摘要
随着网络技术的不断发展和应用范围的不断扩大,网络已成为社会进步的重要推动力量。然而,不断恶化的网络环境使得网络技术所面临的安全问题日益突出,传统的单点单源安全防御系统(如IDS、Firewall、VDS等)虽然在一定程度上提高了网络的安全性,但由于彼此间缺乏有效的协作,无法真正实现全网的整体安全态势监控。网络安全态势感知(Network Security Situational Awareness,NSSA)正是在此需求背景下应运而生的,并迅速成为了网络安全领域的研究热点问题。
所谓网络安全态势感知是指在大规模网络环境中,对能够引起网络安全态势发生变化的安全要素进行提取、理解、显示并预测未来发展趋势。目前,课题组对于网络安全态势感知的研究开展了大量工作,取得了大量的研究成果,但是对于系统中异构数据源的研究还不成熟,需要解决面向异构数据源的网络安全态势感知系统的框架模型、数据预处理、量化感知、动态预测等关键技术问题。基于此,本文提出面向异构数据源的网络安全态势感知的研究,并对相关核心技术问题进行了深入探讨。
首先,针对现有框架模型存在数据源单一或多源同质、响应延迟大、自我保护性差、稳定性和容错能力差等缺点,借助移动Agent的优点,提出一种面向异构数据源的网络安全态势感知系统框架模型,该框架结构自下而上依次分为信息获取层、数据预处理层、态势决策层,构建了一条从信息获取到量化感知再到态势预测的研究路线,并对每个层次所涉及模块进行了详细设计,建立了一个系统化、动态化、分布式、自适应的网络安全态势框架结构,利用PEPA形式化建模语言对框架模型进行分析,验证了框架模型的合理性,为后续研究内容的开展奠定基础。
其次,在框架模型的基础上,为了融合来自异构数据源的网络安全信息,提出一种“三段式”数据预处理方法,包括:基于无向图模型(Undirected Graphs Model,UGM)的数据分类、基于DS (Dempter-Shafer)证据理论的信息融合和证据冲突数据的分类修正。实验结果表明,该方法在数据分类中具
有较高的检测精确率和检测速度,不仅能保证分类的精确度,去除不确定性噪声数据带来的不利影响,有效的避免DS信息融合中证据冲突,而且能提高数据分类精度,为下一步的网络安全态势量化感知和预测提供数据支持。
再次,研究基于条件随机场的网络安全态势量化感知方法,该方法以态势分类报警信息作为网络安全态势量化感知的要素,结合主机的漏洞和状态,定义网络安全威胁度体现网络风险,并采用网络安全威胁度算法对攻击进行分类,最后生成明确的网络安全态势图,动态地完成整个网络安全状况的量化感知。实验结果表明,所采用的算法检测精度高,能有效地结合漏洞、资产、环境等各因素评估一个报警信息所表示的网络安全威胁程度,准确地对网络攻击进行分类,结果客观真实,能正确地为安全管理人员呈现安全态势,为下一步的网络安全态势预测提供条件。
最后,为了更加准确地对网络安全态势进行预测,针对网络安全态势的非线性时间序列特点研究基于Volterra模型的自适应预测方法。该方法根据Takens定理和相空间重构理论建立Volterra模型,实现网络安全态势的动态自适应预测。实验结果表明,该方法选取正确的混沌吸引子邻近轨道,适当的控制训练集的规模,具有较快的收敛速度和较强的逼近能力,能达到较高的预测精度,有效的预测网络安全态势,辅助安全分析人员和管理人员及时调整安全策略。
With the rapid development of network technology and its application, network has become an indispensable part for the society development. However, the continued deterioration of the network environment brings about severe security problems in networks. The traditional single-point single-source security defense systems such as IDS, Firewall and VDS, can only enhance security performance of network system to a certain degree.However,due to the lack of effective collaboration, the whole network security situation can not be monitored effectively. Under these circumstances, study of network security situation awareness (NSSA) is put forward as a key topic of network security research.
