摘要
分布式拒绝服务(DDoS)攻击通过操纵“僵尸网络”,向受害主机发起海量的垃圾请求,使受害主机完全超过工作负荷而无法响应正常用户的请求,达到拒绝服务的目的。由于“僵尸网络”是由分布在全球的有安全缺陷的主机组成,受到攻击者的幕后指挥,而且又可用虚假IP地址发起的攻击,因此很难通过IP包中的信息来发现真正的攻击者,在网络上发起DDoS攻击对攻击者而言相对比较安全,使得这种攻击对Internet安全造成了极大的威胁。为了遏制DDoS在互联网上泛滥,必须对DDoS的防御措施进行研究。若要有效防御DDoS攻击,首先需要准确地检测到DDoS。由于DDoS常常使用虚假IP地址,而TCP/IP协议并不对IP地址进行认证,因此无法识别哪些包使用了虚假IP地址,这就给检测DDoS带来了困难。
DDoS检测已经成为网络安全的研究热点,已经提出了不少检测算法。这些算法的一个共同点是,寻找到DDoS攻击的某个数值特征,根据这个数值特征来反映攻击是否存在。一方面,由于网络流的随机性和复杂性以及攻击行为的多样性使得通过单一特征来检测DDoS的方法的可靠性受到质疑,它们容易将突发的大流量正常数据流也识别为攻击而造成误警率过高。为了准确地检测DDoS,必须使用多个属性进行检测。另一方面,为了有效地防御DDoS,要求检测环节能尽可能多地提供攻击流的信息,例如同时提供攻击强度、攻击方式和攻击协议的信息。综合考虑,一种可行的方法是采用多类模式识别的方法,根据攻击强度、攻击方式和攻击协议的不同,将攻击分为24种不同的类型,寻找到一组能区分各类攻击的特征向量,然后采集不同类型攻击的样本,对多类学习机进行训练;检测阶段,采集网络流的特征数据,送到训练好的学习机中进行检验,以获得的类标来判断是否有攻击发生以及相应的攻击强度、攻击方式和攻击协议的信息。
支持向量机(SVM)是基于统计学习理论(SLT)的新型学习机,它集最大间隔超平面、Mercer核、凸二次规划、稀疏解和松弛变量等技术于一身,可以克服传统学习机的局部最小、维数灾难和过学习等问题,是一种性能良好的分类器。标准的SVM是个二分类器,若用SVM解决多类分类问题,需要将SVM扩展到多类。目前的主要思路是将多类问题转化为一系列的二分类问题,然后由多个SVM进行分类,例如常用的1-v-r和1-V-1分类器。这种方法可有效实现多分类功能,但因它是以间接的方式形成的分类能力,需要训练的SVM数量较多,所以它们的学习效率不高,不适合类别多、训练规模大的问题。因此,间接型多类SVM不适用于DDoS攻击检测。
由于DDoS分类类别比较多,需要效率更高的直接型多类学习机。在前人工作的基础上,建立了直接型多分类器——超球体多类支持向量机(HSMC-SVM)的概念。建立超球的原则是,对某类样本,在超球半径尽可能小的情况下,包含该类样本尽可能多。为每类样本建立一个超球,N类样本就建立N个超球,在空间中形成像肥皂泡一样的分类结构。在判决时,测试样本离哪个超球最近,就属于那个超球代表的类,这就是HSMC-SVM的分类原理。它是以直接的方式形成分类能力,具有学习容量大、训练速度快、可扩展性强的优点。每个超球的确定相当于求解一个凸二次规划(QP)问题,根据训练SVM的SMO算法的思想,建立了HSMC-SVM的SMO训练算法,并给出了“二阶逼近”的工作集选择法,使得训练速度进一步提高。在加快训练速度方面,还采用了样本缩减和核矩阵缓存的策略。通过理论分析已经证明,HSMC-SVM的分类误差有界。实验表明,HSMC-SVM在训练和测试速度上较1v-r和1-v-1分类器有较大幅度提高,但分类精度略有下降。
为了进一步提高训练速度和训练精度,将最小二乘法引入到HSMC-SVM中,提出了最小二乘超球支持向量机(LSHS-MCSVM)的概念。与HSMC-SVM相比,LSHS-MCSVM在目标函数中使用了二次函数,将不等式约束改为等式约束,并取消了乘子的取值限制,使得LSHS-MCSVM在乘子搜索和优化计算方面速度更快,从而加快了它的整体收敛速度。LSHS-MCSVM的训练仍可使用SMO算法,在“一阶逼近”和“二阶逼近”的工作集选择下,LSHS-MCSVM的收敛速度比基于经验的工作集选择法有进一步提高。由于都使用球形分类结构,LSHS-MCSVM与HSMC-SVM有类似的学习误差上界。数值实验表明,在不降低分类精度的情况下,LSHS-MCSVM比HSMC-SVM有更快的训练速度,在某些数据集上,LSHS-MCSVM还有更高的学习精度。
为了区分不同类型的攻击,对DDoS攻击流进行分析,提取了9维相对值(RV)特征向量。分别将HSMC-SVM和LSHS-MCSVM用于DDoS攻击检测。实验表明,它们完全能区分不同类型的攻击,并能较准确地识别由真实的攻击工具发起的攻击。对不同类型的攻击,两种分类器都能比较准确地给出攻击的类标。根据识别出的类标,可以获得攻击强度、攻击协议和攻击方式的信息,为防御环节采取相应措施提供了依据。
An attacker launches Distributed Denial of Service (DDoS) attacks by the BotNet, which send lots of garbage IP packets to the victim. Because the victim receives the garbage IP packets exceeding over that it can't deal with, it will determine the services to the legitimate uses. BotNet is composed of the computers all over the Internet with security weakness. An attacker will be relative safe if he/she commands BotNet to start a DDoS attack with bogus source IP addresses. As a result, launching DDoS attack on Internet is so easy that it becomes a severe threat to the Internet security. So the researchers must find some measures to limit or stop DDoS attacks overflow on Internet. In order to defeat DDoS attacks efficiently, the first case is precisely detecting DDoS attacks. There are some troubles to detecting DDoS attacks, because DDoS attacks may exploit bogus source IP addresses and the TCP/IP protocol doesn't implement authentications to these source IP addresses.
