基于混沌同步与相关向量机的入侵检测算法研究
|
摘要
入侵检测技术是网络信息安全领域的一个重要研究分支。随着互联网应用的深化普及,网络黑客频繁出现,攻击方式不断增加,使得网络入侵检测技术成为计算机网络安全研究的热点,并对研究人员提出了更高的要求。入侵检测系统作为一种主动防御系统,是防火墙的重要补充,主要研究以往入侵信号的行为和特征,实现对新的入侵事件做出实时响应。本文把两种其他领域的方法引入到入侵检测领域,使检测的效率以及准确率都得到较大的提高。
针对目前入侵检测系统已使用的ARMA等线性检测方法,本文引入了动力学的混沌同步思想,从非线性信号处理角度对网络数据进行检测。在数据建模上使用高斯混合模型(Gaussian mixture model,GMM)结合期望最大化(Expectation Maximization,EM)算法对网络数据流建模,估计GMM的三个参数向量。使用待检测网络数据流参数向量与正常数据流参数向量的差值作为Liu混沌系统的混沌同步控制量,如果待检测数据流存在入侵信号,波形会产生振荡,只要选取适当的判决门限即可准确判定入侵信号。最后利用MIT林肯实验室DARPA数据库对系统进行仿真实验,结果表明,本文提出的方法与ARMA模型相比,对入侵检测具有更高的检测率和更低的误警率。
针对基于支持向量机(Support Vector Machine,SVM)等机器学习的非线性检测方法,本文引入了一种广泛用于图像识别领域的方法——相关向量机(Relevance Vector Machine,RVM)算法,对网络信号进行检测。先采用“删除特征”法对DARPA数据集中的42个特征进行评级,筛选出针对不同入侵类型的重要特征和非重要特征,通过仿真实验,证明了只选择重要特征进行RVM分类器的训练和测试,可以有效地提高分类器的检测率,并降低其误警率和减少检测时间。经过使用DARPA数据仿真,使用RVM可以获得与SVM相近的检测效果,但是检测速度相比于SVM大为提高,因此可以获得更高的检测效率。
通过分析比较,本文引入的两种方法应用于入侵检测系统以后,均能使检测性能在原有方法的基础上获得一定的提升,并且可以达到实际使用的标准。
Intrusion detection technology is an important research branch in the field of network information security. With the widespread use of Internet, network hackers increase frequently which lead to the increasing of attack methods. Network intrusion detection technology has become a hot point of computer network security research. The research staff has to do deepened research work. Intrusion Detection System is an active defense system, and it can make real-time reaction to new intruding events, based on the behavior and feature of former intruding signals. Intrusion Detection System is an important complement to firewalls. This paper presents two new intrusion detection algorithms, which make greatly improved in detection efficiency and detection accuracy.
Current intrusion detection systems based on linear ARMA model have been used in many fields. A new detection method based on chaos synchronization has been introduced in this paper. The network flow can be modeled by using GMM combined with EM algorithm, and then the three parameter vectors can be estimated. Take the difference between normal flow data and data for detection as Liu chaos synchronization’s control measure, when it has intrusion signals, the wave plot would be oscillating, which is the feature of intrusion. When selecting the suitable threshold, the intrusion signals can be detected accurately. According to the simulations based on the DARPA datasets of MIT Lincoln Lab and the comparisons with the Intrusion Detection System (IDS) based on autoregressive moving average (ARMA) model, the results show that the detective probabilities are higher and the false alarm rates are lower by using this proposed method.
Compared with SVM (Support Vector Machine) non-linear detection methods, this paper introduces RVM (Relevance Vector Machine) algorithm which based on probability theory to do the network signal detection. First, I apply the“feature deduction”method to rate the 42 features in the DARPA dataset, and then select the important features and unimportant features according to different attack types, thus demonstrating that using only the important features in IDS can effectively increase the detection rate and decrease the false alarm rate and detecting time. After simulation, RVM can get a similar detection results as SVM, but the RVM detection speed of could be much higher and can get better detection efficiency.