Network security situation awareness means that the system can extract, understand, display the security elements and then predict the security situation in the future. Though there are a lot of research methods on situation awareness, NSSA is still in its infancy stage. There exist many technical problems such as heterogeneous data source-oriented architecture, situation element preprocessing, situation quantitative awareness, situation dynamic prediction. Combining with specific requirements of the project, an overall solution for heterogeneous data source-oriented network security situation awareness system (NSSAS) is proposed, and the core technologies are deeply studied in this dissertation.
Firstly, considering the drawbacks of existed architecture such as single data source or multi-source with homogeneous data, long response delay, weak self-protection and lack of fault tolerance, a heterogeneous data source-oriented network security situation awareness system architecture based on mobile agents is studied. This architecture can be divided into information access layer, data preprocessing layer and situation decision layer which build a research way from information access to quantitative awareness and then to situation prediction. Every module in these three layers has been designed carefully and a systematic, dynamic, distributed and self-adapted NSSA architecture is built as last. The architecture is analyzed based on the formal modeling language PEPA. And then the rationality of this model is validated for the following research.
Secondly, based on NSSA architecture, a three-step data preprocessing method is proposed for the heterogeneous data source network security information fusion. This method includes data classification based on the Undirected Graphs Model (UGM), information fusion based on Dempter-Shafer (DS) evidence theory and classification amendment for the conflict data. The experiment results show that the method have a high detection accuracy and fast speed which can guarantee the classification accuracy and eliminate the bad influence with the uncertain noise data. Our method can avoid the evidence conflict in the DS information fusion and enhance the ability of data classification for the next NSSA quantitative awareness and prediction.
Thirdly, a network security situation quantitative awareness method is proposed. Combined with host vulnerability and states, our method extract the situation classification alarm information as the element of network security situation quantitative awareness and define the network security threat degree to demonstrate the network risk. To classify the different attacks, the network risk degree algorithm is applied and the network situation chart is generated for the whole network security state quantitative awareness. Experiment results show that our algorithm can evaluate network security threat degree from an alarm record effectively. The classification results on network attacks are truthful and objective which can reveal the security situation for the next network security situation prediction.
Finally, to address the nonlinearity time series of network security situation a self-adapted prediction method based on Volterra model is proposed. In order to achieve dynamic self-adapted prediction of the network security situation, our method builds the Volterra self-adaptation model according to the Takens theory and Phase-Space Reconstruction theory. The experiment results show that when selecting the correct chaotic attractor neighboring track and controlling the scale of train set properly, our method have the ability of fast convergence speed and strong approximation. With high prediction accuracy, our self-adapted prediction can help the administrators to adjust the security policy.
引文
[1] Rejeb S B, Nasser N, Choukair Z, et al. Modeling end-to-end QoS management and real time agreement protocols for resource reservation for multimedia mobile radio network. Computer Communications, 2007, 30(9): 1953-1963P
[2] Antoniou J, Koukoutsidis I, Jaho E, et al. Access network synthesis game in next generation networks. Computer Networks, 2009, 53(15): 2716-2726P
[3] Lee C, Fapojuwo O. Analysis and modeling of a campus wireless network TCP/IP traffic. Computer Networks, 2009, 53(15): 2674-2687P
[4] List of countries by number of Internet users. http://en.wikipedia.org/wiki/List_of_countries_by_number_of_internet_users,2009
[5] CERT. Cataloged vulnerabilities. http://www.cert.org/stats/, 2009
[6] Goodall J R, Lutters W G.Komlodi A. The work of intrusion detection: rethinking the role of security analysts. Proceeding of the Tenth Americas Conference on Information System.New York, NY, USA, 2004. 8: 1421-1427P
[7] T.Bass. Multi-sensor data fusion for next generation distributed intrusion detection systems. Proceedings of IRIS National Symposium on Sensor and Data Fusion,1999:24-27P.