For DDoS attacks detection is a research focus in the area of network security, many detection algorithms have been already proposed in recent years. These detecting algorithms have a common character that they identify DDoS attacks according to certain numeric feature of DDoS flow. However, the detecting effects of these algorithms with sole feature are doubtful because of the randomicity and complexity of the network flow and variety of attacks flow. They likely regard gusty normal data flow as attack, so their false positive rates are usually high. In a word, several features are required in order to detect DDoS precisely. On the other hand, for defeating DDoS attacks, the more information about DDoS should be distilled at detection phase, such as attacks intensity, attacks pattern and attacks protocol. Then defenders can deal with the DDoS attacks according to the information. Pattern recognition algorithm can be used to implement the detecting scheme. All attacks are classified into 24 categories according to attacks intensity, attacks pattern and attacks protocol. Then find a group of features to distinguish these attacks. Sample the attacks flow with the features to compose the training set and use it to train the multi-class classifiers. At the testing phase, sample the networks flow to form the test data and obtain its category label by trained classifier. Using the category label, one can judge whether attacks are present and the information about attacks intensity, attacks pattern and attacks protocol.
Support Vector Machines (SVM) is a novel learning machines based on the Statistical Learning Theory (SLT). Concentrating several good technologies such as maximum margin hyper plane, Mercer kernel, convex quadratic programming, spare solutions and slack variables, SVM is a good learning machine, which can overcome the shortages of traditional classifiers—local minimization, curse of dimension and overfitting. Standard SVM is a binary classifier for pattern recognition. For learning a multi-class problem, SVM must be extended to multi-class classifier. Current the main idea to extend SVM to multi-class is to translate the multi-class problem into a series of binary class problems, and a SVM solves a binary class problem. For example, 1-v-r and 1-v-1 are the multi-class classifiers following this idea. They can carry out multi-class classifying capacity. However, because these classifiers are constructed by an indirect manner, too many SVMs are training at the training phase. As a result, their learning efficiency is low and they aren't fit to the classifying problem with too many class categories and large scale training set, so indirect multi-class classifiers aren't fit to the problem of DDoS detection.