According to the analysis and comparison, this paper proposes two new methods such as chaos synchronization technology and RVM technology in intrusion detection systems. The simulation result shows that both methods in the system model has a better detection result than existing methods and can achieve basic practical criteria.
针对目前入侵检测系统已使用的ARMA等线性检测方法,本文引入了动力学的混沌同步思想,从非线性信号处理角度对网络数据进行检测。在数据建模上使用高斯混合模型(Gaussian mixture model,GMM)结合期望最大化(Expectation Maximization,EM)算法对网络数据流建模,估计GMM的三个参数向量。使用待检测网络数据流参数向量与正常数据流参数向量的差值作为Liu混沌系统的混沌同步控制量,如果待检测数据流存在入侵信号,波形会产生振荡,只要选取适当的判决门限即可准确判定入侵信号。最后利用MIT林肯实验室DARPA数据库对系统进行仿真实验,结果表明,本文提出的方法与ARMA模型相比,对入侵检测具有更高的检测率和更低的误警率。
针对基于支持向量机(Support Vector Machine,SVM)等机器学习的非线性检测方法,本文引入了一种广泛用于图像识别领域的方法——相关向量机(Relevance Vector Machine,RVM)算法,对网络信号进行检测。先采用“删除特征”法对DARPA数据集中的42个特征进行评级,筛选出针对不同入侵类型的重要特征和非重要特征,通过仿真实验,证明了只选择重要特征进行RVM分类器的训练和测试,可以有效地提高分类器的检测率,并降低其误警率和减少检测时间。经过使用DARPA数据仿真,使用RVM可以获得与SVM相近的检测效果,但是检测速度相比于SVM大为提高,因此可以获得更高的检测效率。
通过分析比较,本文引入的两种方法应用于入侵检测系统以后,均能使检测性能在原有方法的基础上获得一定的提升,并且可以达到实际使用的标准。
Intrusion detection technology is an important research branch in the field of network information security. With the widespread use of Internet, network hackers increase frequently which lead to the increasing of attack methods. Network intrusion detection technology has become a hot point of computer network security research. The research staff has to do deepened research work. Intrusion Detection System is an active defense system, and it can make real-time reaction to new intruding events, based on the behavior and feature of former intruding signals. Intrusion Detection System is an important complement to firewalls. This paper presents two new intrusion detection algorithms, which make greatly improved in detection efficiency and detection accuracy.
Current intrusion detection systems based on linear ARMA model have been used in many fields. A new detection method based on chaos synchronization has been introduced in this paper. The network flow can be modeled by using GMM combined with EM algorithm, and then the three parameter vectors can be estimated. Take the difference between normal flow data and data for detection as Liu chaos synchronization’s control measure, when it has intrusion signals, the wave plot would be oscillating, which is the feature of intrusion. When selecting the suitable threshold, the intrusion signals can be detected accurately. According to the simulations based on the DARPA datasets of MIT Lincoln Lab and the comparisons with the Intrusion Detection System (IDS) based on autoregressive moving average (ARMA) model, the results show that the detective probabilities are higher and the false alarm rates are lower by using this proposed method.
Compared with SVM (Support Vector Machine) non-linear detection methods, this paper introduces RVM (Relevance Vector Machine) algorithm which based on probability theory to do the network signal detection. First, I apply the“feature deduction”method to rate the 42 features in the DARPA dataset, and then select the important features and unimportant features according to different attack types, thus demonstrating that using only the important features in IDS can effectively increase the detection rate and decrease the false alarm rate and detecting time. After simulation, RVM can get a similar detection results as SVM, but the RVM detection speed of could be much higher and can get better detection efficiency.
According to the analysis and comparison, this paper proposes two new methods such as chaos synchronization technology and RVM technology in intrusion detection systems. The simulation result shows that both methods in the system model has a better detection result than existing methods and can achieve basic practical criteria.
引文
[1]唐正军,李建华.入侵检测技术.清华大学出版社,北京, 2004.
[2]刘渊等.因特网防火墙技术.机械工业出版社,北京, 1998.8.
[3]陈霖.分布式入侵检测系统的设计.电子科技大学学报. 2002, vol (31), No.2, 188-191.
