Xiong,Shier Ju,et al.A Clash in Dempster-Shafer Theory.IEEE International Fuzzy Systems Conference,2001:793-796.
[26]William H.Wolberg.UCI machine learning repository(WBCD).University of Wisconsin Hospitals Madison,Wisconsin,USA.http://mlearn.ics.uci.edu/databases/breast-cancer-wisconsin
[27]Sal Stolfo,WenkeLee.KDD-Cup1999 Dataset.The 5th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining in 1999.http://www.sigkdd.org/kddcup/index.php?section=1999&method=info
[28]Spafford,E.Crisis and aftermath.Communication of ACM,1989,32(6):678-687.
[29]Smaha,S.E.Haystack:an intrusion detection system.In:Orlando ed.Proceedings of the 4th Aerospace computer Security Application Conference.Washington.DC:IEEE Computer Society Press.1988.37-44.
[30]Sandeep Kumar.Classification and Detection of Computer Intrusions[Ph.D Thesis].ftp://ftp.cerias.purdue.edu/pub/papers/sandeep-kumar/kumar-intdet-phddiss.ps.Z.1994.
[31]Abhijit Sarmah.Intrusion Detection Systems:Definition,Need and Challenges.http://rr.sans.org/intrusion/IDS_definition.php,October 3,2001.
[32]Anderson,J.P.Computer security threat monitoring and surveillance.Technical Report,James P Anderson Co.,Fort.Washington,Pennsylvania,1980.
[33]Denning,D.E.An Intrusion-detection Model.IEEE Transaction on Software Engineering,1987.13(2):222-232.
[34]张连华.基于粗糙集理论的NIDS算法和模型研究.上海交通大学博士学位论文.2005.1.
[35]Steven R.Snapp,James.DIDS(Distributed Intrusion Detection System):Motivation,Architecture,and An Early Prototype.1991.http//compass.net.edu.cn:8000/documents/./DIDS.ncsc91.pdf
[36]Wenhui.S,Daniel,T.T.H.A novel intrusion detection system model for securing web-based database systems.IEEE Computer Society's International Computer Software and Applications Conference,2001:249-254.
[37]W.Lee,S.J.Stolfo,A framework for constructing features and models for intrusion detection systems.ACM Trans.On Inform and System Security,Vol 3(4):227-261,2000.
[38]Eugene H.Spafford,Diego Zamboni.Intrusion detection using autonomous agents.Computer Networks.34(4):547-570,Oct.2000.
[39]G B.White,E.A.Fisch,U.W.Pooch.Cooperating Security Manager:A Peer-based Intrusion Detection System.IEEE Network,Jan.,1996:20-23.
[40]Vern Paxson.Bro:A System for Detecting Network Intruders in Real-Time.Computer Networks,1999:2435-2463.
[41]Murali Kodialam,T.V.Lakshman.Detecting Network Intrusions via Sampling:A Game Theoretic Approach.IEEE INFOCOM,2003.
[42]Stefan Axelsson.The Base-Rate Fallacy and the Difficulty of Intrusion Detection.ACM Transactions on Information and System Security,Vol 3(3),August 2000:186-205.
[43]王文杰,叶世伟.人工智能原理与应用.北京:人民邮电出版社,2004.3:157-199.
[44]Fabio Campos,Sergio Cavalcante.An Extended Approach for Dempster-Shafer Theory.IEEE,2003:338-344.
[45]胡昌振.网络入侵检测原理与技术.北京:北京理工大学出版社,2006.1:181-205.
[46]Don Koks,Subhash Challa.An Introduction to Bayesian and Dempster-Shafer Data Fusion.DSTO Systems Sciences Laboratory,DSTO-TR-1436,Australia,2005.
[47]R.R.Yager,On the dempster-shafer framework and new combination rules.Information Sciences,Vol 41:93-137,1987.
[48]J.Dezert,F.Smarandache.DSmT:A new paradigm shift for information fusion.Cogis'06 Conference,Paris,March 2006.
[49]S.C.,Bagui,S.Bagui,K.Pal,N.R.Pal.Breast cancer detection using rank nearest neighbor classification rules.Pattern Recognition,2003:25-34.
[50]D.Nauk,and R.Kruse.A neuro-fuzzy method to learn fuzzy classification rulesfrom data.Fuzzy sets and Systems,1997:277-288.