[8] T. Bass. Intrusion Detection Systems and Multisensor Data Fusion: Creating Cyberspace Situational Awareness. Communications of the ACM, 2000, 43(4):99-105P
[9] Stephen G. Batsell, Nageswara S. Rao, Mallikarjun Shankar.Distributed Intrusion Detection and Attack Containment for Organizational Cyber Security. http://www.ioc.ornl.gov/ projects/documents/containment.pdf, 2007
[10] Jason Shifflet. A Technique Independent Fusion Model For Network Intrusion Detection. Proceedings of the Midstates Conference on Undergraduate Research in Computer Science and Mathematics. 2005, 3(1):13-19P
[11] William Streilein, Kendra Kratkiewicz, Michael Sikorski, et al. PANEMOTO: Network Visualization of Security Situational Awareness Through Passive Analysis. Proceeding of Information Assurance and Security Workshop. 2007: 284-290P
[12] Dan Shen, Genshe Chen, Jose B. Cruz, et al. A Markov Game Theoretic Data Fusion Approach for Cyber Situational Awareness. Proceedings of the SPIE - The International Society for Optical Engineering. 2007(6571):1-12P
[13] Ratna Bearavolu, Kiran Lakkaraju, William Yurcik. NVisionIP: An Animated State Analysis Tool for Visualizing NetFlows. FLOCON Network Flow Analysis Workshop. http://www.cert.org/flocon/,2005
[14] Koral llgun, Richard A.Kemmerer. State Transition Analysis A Rule-Based Intrusion Detection Approach. IEEE Transa Ctions on Software Engineering, 1995, 21(3): 181-199P
[15] Robert Ball, Glenn A. Fink, Chris North. Home-centric visualization of network traffic for security administration. Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. 2004: 55-64P
[16] Soon Tee Teoh, Kwan-Liu Ma, S.Felix Wu, et al. Case Study: Interactive Visualization for Internet Security. Proceedings of IEEE VIS. Boson, 2002: 505-508P
[17] Stephen R. Riese. Quantifying Information Availability forSituational Awareness. Mors Workshop on Decision Aids/Support to Joint Operations Planning. http://www.mors.org/ meetings/decision_aids/da_pres/Riese.pdf. 2007
[18] Christopher J. Matheus, Mieczyslaw M. Kokar, Kenneth Baclawski. A Core Ontology for Situation Awareness. Proceedings of the Sixth International Conference on Information Fusion, 2003: 971-978P
[19] F. Mirmoeini, Krishnamurthy. An Adaptive Situation Assessment Based Decision Making System. Proceeding of 2006 9th International Conference on Information Fusion. 2006: 1-8P
[20] A .DeMontigny-Leboeuf, F .Massicotte . Passive network discovery for real time situation awareness. In NATO/RTO Adaptive Defense in Unclassified Networks, 2004
[21] William Yurcik. Two visual computer network security monitoring tools incorporating operator interface requirements. In ACM CHI Workshop on Human-Computer Interaction and Security Systems(HCISEC), 2003
[22] Stephen Lau. The spinning cube of potential doom. Communications of the ACM, 2004, 47(6): 25-26P
[23] Carnegie Mellon's SEI. System for Internet Level Knowledge(SILK). http://silktools.sourceforge.net, 2005
[24] William Yurcik. Visualizing NetFlows for Security at Line Speed: The SIFT Tool Suite. 19th Usenix Large Installation System Administration Conference (LISA), San Diego, CA USA, 2005:212-218P
[25] Xiaoxin Yin, William Yurcik, Adam Slagell. The Design of VisFlowConnect-IP: a Link Analysis System for IP Security Situational Awareness. Proceedings of Third IEEE International Workshop on Information Assurance, 2005:141-153P