[4]韩宏,卢显良.一种分布式入侵检测系统架构.计算学, 2001, vol (28), No.9, 51-54.
[5]卿斯汉,蒋建春等.入侵检测技术研究综述[J].通信学报, 2004, vol (25), No.7.
[6]代英侠,连一峰等.系统安全与入侵检测[M].清华大学出版社,北京, 2001.09.
[7] Kuchimanchi, G K, Phoha, V V, Balagani, K S, Gaddam, S R. Dimension reduction using feature extraction methods for real-time misuse detection systems, Proceedings from the Fifth Annual IEEE SMC, June 2004: 195-202.
[8] Ghosh A K, Wanken J, Charron F. Detecting anomalous and unknown intrusions against programs, Computer Security Applications Conference, 1998, (12): 259-267.
[9]黄德双.神经网络模式识别理论系统.第1版.北京:电子工业出版社, 1996.
[10]韩东海,王超.入侵检测系统实例剖析.北京:清华大学出版社, 2002: 2-25.
[11]阎平凡.人工神经网络的容量学习与计算复杂性[J].电子学报. 1995, vol (23): 63-67.
[12] Ross J.Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems [M].北京:机械工业出版社, 2005.10.
[13]李战春,李之堂,黎耀.基于径向基函数的入侵检测系统[J].计算机应用. 2006, 26.5: 1075-1080.
[14]高隽.人工神经网络原理及仿真实例[M].北京:机械工业出版社, 2003.
[15]周明,孙树栋.遗传算法原理及应用.国防工业出版社,北京, 1999.
[16]陈国良,王煦法等.遗传算法及其应用[M].北京:人民邮电出版社, 1996.06.
[17]徐峰,王志芳,王宝等. AR模型应用于振动信号趋势预测的研究[J].清华大学学报. 1999, vol (39), 4.
[18]韦红军,何迪.基于ARMA模型的CFAR网络入侵检测方法研究[J].信息技术. 2007.05.
[19] Choi, Byoung Seon., ARMA Model Identification, New York: Springer-Verlag, 1992.
[20] Barket M., and Varshney P.K., Decentrailized CFAR signal detection. IEEE Trans. On AES, Mar., 1989,pp. 141-149.
[21]中山大学数学系,《概率论及数理统计》,北京:高等教育出版社. 2001年.
[22]邹柏贤,姚志强,“一种网络流量平稳化方法”.通信学报, 2004.8, vol.25, pp: 14-23.
[23]程曦.基于概率神经网络的入侵检测技术[J].计算机辅助工程. 2005,14.4: 66-70.
[24]秦翠芒.基于RBF神经网络的入侵检测技术研究[D].中北大学硕士学位论文.
[25]梁鹏程.基于神经网络的入侵检测研究[D].哈尔滨工业大学硕士学位论文.
[26]杨建刚.人工神经网络实用教程.杭州:浙江大学出版社, 2001: 26~62.
[27]焦李成.神经网络系统理论.西安:西安电子科技大学, 1996: 4~36.
[28]韩力群.人工神经网络的理论、设计及应用[M].北京:化学工业出版社,2002.
[29] Nello Cristianini, John Shawe-Taylor. An Introduction to Support Vector Machines and Other Kernel-based Learning Methods. Cambridge University Press, 2000.
[30] JIANG Zhiqian, FU Hanguang. Support Vector Machine for mechanical faults classification [J]. Jzhejiang Univ SCI, 2005, 6A (5): 433 - 439.
[31]饶鲜,董春曦,杨绍全.基于支持向量机的入侵检测系统. 2003年第14卷第4期.
[32] E. Osuna and F. Girosi. Reducing the run-time complexity of support vector machines. International Conference on Pattern Recognition, 1998.
[33] John Mill, Atsushi Inoue. Support Vector Classifiers and Network Intrusion Detection. Fuzzy Systems, 2004. Proceedings. 2004 IEEE International Conference on.
[34] H. Yu J. Yang, and J. Han. Classit2ying large data sets using SVMs with hierarchical cluster. Ninth ACM SIGKDD international conference on Knowledge discover and data mining, 2003.