A higher efficient direct multi-class learning machine is necessary because DDoS detection has a large number of categories to classify. Following and extending former research, a novel direct multi-class classifier—Hyper Sphere Multi-Class Support Vector Machine (HSMC-SVM) is proposed in the paper. In a multi-class problem, one finds the minimum radius hyper sphere including the majority of the examples for every category of examples. N hyper spheres would be constructed for N classes of examples. All of the hyper spheres form a soap-bubble-shaped classification frame in the examples space. At testing phase, the testing point would belong to the class whose sphere is the closest to the point. Based on direct classifying principle, HSMC-SVM have some advantages than indirect classifiers, such as large learning capacity, fast training process and good expansibility. One will solve a convex QP problem to calculate a hyper sphere. For the SMO algorithm training SVM successfully, the SMO algorithm is proposed for training HSMC-SVM and second order information measure for working set selection. The two measures further enhance the training speed. Further, "shrink" and "caching" are also used to improve the training speed. Through theoretic analysis, it is proved that the classification error of HSMC-SVM is bound. Shown in our numeric experiments, HSMC-SVM has faster training and testing speed than 1-v-r and 1-v-1, but its learning precision is low than them.
For improving training speed and learning precision again, least square measure is introduced to HSMC-SVM and form the new learning machine—Least Square Hyper Sphere Multi-Class SVM (LSHS-MCSVM). Comparing to HSMC-SVM, LSHS-MCSVM exploits second norm in object function, replaces the inequation constrains with equation constrains and gets rid of the limitation of Lagrange multipliers. These differences cause faster multipliers scanning and optimization calculation in LSHS-MCSVM, so it has faster convergence speed than HSMC-SVM. LSHS-MCSVM can also use SMO algorithm to train. Under working set selection of first order information and second order information, the training speed of LSHS-MCSVM is faster than empirical working set selection. For both of HSMC-SVM and LSHS-MCSVM are based on hyper sphere classification frame, they have similar theoretic error upper bound. The numeric experiments show that the training speed of LSHS-MCSVM is faster than that of HSMC-SVM on same learning precision. Moreover, on certain datasets, the learning precision of LSHS-MCSVM is even higher than HSMC-SVM.
In order to detect DDoS attacks with HSMC-SVM and LSHS-MCSVM, a 9-dimension relative value (RV) feature vector is distilled via analyzing DDoS attacks flow. The numeric experiments show that the RV features can distinguish all kinds of the attacks precisely and efficiently identify the DDoS attacks launching by real attack tools. The experiment results are the two classifiers can identify the class label of the real DDoS attacks. According to the class label, the net administrators can obtain the attacks intensity, attacks pattern and attacks protocol when some attacks are present, which are important information for defeating the DDoS attacks successfully.
引文
[1]Internet的发展历史.http://vovo.net.cn/topic/view/548.html
[2]中国互联网络信息中心(CNNIC).第十七次中国互联网络发展状况统计报告.北京,2006.1.17
[3]李国敏.“止痛”信息安全.科技日报.2006.1.18,第9版
[4]上海艾瑞市场咨询有限公司.中国网络安全研究报告(简版)2004年.上海,2004
[5]网络安全现状及趋势初探.http://1jcert.bnii.gov.cn:5002/2j/zjsd/mj.jsp?unid-388
[6]黄传河,杜瑞颖等.网络安全.武汉:武汉大学出版社,2004
[7]Lau F,Rubin S H,Smith M H,et al.Distributed Denial of Service Attacks.IEEE International Conference on Systems,Man and Cybernetics,Nashville,USA,2000
[8]Supranamaya Ranjan,Ram Swaminathan,Mustafa Uysal,Edward Knightly.DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection.IEEE INFOCOM,Barcelona,Spain,April 23-29,2006
[9]Yi Xie,Shun-Zheng Yu.A Novel Model for Detecting Application Layer DDoS Attacks.Proceedings of the First International Multi-Symposiums on Computer and Computational Sciences.