[26] Zhenmin Li, Jed Taylor, et al. UCLog: A Unified, CorrelatedLogging Architecture for Intrusion Detection. Proceedings of 12th International Conference on Telecommunication Systems Modeling and Analysis (ICTSM), 2004:122-137P
[27] Xiao Haidong, Li Jianhua. Knowledge base based Analysis of Security Situational Awareness. Proceedings of the International Conference on Networking, International Conference on Systems andInternational Conference on Mobile Communications and Learning Technologies, ICN/ICONS/MCL'06. 2006: 284-290P
[28]刘念,刘勇,李涛等.基于免疫的网络安全态势感知关键技术研究.四川大学学报(工程科学版), 2009, 41(6): 141-146页
[29]韦勇,连一峰,冯登国.基于信息融合的网络安全态势评估模型.计算机研究与发展.2009, 46(3), 353-362页
[30]韦勇,连一峰.基于日志审计与性能修正算法的网络安全态势评估模型.计算机学报.2009, 32(4):763-771页
[31]胡威,李建华,陈秀真等.可扩展的网络安全态势评价模型优化设计.电子科技大学学报.2008,38(1):113-116页
[32]王慧强,赖积保,朱亮等.网络态势感知系统研究综述.计算机科学.2006,33(10):5-10页
[33]赵国生,王慧强,王健.基于灰色Verhulst的网络安全态势感知模型.哈尔滨工业大学学报. 2008,40(5): 797-801页
[34]刘效武,王慧强,梁颖等.基于异质多传感器融合的网络安全态势感知模型.计算机科学,2008,135(18): 69-73页
[35]赖积保,王慧强,朱亮.网络安全态势感知模型研究.计算机研究与发展. 2006, 43(Supp.II): 456-460页
[36]梁颖,王慧强,赖积保.一种基于粗糙集理论的网络安全态势感知方法.计算机科学. 2007, 34(8): 95-97页
[37] Xiaowu Liu, Huiqiang Wang, Ying Liang,et al. Heterogeneous multisensor data fusion with multi-class support vector machines: creating network security situation awareness.Proceedings of the Sixth ICMLC, Hong Kong, August 2007:2689-2694P
[38] Xiaowu Liu, Huiqiang Wang, Jibo Lai, et al. Multiclass Support Vector Machines Theory and Its Data Fusion Application in Network Security Situation Awareness, Proceedings of WiCOM2007, Shanghai,2007:6343-6346P
[39]赖积保,王慧强,金爽.基于Netflow的网络安全态势感知系统研究.计算机应用研究. 2007, 24(8):167-169页
[40] Jibao LAI, Huiqiang WANG, et al. A WNN-based network security situation quantitative prediction method and its optimization. Journal of Computer Science and Technology. 2008, 23(1):1-9P
[41] Lai Jibao, WANG Huiqaing, LIU Xiaowu, et al. A Quantitative Prediction Method of Network Security Situation Based on Wavelet Neural Network. The First international Symposium on Data, Privacy, and E-commerce, Chengdu, China, 2007: 197-202P
[42] D.L. Hall. Mathematical Techniques in Multisensor Data Fusion. Bosston: Artech House. 2004:125-137P
[43] D.Shen, G.Chen, J.B.Cruz, et al. A markov game theoretic data fusion approach for cyber situational awareness. Multisensor, Multisource Information Fusion: Architecture, Algorithms, and Applications,2007:1-11P
[44] J.J.Salerno, M.Hinman, D.Boulware. A situation awareness model applied to multiple domains. Proceedings of the Defense and Security Conference,2006:65-74P
[45] G.Tadda, J.J.Salerno, D.Boulware, et.al. Realizing situation awareness in a cyber environment. Proceedings of Multisensor, Multisource Information Fusion: Architecture, Algorithms, and Applications, 2006,6242:1-8P
[46] J.Shifflet. A technique independent fusion model for network intrusion detection. Proceedings of the Midstates Conference onUndergraduate Research in Computer Science and Mathematics, 2004.10:13-19P
[47] H.Wang, Y.Liang, X.Liu. Stochastic game theoretical method of quantification for network situational awareness. Proceedings of the 2008 International Conference on Internet Computing in Science and Engineering,2008:312-316P
[48]谷雨,徐宗本,孙剑等.基于PCA与ICA特征提取的入侵检测集成分类系统.计算机研究与发展.2006,43(3):633-638页
[49]郭山清,谢立,曾英佩.入侵检测在线规则生成模型.计算机学报.2006,29(9):1523-1532页