[35] C. Domeniconi and D. Gunopulos. Incremental support vector machine construction. ICDM. 2001, pp. 589-592.
[36] J. Mill. Support Vector Machines. N-gram Kernels and Text Classification. Master’s thesis, Eastern Washington University, 2002.
[37]戴天虹,王克奇,杨少春.基于支持向量机的入侵检测研究.中国安全科学学报. 2008年4月,第18卷第4期.
[38] Sung AH (1998) Ranking Importance of Input Parameters Of Neural Networks. Expert Systems with Application, pp.405-411.
[39]柏海滨,李俊.基于支持向量机的入侵检测系统的研究.计算机技术与发展. 2008年4月第18卷第4期.
[40] Kewley, D.L., Bouchard, J.F., DARPA Information Assurance Program dynamic defense experiment summary, IEEE Transactions on,Systems, Man and Cybernetics, Part A, Jul., 2001, page(s): 300-310, Vol: 31
[41] F.Cuppens. A.Miege. Alert Correlation in a Cooperative Intrusion Detection Framework. In IEEE Symposium on Security and Privacy. Oakland. CA. 2002.
[42] http://www.ll.mit.edu/IST/ideval/data/1998/1998_data_index.html
[43]郝柏林.分岔、混沌、奇怪吸引子、湍流及其他.物理学进展,3(3),1983.
[44]郑宁.非线性函数耦合的吸引子网络的混沌同步.上海交通大学硕士学位论文. 2008.
[45]任春明. Liu系统的混沌控制与同步研究.西安建筑科技大学硕士学位论文. 2008.
[46]贾飞蕾.非线性动力系统混沌同步的研究.西北工业大学硕士学位论文. 2007.
[47]邹恩,李祥飞,陈建国.混沌控制及其优化应用.北京:国防科技大学出版社.
[48]李树.混沌理论在经济系统中的应用.技术经济与管理研究,1998.5:68-69.
[49] L.Kocarev, K.S.Halle, K.Eckert, L.O.Chua, U.Parlitz, Int.J.Bifurcation Chaos 3(1993) 479.
[50] X.S.Yang, C.K.Duan, X.X.Liao, Chaos Solutions Fractals 10(1999)1 457.
[51] X.H.Yin, Y.Ren, X.M.Shan, Chaos Solutions Fractals 14(2002)1077.
[52] Yu HJ and Liu YZ.Chaotic synchronization based on stability criterion of linear systems.Phys Lett A 2003, 314: 292-298.
[53] Wu C F J. On the convergence properties of the EM algorithm, Annals of Statistics, 1983, 11: 95-103.
[54] Meir Feder and Ehud Weinstein. Parameter Estimation of Superimposed Signals Using the EM Algorithm, IEEE Trans on Acoustics, Speech, and Signal Processing, 1988, 36,(4): 477-489.
[55] Dempster A P, Laird N M, Rubin D B. Maximum Likelihood from Incomplete Data via the EM Algorithm, J. Royal Statistical Society, B, 1977, 39, (11): 1-18.
[56] Radford Neal, Geoffrey Hinton. A view of the EM algorithm that justifiesincremental, sparse, and other variants. Cambridge, MA: MIT Press, 1999.
[57]王发强,刘崇新. Liu混沌系统的线性反馈同步控制及电路实验的研究[J].物理学报, 2005, 55(10): 5055-5060.
[58] L M Pecora, T L Carroll. Synchronization in chaotic system, Physical Review Letters, 1990, 64(6): 821-824.
[59]陈志盛,孙克辉,张泰山. Liu混沌系统的非线性同步控制[J].物理学报, 2005, 54(6): 2580-2583.
[60] Chen G, LüJ. Dynamical Analysis, Control and Synchronization of the Lorenz Systems Family[M], Beijing: Science Press, 2003.
[61] Lippmann R P, Fried D J, Graf I, et al. Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation, DARPA Information Survivability Conference and Exposition, 2000, 2, (1): 12-26.
[62]向日华,王润生.一种基于高斯混合模型的距离图像分割算法[J].软件学报,2003,14(07):1250-1257.