[10]Christos Douligeris,Aikaterini Mitrokotsa.DDoS Attacks and Defense Mechanisms:A Classification.Proceedings of the 3rd IEEE International Symposium on Signal Processing and Infonrmation Technology,2003:190-193
[11]Distributed denial of service- trinoo,tribe flood network,tribe flood network 2000 and stacheldraht.Lawrence Livermore National Laboratory,Livermore,CA:Technical Report CIAC-2319,2000
[12]http://www.cert.org.cn/articles/tabloid/common/2005072922366.shtml
[13]http://news.xinhuanet.com/it/2005-08/23/content_3392841.htm
[14]www.cert.org.cn/upload/2005CNCERTCCAnnualReport_Chinese.pdf
[15]李萱,叶琪.防御DDoS攻击的智能过滤模型.2005(29):156-159
[16]沈鑫,张来顺.DDoS防御机制研究.微计算机信息.2006,22(3-3):61-64
[17]C-M.Cheng,H.Kung and K.S.Tan.Use of spectral analysis in defense against Dos attack.In Proceedings of IEEE GLOBECOM,Taipei,IEEE,2002
[18]Aditya Akella,Ashwin Bharambe,Mike Reiter,Srinivasan Seshan.Detecting DDoS Attacks on ISP Networks.In ACM SIGMOD/PODS Workshop on Management and Processing of Data Streams(MPDS)FCRC,2003.http://citeseer.ist.psu.edu/akella03detecting.html
[19]Laura Feinstein,Dan Schnachenberg,Ravindra Balupari,Darrell Kindred.Statistical Approaches to DDoS Attack Detection and Response.Proceedings of the DARPA Information Survivablility Conference and Exposition.Washington D.C:IEEE,2003
[20]Lan Li,Gyungho Lee.DDoS Attack Detection and Wavelets.Proceedings of the 12~(th)International Conference on Computer Communications and Networks,2003:421-427
[21]Christos Siaterlis,Basil Maglaris.A Novel Approach for A Distributed Denial of Service Detection Engine.http://www.netmode.ntua.gr/papers/papers/siaterlis_HPOVUA03.pdf
[22]Y.Xiang,Y.Lin,W.L.Lei and S.J.Huang.Detecting DDoS Attack Based on Network Selfsimilarity.IEEE International Conference on Communications,2004,151(3):292-295
[23]Shuyuan Jin,Daniel S.Yeung.A Covariance Analysis Model for DDoS Attack Detection.IEEE Communications Society,2004:1882-1886
[24]何慧,张宏莉,张伟哲等.一种基于相似度的DDoS攻击检测方法.通信 学报.2004,25(7):176-184
[25]Lersak Limwiwatkul,Amon Rungsawang.Distributed Denial of Service Detection using TCP/IP Header and Traffic Measurement Analysis.Proceedings of International Symposium on Communications and Information Technologies 2004:605-610
[26]YuiChi Ohsita.Shingo Ata,Masayuki Murata.Detecting Distributed Denial-of-Service Attacks by analyzing TCP SYN Packets Statistically.Globecom 2004:2043-2049
[27]Ming Li.An Approach to Reliably Identifying Signs of DDoS Flood Attacks Based on LRD Traffic Pattern Recognition.Computers & Security.2004(23):549-558
[28]顾俊佳,李宁.网络DDoS攻击流的小波分析与检测.计算机工程与应用,2006.5:127-130
[29]Amey Shevtekar,Karunakar Anantharam,Nirwan Ansari.Low Rate TCP Denial-of-Service Attack Detection at Edge Routers.IEEE Communications Letters.2005,9(4):363-365
[30]Christos Siaterlis,Detecting incoming and outgoing DDoS attack at the edge using a single set of network characteristics.Proceedings of the 10th IEEE Symposium on Computers and Communication,2005:469-475
[31]蒋琦,庄毅,谢东.基于SYN分类器的SYN Flood攻击检测规则生成方法的研究.计算机应用与软件.2005,22(10):38-40
[32]孙钦东,张德运,高鹏.基于时间序列分析的分布式拒绝服务攻击检测.计算机学报.2005,28(5):767-773
[33]Jungtaek Seo,Cheolho Lee,Taeshik Shon.A New DDoS Detection Model Using Multiple SVM and TRA.EUC Workshops 2005,LNCS 3832,pp.976-985
[34]何书元.应用时间序列分析.北京:北京大学出版社.2003.PP:119-144
[35]李裕奇.随机过程.北京:国防工业出版社.2003:179-206
[36]孙钦东,张德运,孙朝晖等.基于流连接密度的分布式拒绝服务攻击 检测.西安交通大学学报.2004,38(10):1048-1052
