[1]FORREST S, HOFMEYR S A, SOMAYAJI A, et al. A sense of self for UNIX processes [C]// Proceedings of 1996 IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 1996: 120-128.[2]HOFMEYR S A, FORREST S, SOMAYAJI A. Intrusion detection using sequence of system calls [J]. Journal of Computer Security, 1998, 6(3): 151-I80.[3]WAGNER D, DEAN D. Intrusion detection via static analysis [C]// Proceedings of 2001 IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 2001: 156-168.[4]DEBAR H, BECKER M, SIBONI D. A neural network component for an intrusion detection system [C]// Proceedings of 1992 IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 1992: 256-266.[5]ESKIN E, LEE W, STOLFO S. Modeling system calls for intrusion detection with dynamic window sizes [C]// Proceedings of DARPA Information Survivability Conference and Exposition II. Washington, DC: IEEE Computer Society, 2001: 165-175.[6]WESPI A, DACIER M, DEBAR H. Intrusion detection using variable-length audit trail pattern [C]// Proceedings of the 3rd International Workshop on the Recent Advances in Intrusion Detection. Berlin: Springer-Verlag, 2000: 110-129.[7]WARRENDER C, FORREST S, PEARLMUTTER B. Detecting intrusions using system calls: Alternative data models [C]// Proceedings of the 1999 IEEE Computer Society Symposium on Research in Security and Privacy. Washington, DC: IEEE Computer Society, 1999: 133-145.[8]LEE W, STOI FO S, MOK K.A data mining framework for building intrusion detection models [C]// Proceedings of 1999 IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 1999: 120-132.[9]MARCEAU C. Characterizing the behavior of a program using multiple length grams [C]// NSPW00: Proceedings of the 2000 Workshop on New Security Paradigms.New York:ACM,2000:101-110.[10]GENT C R, SHEPPARD C P. Predicting time series by a fully corrected neural network trained by back propagation [J]. Computing and Control Engineering Journal, 1992, 12(5): 123-127.[11]GHOSH A K, SCHWARTZBARD A, SCHZTZ M. Learning program behavior profiles for intrusion detection [C]// Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring. Berkeley: USENIX Association, 1999: 9-12.[12]屈延文. 软件行为学[M]. 北京:电子工业出版社, 2004.[13]TULYAKOV S, JAEGER S, GOVINDARAJU V, et al. Review of classifier combination methods [M]// Studies in Computational Intelligence: Machine Learning in Document Analysis and Recognition. Berlin: Springer-Verlag, 2008: 361-386. [14]LIPPMANN R, FRIED D, GRAF I, et al. Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation [C]// Proceedings of DISCEX 2000. Piscataway: IEEE, 1999: 12-26. [15]DAUGMAN J. Biometric decision landscapes, UCAM-CL-TR-482 [R]. Cambridge:University of Cambridge, 2000.[16]FAWCETT T. ROC graphs: Notes and practical considerations for researchers, HPL-2003-4 [R]. Palo Alto:HP Laboratories, 2004.[17]PROVOST F, FAWCETT T. Robust classification for imprecise environments[J]. Machine Learning,2001, 42(3):203-231.[18]MAO K, DU X, SUN Y. A modified process anomaly detection using Boolean function [C] // ICCT2012: Proceedings of the 14th International Conference on Communication Technologies. Piscataway: IEEE, 2012: 927-931.[19]GAFFNEY J E, Jr, ULVILA J W. Optimization of the operation of a detector: a decision theory approach, 00-1 [R]. Vienna: Decision Science Associates Inc, 2000. |