[63]侯风雷,张昆帆,王炳锡.基于正交高斯混合模型的说话人识别研究[J].信息工程大学学报,2002,3(2):43-45.
[64] Di He, Henry Leung. Network Intrusion Detection Using CFAR Abrupt-Change Detectors, IEEE trans. on instrumentation and measurement, 2008, 57, (3): 490-497.
[65]韦红军,何迪.基于ARMA模型的CFAR网络入侵检测方法研究.上海交通大学硕士学位论文[M]. 2007.01.
[66] Hua Chen, Wei Xiong. Application of Relevance Vector Machine to downscale GCMs to runoff in hydrology. Fifth International Conference on Fuzzy Systems and Knowledge Discovery, 2008, 598-601.
[67] J A K Suykem,J Vandewalle.Leasst squares support vector machines classifiers[J].Neural Network Letters,1999,9(3):293—300.
[68] XIANG Min-xu, MAO Yun-feng, XIONG Jia-ni. Classification performance comparison between RVM and SVM [C]. IEEE International Workshop on Anti-counterfeiting, Security, Identification.USA: IEEE, 2007: 208-211.
[69] Tipping M E. The relevance vector machine[J].Advances in Information Processing System,2000,(2):652-658.
[70] Tipping M E. Sparse bayesian learning and the relevance vector machine [J]. Journal of Machine Learning Research,2001,1(3):211—244.
[71] Liang Yu-Lei, Qing Zhang. Relevance vector machine based bearing fault diagnosis machine learning and cybernetics[C]. 2006 International Conference on Aug. 2006. 3492-3496.
[72] Quinonero Candela, J Hansen. Time series prediction based on therelevance vector machine with adaptive kernels[C]. Acoustics, Speech, and Signal Processing, 2002, Proceedings. IEEE International Conference on 2002, (1): 985-988.
[73] Lu Changhua, Chang Ningning. A novel algorithm for moving objects recognition based on sparse Bayesian classification[C]. Machine Learning for Signal Processing, 2006. Proceedings of the 2006 16th IEEE Signal Processing Society Workshop on 2006, 135-139.
[74] Jongcheol Kim, Yasuo Suga. A New Approach to Fuzzy Modeling of Nonlinear Dynamic Systems with Noise: Relevance Vector Learning Mechanism. IEEE TRANSACTIONS ON FUZZY SYSTEMS, VOL. 14, NO. 2, APRIL 2006: 222-231.
[75] Ana S. Lukic, Miles N. WernickBayesian. Kernel Methods for Analysis ofFunctional Neuroimages. IEEE TRANSACTIONS ON MEDICAL IMAGING, VOL. 26, NO. 12, DECEMBER 2007: 1613-1623.
[76] Gustavo Camps-Valls, Manel Martínez-Ramón. Nonlinear System Identification with Composite Relevance Vector Machines. IEEE SIGNAL PROCESSING LETTERS, VOL. 14, NO. 4, APRIL 2007: 279-182.
[77] Kyuho Hwang and Sooyong Choi. Blind Equalization Method Based on Sparse Bayesian Learning. IEEE SIGNAL PROCESSING LETTERS, VOL. 16, NO. 4, APRIL 2009: 315-318.
[78] Liyang Wei, Yongyi Yang. Relevance Vector Machine for Automatic Detection of Clustered Microcalcifications. IEEE TRANSACTIONS ON MEDICAL IMAGING, VOL. 24, NO. 10, OCTOBER 2005: 1278-1285.
[79] Biao Yang, Zengke Zhang, and Zhengshun Sun. Robust Relevance Vector Regression with Trimmed Likelihood Function. IEEE SIGNAL PROCESSING LETTERS, VOL. 14, NO. 10, OCTOBER 2007: 746-749.
[80] S. Chen, S. R. Gunn, and C. J. Harris. The Relevance Vector Machine Technique for Channel Equalization Application. IEEE TRANSACTIONS ON NEURAL NETWORKS, VOL. 12, NO. 6, NOVEMBER 2001: 1529-1532.