[37]MIT Lincoln Laboratory.2000 DARPA intrusion detection scenario specific data sets.http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html
[38]K.Saastamoinen,V.Kononen,and P.Luukka,A classifier based on the fuzzy similarity in the Lukasicwicz structure with different metrics.In proceedings of IEEE International Conference on Fuzzy Systems,FUZZ-IEEE'02,vol.1,2002:363-367
[39]F.Rosenblatt.The Perceptron:A Perceiving and Recognizing Automaton.Technical Report 85-460-1.Ithaca NY:Cornell Aeronautical Laboratory.1956
[40]Vladimir N.Vapnik.The Nature of Statistical Learning Theory(Second Edition).Springer-Verlag.New York,2000
[41]Novikoff A B J.On Convergence Proofs on Perceptrons.Proceedings of the Symposium on the Mathematical Theory of Automata 1962,Ⅻ:615-622
[42]Aizerman M A,Braverman E M,Rozonoer L I.Theoretical Foundation of Potential Function Method in Pattern Recognition Learning.Automation and Remote Control.1964,25:821-837
[43]B.Widrow,M.Hoff.Adaptive Switching Circuits.IRE WESCON Convention Record.New York,1960:96-104
[44]L.Samuel.Some Studies in Machine Learning using the Game of Checkers.IBM Journal Research and Development.1967,11(4):601-618
[45]Vladirnir N.Vapnik,Chervonenkis A Ja.On the Uniform Convergence of Relative Frequencies of Events to Their Probalilities.Theory Probabilities Application.1971,16:264-280
[46]Phillips D Z.A Technique for Numerical Solution of Certain Integral Equation of the First Kind.Journal Associate Computational Mathematics.1962,9:84-96
[47] Tikhonov A N. On Solving Ill-Posed Problem and Method of Regularization. Doklady Akademii Nauk USSR, 1963,153:50-504
[48] Parzen D Z. On Estimation of Probability Function and Mode. Annals of Mathematical Statistics. 1962, 33(3)
[49] Vladimir N. Vapnik, Stefanyuk A R. Nonparametric Methods for Estimation Probability Densities. Automation and Remote Control, 1978, 8:27-35
[50] Solomonoff R J. A Preliminary Report on General Theory of Inductive Inference. Technical Report ZTB-138, Zator Company, Cambridge, 1960
[51] Kolmogorov A N. Three Approaches to the Quantitative Definition of Information. Problem of Information Transmission, 1965, 1(1): 1-7
[52] Chaitin G J. On the Length of Programs for Computing Finite Binary Binary Sequences. Journal Associate Computational Mathematics. 1966.13:547-569
[53] Rissanen J. Modeling by Shortest Data Description. Automatica, 1978, 14:465-471
[54] JJ. Hopfield. Neural Networks and Physical Systems with Emergent Collective Computational Abilities. Proc, of Natl. A-cad. USA. 1982, 79: 2254-2258
[55] Rumellhart D E, Hinton G E, Williams R J. Learning Internal Representations by Error Propagation. Nature, 1986, 323(6188):533-536
[56] T. Kohonen. Self-Organized Formation of Topologically Correct Feature Maps. Biio, Cybern. 1982, 43: 56-69
[57] Grossberg. Competitive Learning: From Interactive Activation to Adaptive Resonance. Cognitives Science. 1987, 23(11): 23-63
[58] L. Valiant. A Theory of Learn Ability. Communications of the ACM. 1984, 27(11): 1134-1142
[59] B. E. Boser, I. M. Guyon, V. N. Vapnik. A Training Algorithm for Optimal Margin Classifiers. Proceedings of the 5~(th) Annual ACM Workshop on Computational Learning Theory. 1992: 144-152
[60] C. Cortes, Vladimir N. Vapnik. Support Vector Networks. Machine Learning. 1995,20:273-297
[61] V N. Vapnik. Statistical Learning Theory. Wiley, 1998