[50]田大新,刘衍珩,李宾等.基于动态分类算法的人侵检测系统.吉林大学学报(信息科学版).2006,24(2):197-203页
[51]陶新民,陈万海,郭黎利.一种新的基于模糊聚类和免疫原理的入侵监测模型.电子学报.2006,34(7):1329-1332页
[52]苏璞睿,冯登国.基于进程行为的异常检测模型.电子学报.2006,34(10):1809-1811页
[53] A.Blyth. Footprinting for intrusion detection and threat assessment. Information Security Technical Report. 1999,4(3):43-53P
[54] B.D'Ambrosio, M.Takikawa, J.Fitzgerald, D.Upper, and et.al. Security situation assessment and response evaluation (SSARE). Proceedings of DARPA Information Survivability Conference & Exposition II, Berkeley, California,2001.7:387-394P
[55] V.Gorodetsky, O.Karsaev, V.Samoilov. On-line update of situation assessment based on asynchronous data streams. Knowledge-Based Intelligent Information and Engineering Systems,LNCS 3213,Berlin,Heidelberg,2004:1136-1142P
[56] J.J.Selerno, G.Tadda, D.Boulware, et.al. Achieving situation awareness in a cyber environment. Proceedings of the MILCOM2005, Atlantic City, New Jersey,2005.10:123-129P
[57] Dain O, Cunningham R K. Fusing a heterogeneous alert stream into scenarios. Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications, Philadelphia, PA, 2001
[58] Anderson D, Fong M, Valdes A. Heterogeneous sensor correlation: a case study of live traffic analysis. Proceedings of the 2002 IEEE Information Assurance Workshop, NUS, USA, 2002
[59] Valldes A, Skinner K. Probabilistic alert correlation. Proceedings of the 4th Int’l Symp on Recent Advances in Intrusion Detection, Davis, CA, 2001
[60] Ning P, Cui Y, Reeves D S. Techniques and tools for analyzing intrusion alerts. ACM Transactions on Information and System Security. 2004,(7):274-234P
[61] Yu J Q, Reddy Y V R, Selliah S, et al. TRINETR: an intrusion detection alert management system. Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastruc- ture for Collaborative Enterprise, Mondena, Italy,2004:235-240P
[62]穆成坡,黄厚宽,田盛丰等.基于模糊综合评判的入侵检测报警信息处理.计算机研究与发展.2005,42(10):1679-1685页
[63]田俊峰,赵卫东,杜瑞忠等.新的入侵检测数据融合模型--IDSFP.通信学报.2006,27(6):115-120页
[64] Robert Ball, Glenn A. Fink. Home-centric visualization of network traffic for security administration. Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. 2004:55-64P
[65] Soon Tee Teoh, Kwan-Liu Ma, S.Felix Wu, et al. Case Study: Interactive Visualization for Internet Security. Proceedings of 2002 IEEE Visualization,2002:505-508P
[66] Gregory Conti, Kulsoom Abdullah. Passive Visual Fingerprinting of Network Attack Tools. Proceedings of the 2004 ACM workshopon VizSEC/DMSEC. Fairfax, 2004:45-54P
[67] Phillip A. Porras, Richard A. Kemmerer. Penetration State Transition Analysis A Rule-Based Intrusion Detection Approach. Proceedings of the 8th Annual Computer Security Applications Conference,1992:220-229P
[68] Kiran Lakkaraju, William Yurcik, Adam J. Lee. NVisionIP: NetFlow Visualizations of System State for Security Situational Awareness. Proceedings of VizSEC/DMSEC. Washington DC,2004: 222-231P
[69] Ritchey R, Ammann P. Using model checking to analyze network vulnerabilities. Proceedings of the IEEE Symp. On Security and Privacy,2000:156-165P
[70] Jajodia S, Noel S, O’Berry B. Topological analysis of network attack vulnerability. Managing Cyber Threats: Issues, Approaches and Challenges. Springer-Verlag, 2005:248-266P
[71]陈秀真,郑庆华,管晓宏等.基于模糊信息融合的漏洞评估方法.小型微型计算机系统.2004,25(8):1424-1427页