[2]刘渊等.因特网防火墙技术.机械工业出版社,北京, 1998.8.
[3]陈霖.分布式入侵检测系统的设计.电子科技大学学报. 2002, vol (31), No.2, 188-191.
[4]韩宏,卢显良.一种分布式入侵检测系统架构.计算学, 2001, vol (28), No.9, 51-54.
[5]卿斯汉,蒋建春等.入侵检测技术研究综述[J].通信学报, 2004, vol (25), No.7.
[6]代英侠,连一峰等.系统安全与入侵检测[M].清华大学出版社,北京, 2001.09.
[7] Kuchimanchi, G K, Phoha, V V, Balagani, K S, Gaddam, S R. Dimension reduction using feature extraction methods for real-time misuse detection systems, Proceedings from the Fifth Annual IEEE SMC, June 2004: 195-202.
[8] Ghosh A K, Wanken J, Charron F. Detecting anomalous and unknown intrusions against programs, Computer Security Applications Conference, 1998, (12): 259-267.
[9]黄德双.神经网络模式识别理论系统.第1版.北京:电子工业出版社, 1996.
[10]韩东海,王超.入侵检测系统实例剖析.北京:清华大学出版社, 2002: 2-25.
[11]阎平凡.人工神经网络的容量学习与计算复杂性[J].电子学报. 1995, vol (23): 63-67.
[12] Ross J.Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems [M].北京:机械工业出版社, 2005.10.
[13]李战春,李之堂,黎耀.基于径向基函数的入侵检测系统[J].计算机应用. 2006, 26.5: 1075-1080.
[14]高隽.人工神经网络原理及仿真实例[M].北京:机械工业出版社, 2003.
[15]周明,孙树栋.遗传算法原理及应用.国防工业出版社,北京, 1999.
[16]陈国良,王煦法等.遗传算法及其应用[M].北京:人民邮电出版社, 1996.06.
[17]徐峰,王志芳,王宝等. AR模型应用于振动信号趋势预测的研究[J].清华大学学报. 1999, vol (39), 4.
[18]韦红军,何迪.基于ARMA模型的CFAR网络入侵检测方法研究[J].信息技术. 2007.05.
[19] Choi, Byoung Seon., ARMA Model Identification, New York: Springer-Verlag, 1992.
[20] Barket M., and Varshney P.K., Decentrailized CFAR signal detection. IEEE Trans. On AES, Mar., 1989,pp. 141-149.
[21]中山大学数学系,《概率论及数理统计》,北京:高等教育出版社. 2001年.
[22]邹柏贤,姚志强,“一种网络流量平稳化方法”.通信学报, 2004.8, vol.25, pp: 14-23.
[23]程曦.基于概率神经网络的入侵检测技术[J].计算机辅助工程. 2005,14.4: 66-70.
[24]秦翠芒.基于RBF神经网络的入侵检测技术研究[D].中北大学硕士学位论文.
[25]梁鹏程.基于神经网络的入侵检测研究[D].哈尔滨工业大学硕士学位论文.
[26]杨建刚.人工神经网络实用教程.杭州:浙江大学出版社, 2001: 26~62.
[27]焦李成.神经网络系统理论.西安:西安电子科技大学, 1996: 4~36.
[28]韩力群.人工神经网络的理论、设计及应用[M].北京:化学工业出版社,2002.
[29] Nello Cristianini, John Shawe-Taylor. An Introduction to Support Vector Machines and Other Kernel-based Learning Methods. Cambridge University Press, 2000.
[30] JIANG Zhiqian, FU Hanguang. Support Vector Machine for mechanical faults classification [J]. Jzhejiang Univ SCI, 2005, 6A (5): 433 - 439.
[31]饶鲜,董春曦,杨绍全.基于支持向量机的入侵检测系统. 2003年第14卷第4期.
[32] E. Osuna and F. Girosi. Reducing the run-time complexity of support vector machines. International Conference on Pattern Recognition, 1998.
[33] John Mill, Atsushi Inoue. Support Vector Classifiers and Network Intrusion Detection. Fuzzy Systems, 2004. Proceedings. 2004 IEEE International Conference on.