[62] V N. Vapnik. Estimation of Dependence Based on Empirical Data. New York: Springer, 1982
[63] E. Edgar, R. Freund, F. Girosi. Support Vector Machines: Training and Applications. AI Memo 1602, MIT AI LAB, 1997
[64] O. L. Mangasarian, D. R. Musicant. Successive Overrelaxation for Support Vector Machines. IEEE Transaction Neural Networks, 1999, 10(5): 1032-1037
[65] B. Scholkopf, Smola A, Williamson R. C, et al. New Support Vector Algorithms. Neural Computation. 2000, 12(5): 1207-1245
[66] B. Scholkopf, John C. Plattz, et al. Estimating the Support of A High-Dimensional Distributes. Technical Report MSR-TR-99-87, 1999, pp. 1-28
[67] Tax D, Duin R. Data Domain Description by Support Vectors. Proceedings of ESANN99. 1999: 251-256
[68] Lee Y J, Mangasarian O L. RSVM: Reduced support vector machines. Wisconsin: University of Wisconsin, 2000
[69] J. Suykens, Vandewalle J. Least Square Support Vector Machine Classifiers. Neural Processing Letters, 1999, 9(3):293-300
[70] Chun-Fu Lin, Sheng-De Wang. Fuzzy Support Vector Machines. IEEE Transaction on Neural Networks. 2002, 13(2): 464-471
[71] B. Scholkopf, C. Burges, V. Vapnik. Extracting Support Data for a Given Task. Proceedings of First International Conference on Knowledge Discovery & Data Mining. German: AAAI Press, 1995: 262-267
[72] E. Osuna, R. Freund, F. Girosi. Training Support Vector Machines: An Application to Face Detection. Proceedings of CVPR'97, New York, NY, IEEE.1997:130-136
[73]T.Joachims.Transductive Inference for Text Classification using Support Vector Machines.Proceedings of the 16~(th)International Conference on Machine Learning.Morgan Kaufmanm.1999:148-156
[74]薛毅.最优化原理与方法.北京:北京工业大学出版社,2003年
[75]邓乃扬,田英杰.数据挖掘中的新方法--支持向量机.北京:科学出版社,2004年
[76]Nello Cristianini,John Shawe-Taylor.An Introduction to Support Vector Machines and Other Kernel-based Learning Methods.Cambridge University Press,2000
[77]Courant R,Hilbert D.Methods of Mathematical Physics,NY:J.Wiley,1953
[78]Sergios Theodofidis,Konstantinos Koutroumbas.Pattern Recognition (Second Edition).Elsevier Science,2003
[79]Burges C J C.A Tutorial on Support Vector Machines for Pattern Recognition.Data Mining and Knowledge Discovery,1998,2(2):121-176
[80]P.L.Bartlett.The Sample Complexity of Pattern Classification with Neural Networks:the size of the weights is more important than the size of the network.IEEE Transactions on Information Theory,1998,44(2):525-536
[81]J.Shawe-Taylor,P.L.Bartlett,R.C.Williamson et al.Structural Risk Minimization over Data-dependent Hierarchies.IEEE Transactions on Information Theory,1998,44(5):1926-1940
[82]J.Shawe-Taylor,N.Cristianini.Margin Distribution and Soft Margin.In A.J.Smola,P.Bartlett,B.Scholkopf,C.Schuurmans,editors,Advances in Large Margin Classifiers.MIT Press,1999
[83]陈宝林.最优化理论与算法(第2版).清华大学出版社,2005
[84]Vapnik V.Estimation of dependences based on empirical data.Springer-Verlag,New York,1982
[85]Edgar Osuna,Robert Freund,Federico Girosi.An Improved Training Algorithm for Support Vector Machines.Proc.IEEE NNSP 1997,pp.276-285
[86]Edgar Osuna,Robert Freund,Federico Girosi.Training Support Vector Machines:An Application to Face Detection.Proc.Computer Vision and Pattern Recognition 1997,pp.130-136
[87]C.C.Chang,C.W.Hsu,C.J.Lin.The Analysis of Decomposition Methods for Support Vector Machines.In Workshop on Support Vector Machines,IJCAI,1999