[72] J.Holsopple, S.J.Yang, M.Sudit. TANDI: threat assessment of network data and information. Multisensor, Multisource Information Fusion: Architecture, Algorithms, and Applications,2006:1-11P
[73]陈秀真,郑庆华,管晓宏等.层次化网络安全威胁态势量化评估方法.软件学报. 2006,17(4):885-897页
[74] Bao X H, Dai Y X, Feng P H, et al. A detection and forecast algorithm for multistep attack based on intrusion intention. Journal of Software. 2005,16(12):2132-2138P
[75] Zhang G L, Sun J Z. A novel network intrusion attempts prediction model based on fuzzy neural network. Proceedings of the 6th International Conference on Computational Science, 2006,3991:419-426P
[76] Ishida C, Arakawa Y, Sasase I, Takemori K. Forecast techniques for predicting increase or decrease of attacks using Bayesian inference. Proceedings of the IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, 2005:450-453P
[77] Qin X, Lee W. Attack plan recognition and prediction using causal networks. Proceedings of International Conference on Computer Security Applications, 2004:370-379P
[78]任伟,蒋兴浩,孙锬锋.基于RBF神经网络的网络安全态势预测方法.计算机工程与应用.2006,42(31):136-138页
[79] Gan X B, Liu Y, Austin F R. A prediction method for time series based on wavelet neural networks. Proceedings of the CIS’2005, 2005:902-908P
[80]王美玲,张长江,付梦印,等.一种用于非线性函数逼近的小波神经网络算法仿真.北京理工大学学报. 2002, 22(3): 274-278页
[81] Ganame A K, Bourgeois J, Bidou R, Spies F. Evaluation of the intrusion detection capabilities and performance of a security operation center. Proceedings of the International Conference on Security and Cryptography, Setúbal, Portugal, 2006:48-55P
[82] Zhang Z, Li J, et al. A hierarchical network intrusion detection system using statistical preprocessing and neural network classification. Proceeding of the 2nd annual IEEE systems, mans, cybernetics information assurance workshop, NY, 2001:85-90P
[83] Ganame A K, Bourgeois J, Bidou R, et al. A global security architecture for intrusion detection on computer networks. Computers & Security. 2008, 27:30-47P
[84] Engelhardt D, Anderson M. A distributed multi-agent architecture for computer security situational awareness. Proceedings of the 6th International Conference of Information Fusion, Cairns, Queensland, Australia, 2003
[85]崔玉华,李涛,周仲义.远程监控Agent的体系结构及其环境安全态势评估模型.四川大学学报(工程科学版).2007,39(2):127-132页
[86] Wang A J A. Information security models and metrics. Proceedings of the 43rd annual Southeast regional conference, Kennesaw, Georgia, 2005, 2(2):178-184P
[87]林萍,王汝传,郑彦等.基于移动Agent的双层卫星网QoS路由算法.南京邮电大学学报(自然科学版). 2009,29(5):76-80页
[88]罗光春.入侵检测若干关键技术与DDoS攻击研究.电子科技大学博士论文. 2003:55-64页
[89]程显毅.基于多Agent的模式识别框架APRF的研究.南京理工大学博士论文. 2006:29-30页
[90] Gilmore S, Hillston J, Ribaudo M. An efficient algorithm for aggregating PEPA models. IEEE Transactions on Software Engineering, 2001, 27(5): 449-464P
[91] Tribastone M. The PEPA plug-in project. Proceedings of Fourth International Conference on the Quantitative Evaluation of Systems. Edinburgh, Scotland, 2007: 53-54P
[92]穆成坡,黄厚宽,田盛丰.入侵检测系统报警信息聚合与关联技术研究综述.计算机研究与发展.2006,43(1):1-8页
[93] Qin X Z, Lee W K. Statistical causality of infosec alert data. Proceedings of Recent Advances in Intrusion Detection 2003, LNCS 2820. Berlin, Springer Verlag. 2003:73-94P
[94] Tian Z H, Fang B X, et al. A vulnerability-driven approach to active alert verification for accurate and efficient intrusion detection. WSEAS Transactions on Communications. 2005, 4 (10):1002-1009P
[95]诸葛建伟,王大为,陈昱等.基于DS理论的网络异常检测方法.软件学报.2006,17(3):463-471页