[88]John Platt.Sequential Minimal Optimization:A Fast Algorithm for Training Support Vector Machines.Technical Report MSR-TR-98-14,1998
[89]John Platt.Fast Training of Support Vector Machines using Sequential Minimal Optimization.In B.Scholkopf et al,Advances in Kernel Methods-Support Vector Learning,Cambridge,MIT Press,1999:185-208
[90]褚蕾蕾,陈绥旭,周梦.计算智能的数学基础.北京:科学出版社,2002
[91]John Platt.Using Analytic QP and Sparseness to Speed Training of Support Vector Machines.In:Kearns M,et al.Advances in Neural Information Processing Systems 11.Cambridge,MIT Press,1999:557-563
[92]S.S.Keerthi,S.K.Shevade,C.Bhattacharyya,et al.Improvements to Platt's SMO Algorithm for SVM Classifier Design.Technical Report CD-99-14.Bangalore,India:Department of CSA,IISc,1999
[93]S.S.Keerthi,E.G.Gilbert.Convergence of a Generalized SMO Algorithm for SVM Classifier Design.Machine Learning,2002,46(1/3):351-360
[94]Thorsten Joachims.Making Large-Scale SVM Learning Practical.In:Scholkopf B,Burges C,Smola A,eds.Advances in Kernel Methods-Support Vector Learning.Cambridge:MIT Press,1998:41-56
[95]Chih-Chung Chang,Chih-Jen Lin.LIBSVM:a library for support vector machines,2001.Software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm
[96]Don Hush,Clint Scovel.Polynomial-time Decomposition Algorithms for Support Vector Machines.Machine Learning,2003,51:51-71
[97]Rong-En Fan,Pai-Hsuen Chen,Chih-Jen Lin.Working Set Selection Using Second Order Information for Training Support Vector Machines.Journal of Machine Learning Research,2005(6):1889-1918
[98]Weston J,Watkins C.Multi-Class Support Vector Machines.Technical Report CSD-TR-98-04,Royal Holloway,University of London,Department of Computer Science,1998
[99]U.Kreβel."Pairwise classification and support vector machines" in Advances in Kernel Methods-Support Vector Learning,B.Scholkopf,C.J.C.Burges,and A.J.Smola,Eds.Cambridge,MA:MIT Press,1999:255-268
[100]T.G.Diettefich,G.Bakiri.Solving Multiclass Learning Problems via Error-Correcting Output Codes.Journal of Artificial Intelligence Research.1995,2:263-286
[101]夏建涛.基于机器学习的高维多光谱数据分类.博士学位论文,西北工业大学,2002
[102]J.C.Platt N.Cristianini,and J.Shawe - Taylor.Large margin DAGs for multiclass classification.In S.A.Solla,T.K.Leen,and K.- R.Muller,editors.Advances in Neural Information Processing Systems.MIT Press,2000:547-553
[103]Friedhelm Schwenker.Hierarchical support vector machines for multi2class pattern recognition.Fourth Int.Conf.on Knowledge Based Intelligent Engineering System & Allied Technologies,2000:561-565
[104]Fumitake Takahashi,Shigeo Abe.Decision-tree-based Multiclass Support Vector Machines.Proceedings of the 9th International Conference on Neural Information Processing,2002:1418-1422
[105]B.Scholkopf,C.J.C.Burges,V.Vapnik.Extracting Support Data for a Given Task.Proceedings of First International Conference on Knowledge Discovery & Data Mining.AAAI Press,Menlo Park,CA,1995
[106]Xin Dong,Wu ZhaoHui,Pan YunHe.A New Multi-Class Support Vector Machines.2001 IEEE International Conference on Systems,Man and Cybemetics.pp 1673-1676
[107]唐发明,王仲东,陈绵云.支持向量机多类分类算法研究.控制与决策.2005,20(7):746-750
[108]朱美琳,刘向东,陈世福.用球结构解决多分类问题.南京大学学报(自然科学版).2003,39(2):153-158
[109]袁胜发,褚福磊.基于改进型球结构支持向量机的故障诊断方法及其应用.推进技术.2006,27(1):1-5
[110]袁胜发,褚福磊.基于引力球结构支持向量机多类算法的涡轮泵故障诊断.宇航学报.2006,27(4):835-639
[111]孙知信,姜举良,焦琳.DDoS攻击检测和防御模型.软件学报.2007,18(9):2245-2258
[112]http://www.ics.uci.edu/~mlearn/MLRepository.html
[113]http://www.csie.ntu.edu.tw/~cjlin/libsvmtools/datasets/
[114]A.E.Hoerl,R.W.Kennard.Ridge Regression:Biased Estimation for Nonorthogonal Problems.Technometrics,1970,12(1):55-67
[115]袁亚湘,孙文瑜.最优化理论与方法.北京:科学出版社.1997
[116]J.Suykens,L.Lukas,P.Dooren,et al.Least Squares Support Vector Machines Classifiers:A Large Scale Algorithm.Proceedings of the European Conference on Circuit Theory and Design,Stresa,Italy.1999:839-842
[117]J.Suykens,L.Lukas,J.Vandewalle.Sparse Least Squares Support Vector Machine Classifiers.Proceedings of the European Symposium on Artificial Neural Networks.2000:37-42
[118]J.Suykens,L.Lukas,J.Vandewalle.Sparse Approximation Using Least Squares Support Vector Machines. Proceedings of IEEE International Symposium on Circuits and System, 2000
[119]J6zsef Valyon, Gabor Horvath. A Sparse Least Squares Support Vector Machine Classifier. IEEE International Joint Conference on Neural Networks, 2004: 543-548
[120]J. Suykens, J. Vandewalle. Multiclass Least Squares Support Vector Machines. International Joint Conference on Neural Networks. 1999: 300-303
[121]T. V. Gestel, J. Suykens. Benchmarking Least Squares Support Vector Machine Classifiers. Machine Learning. 2004, 54: 5-32
[122]Daisuke Tsujinishi, Shigeo Abe. Fuzzy Least Squares Support Vector Machines. Proceedings of the International Joint Conference on Neural Networks. 2003:1599-1604
[123]Chulhee Lee, David A. Landgrebe. Analyzing high dimensional multi-spectral data. IEEE Transaction on Geoscience and Remote Sensing. 1993,31(4): 792-800
[124]Chulhee Lee, David A. Landgrebe. Decision Boundary Feature Extraction for Non-Parametric Classification. IEEE Transaction on System, Man and Cybernetics. 1993,23(2): 433-444
[125]Chulhee Lee, David A. Landgrebe. Feature Extraction Based on Decision Boundaries. IEEE Transaction on Pattern Analysis and Machine Intelligence. 1993,15(4): 388-400
[126]Chulhee Lee, David A. Landgrebe. Feature Extraction and Classification Algorithms for High Dimension Data. PhD Thesis, Purdue University, Jan. 1993
[127]K. Fukunage, W.L.G. Koontz. Application of the Karhunen-Loeve Expansion to Feature Selection and Ordering. IEEE Transaction on Computer. 1970,19(4)
[128]Lindsay I Smith. A Tutorial on Principal Components Analysis. 2002. http://kybele.psych.cornell,edu/-edelman/Psych-465- Spring-2003/PCA-tu torial.pdf
[129]K.Fukunaga.Introduction to Statistical Pattern Recognition,2~(nd)Edition.Academic Press,1990
[130]S.Kullback,R.A.Liebler.On Information and Sufficiency.Annals of Mathematical Statistics.1951,22:79-86
[131]边肇褀,张学工.模式识别.北京:清华大学出版社,2000:176-180
[132]Cheng Jin,Haining Wang,Kang G.Shin.Hop-Count Filtering:An Effective Defense against Spoofed DDoS Traffic.Proceedings of the 10th ACM Conference on Computer and Communications Security,2003
[133]陈家鑫.时间序列分析基础.暨南大学出版社,1989:142-165
[134]李金明,王汝传.基于VTP方法的DDoS攻击实时检测技术研究.电子学报.2007,35(4):791-796
[135]任勋益,王汝传,王海艳等.基于自相似检测DDoS攻击的小波选择.南京航空航天大学学报.2007,39(5):588-592
[136]Y.K.Chan,H.W.Chan,K.M.Chan,et al.IDR:An Intrusion Detection Router for Defending against Distributed Denial-of-Service(DDoS)Attacks.Proc.of the 7~(th)International Symposium on Parallel Architectures,Algorithms and Networks,Hong Kong,2004.IEEE Computer Society
[137]Sang-Heon Shim,Kyoung-Min Yoo,Kyeong-Eun Han,et al.Destination Address Monitoring Scheme for Detecting DDoS Attack in Centralized Control Network.Asia-Pacific Conference on Communications,Busan,Republic of Korea,2006