[96] Wang N C, Lee C Y. A reliable QoS aware routing protocol with slot assignment for mobile ad hoc networks. Journal of Network and Computer Applications, 2009, 32(6): 1153-1166P
[97] J. Lafferty, A. McCallum, and F. Pereira. Conditional Random Fields: Probabilistic Models for Segmenting and Labeling Sequence Data, Proc. of ICML 2001: 282-289P
[98] O.Barndorff-Nielsen. Information and exponential families in statistical theory. Wiley, New York, 1978:232-238P
[99] Stolfo S J, Fan W, Wenke L, et al. KDD Cup 1999 Intrusion Detection. http://www.ics.uci.edu/~kdd/databases/kddcup99 2008
[100] Wenke Lee, S J Stolfo, K W Mok. A data mining framework for building intrusion detection models. The 1999 IEEE Symposium on Security and Privacy, Oakland, CA, 1999
[101] Vishwanathan S, Schraudolph N, Schmidt M, et al. Accelerated training of conditional random fields with stochastic gradient methods, ACM, 2006: 969-976P
[102] Kumar, S., Hebert, M. Man-made structure detection in natural images using a causal multiscale random field. In Proc. IEEE Conf. Computer Vision and Pattern Recognition.2003
[103] Dempster A P. Upper and lower probability inferences based on a sample from a finite univariate population. Biometrika, 1967, 54(3-4): 515-528P
[104] Shafer G. A mathematical theory of evidence: Princeton: Princeton university press, NJ, 1976
[105] Yager R R. On the Dempster-Shafer framework and new combination rules. Information Sciences, 1987, 41(2): 93-137P
[106] Yegar G D. The Dempster-Shafer framework and new combination rules. Information Sciences: an International Journal, 1988: 99-124P
[107]孙全,叶秀清,顾伟康.一种新的基于证据理论的合成公式.电子学报, 2000, 28(8): 117-119页
[108] Dubois D, Prade H. Default reasoning and possibility theory.Artificial Intelligence, 1988, 35(2): 243-257P
[109]王连锋,刘卫东.一种新的基本概率函数构建方法及应用.指挥控制与仿真, 2009, 31(1): 98-100页
[110] Schapire R E. The strength of weak learnability. Machine Learning. 1990, 5(2): 197-227P
[111]李闯,丁晓青,吴佑寿.一种改进的AdaBoost算法-AD AdaBoost.计算机学报. 2007, 30(1): 103-109页
[112]肖云,韩崇昭,郑庆华,等.一种基于多分类支持向量机的网络入侵检测方法.西安交通大学学报. 2005, 6(6): 562-565页
[113]罗敏,阴晓光,张焕国,等.基于无监督聚类支持向量机的入侵检测方法研究.计算机工程与应用. 2006, 18: 4-7页
[114] Shamir A. Identity-Based Cryptosystems and Signature Schemes. Advances in Cryptology, 1985: 47-53P
[115] Brynielsson J, Arnborg S. Bayesian games for threat prediction and situation analysis.Proceedings of the Seventh International Conference on Information Fusion, Stockholm, Sweden, 2004
[116] Chen G, Shen D, Kwan C, et al. Game theoretic approach to threat prediction and situation awareness. Proceedings of the 9th International Conference on Information Fusion, Florence, Italy, 2006
[117] Shen D, Chen G, Haynes L, et al. Strategies comparison for game theoretic cyber situational awareness and impact assessment. Proceedings of the 10th International Conference on Information Fusion, Quebec City, Canada, 2007:1-8P
[118]刘孙俊,李涛等.基于人工免疫的网络安全态势评估模型.微计算机信息.2008,24(63):22-24页
[119] Zhou Z Y, Shen J J, et al. A danger theory inspired multi-agent fusion model for network security assessment. Proceedings of the Third International Conference on Natural Computation, Haikou, China, 2007
[120] Siraj A. A unified alert fusion model for intelligent analysis of sensor data in an intrusion detection environment. A PhD Dissertation of the Faculty of Mississippi State University, 2006
[121] Liu X W, Wang H Q, Lai J B. Network security situation awareness model based on heterogeneous multi-sensor data fusion. Proceedings of ISCIS2007, Ankara, Turkey, 2007:287-292P
[122] Tuysuz F, Kahraman P. Project risk evaluation using a fuzzy analytic hierarchy process: an application to information technology projects: research articles. International Journal of Intelligent System. 2006,6(14):559-584P
[123] Lai J B, Wang H Q, et al. Study of network security situation awareness model based on simple additive and grey theory. Proceedings of CIS2006, Guangzhou, China, 2006:1545-1548P
[124] Hu W, Li J H, et al. A hierarchical algorithm for cyberspace situational awareness based on analytic hierarchy process. High Technology Letters. 2007,13(3):291-296P
[125]张慧敏,钱亦萍,郑庆华,等.通信学报. 2003, 24 (7): 155-163页
[126] Haslum Kjetil, Arnes André. Multisensor real-time risk assessment using continuous time hidden Markov models. Proceedings of the International Conference on ComputationalIntelligence and Security (CIS). Guangzhou, China, 2006: 694-703P
[127] Kapil K. G., Baikunth Nath, Kotagiri R. Conditional Random Fields for Intrusion Detection. Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops. Melbourne, Australia, 2007: 203-208P
[128] Jianping Li, Huiqiang Wang, Jianguang Yu. Research on the Application of CRFs Based on Feature Sets in Network IntrusionDetection. Proceedings-2008 International Conference on Security Technology, SecTech 2008. 2008: 194-197P
[129]李伟明,雷杰,董静,等.一种优化的实时网络安全风险量化方法.计算机学报, 2009, 32(4): 793-804页
[130]周俊生,戴新宇,尹存燕,等.基于层叠条件随机场模型的中文机构名自动识别.电子学报. 2006, 34(5): 804-809页
[131] Yet Another CRF toolkit. http://crfpp.sourceforge.net/ ,2009.
[132] Arnes A, Valeur F, Vigna G, et al. Using hidden Markov models to evaluate the risk of intrusions. Proceedings of the RAID'06, Hamburg, Germany. 2006: 145-164P
[133] Wang L Y, Liu A Y, Sushil J. Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Computer Communications. 2006,29(15):2917-2933P
[134]赖积保.基于异构传感器的网络安全态势感知若干关键技术研究.哈尔滨工程大学博士论文,哈尔滨, 2009:98-99页
[135] F.Takens. Detecting strange attractors in fluid turbulence, in: Dynamical systems and Turbulence, eds. D. Rand and L. S. Young.Springer, Berlin, 1981
[136] H. Kantz, T. Schreiber. Nonlinear time series analysis. Cambridge University Press. 1997
[137] L.A.Aguirre, S. A. Billings. Identification of models for chaotic systems noisy data: implications for performance and nonlinear filtering, Physica D, 1995,85:239-258P
[138] J. D. Farmer, J. J. Sidorowich. Predicting chaotic time series, Phys. Rev. Lett. 1987, 59(8): 845-848P
[139]张家树,肖先赐.混沌时间序列的Volterra自适应预测.物理学报. 2000, 49(3): 403-408页
[140]张家树,肖先赐.混沌时间序列的自适应高阶非线性滤波预测.物理学报. 2000, 49(7): 1221-1227页
[141]张冬青,宁宣熙,刘雪妮.基于神经网络的非线性时间序列在线预测.控制理论与应用. 2009, 26(2): 151-155页
[142]张翔,胡昌振,刘胜航,等.基于支持向量机的网络攻击态势预测技术研究.计算机工程.2007, 33(11): 10-12页
[143]郭振凯,宋召青,毛剑琴.基于最小二乘支持向量机的非线性广义预测控制.控制与决策. 2009, 24(4): 520-525页
[144]吴彤.非线性动力学混沌理论方法及其意义.清华大学学报. 2000, 15(3): 72-79页
[145]陈士华,陆均安.混沌动力学初步.武汉水利电力大学出版社. 1998: 20-32页
[146] Grassberger P, Procaccia I. Measuring the strangeness of strange attractors. Physica D: Nonlinear Phenomena, 1983. 9(1-2): 189-208P
[147]杜杰,曹一家,刘志坚,等.混沌时间序列的局域高阶Volterra滤波器多步预测模型. 2009, 58(9): 5997-6005页
[148] Yegneswaran V, Barford P, Paxson V. Using honeynets for Internet situational awareness. http://www.cs.wisc.edu/~pb/hotnets05_ final.pdf. 2006