[34] H. Yu J. Yang, and J. Han. Classit2ying large data sets using SVMs with hierarchical cluster. Ninth ACM SIGKDD international conference on Knowledge discover and data mining, 2003.
[35] C. Domeniconi and D. Gunopulos. Incremental support vector machine construction. ICDM. 2001, pp. 589-592.
[36] J. Mill. Support Vector Machines. N-gram Kernels and Text Classification. Master’s thesis, Eastern Washington University, 2002.
[37]戴天虹,王克奇,杨少春.基于支持向量机的入侵检测研究.中国安全科学学报. 2008年4月,第18卷第4期.
[38] Sung AH (1998) Ranking Importance of Input Parameters Of Neural Networks. Expert Systems with Application, pp.405-411.
[39]柏海滨,李俊.基于支持向量机的入侵检测系统的研究.计算机技术与发展. 2008年4月第18卷第4期.
[40] Kewley, D.L., Bouchard, J.F., DARPA Information Assurance Program dynamic defense experiment summary, IEEE Transactions on,Systems, Man and Cybernetics, Part A, Jul., 2001, page(s): 300-310, Vol: 31
[41] F.Cuppens. A.Miege. Alert Correlation in a Cooperative Intrusion Detection Framework. In IEEE Symposium on Security and Privacy. Oakland. CA. 2002.
[42] http://www.ll.mit.edu/IST/ideval/data/1998/1998_data_index.html
[43]郝柏林.分岔、混沌、奇怪吸引子、湍流及其他.物理学进展,3(3),1983.
[44]郑宁.非线性函数耦合的吸引子网络的混沌同步.上海交通大学硕士学位论文. 2008.
[45]任春明. Liu系统的混沌控制与同步研究.西安建筑科技大学硕士学位论文. 2008.
[46]贾飞蕾.非线性动力系统混沌同步的研究.西北工业大学硕士学位论文. 2007.
[47]邹恩,李祥飞,陈建国.混沌控制及其优化应用.北京:国防科技大学出版社.
[48]李树.混沌理论在经济系统中的应用.技术经济与管理研究,1998.5:68-69.
[49] L.Kocarev, K.S.Halle, K.Eckert, L.O.Chua, U.Parlitz, Int.J.Bifurcation Chaos 3(1993) 479.
[50] X.S.Yang, C.K.Duan, X.X.Liao, Chaos Solutions Fractals 10(1999)1 457.
[51] X.H.Yin, Y.Ren, X.M.Shan, Chaos Solutions Fractals 14(2002)1077.
[52] Yu HJ and Liu YZ.Chaotic synchronization based on stability criterion of linear systems.Phys Lett A 2003, 314: 292-298.
[53] Wu C F J. On the convergence properties of the EM algorithm, Annals of Statistics, 1983, 11: 95-103.
[54] Meir Feder and Ehud Weinstein. Parameter Estimation of Superimposed Signals Using the EM Algorithm, IEEE Trans on Acoustics, Speech, and Signal Processing, 1988, 36,(4): 477-489.
[55] Dempster A P, Laird N M, Rubin D B. Maximum Likelihood from Incomplete Data via the EM Algorithm, J. Royal Statistical Society, B, 1977, 39, (11): 1-18.
[56] Radford Neal, Geoffrey Hinton. A view of the EM algorithm that justifiesincremental, sparse, and other variants. Cambridge, MA: MIT Press, 1999.
[57]王发强,刘崇新. Liu混沌系统的线性反馈同步控制及电路实验的研究[J].物理学报, 2005, 55(10): 5055-5060.
[58] L M Pecora, T L Carroll. Synchronization in chaotic system, Physical Review Letters, 1990, 64(6): 821-824.
[59]陈志盛,孙克辉,张泰山. Liu混沌系统的非线性同步控制[J].物理学报, 2005, 54(6): 2580-2583.
[60] Chen G, LüJ. Dynamical Analysis, Control and Synchronization of the Lorenz Systems Family[M], Beijing: Science Press, 2003.
[61] Lippmann R P, Fried D J, Graf I, et al. Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation, DARPA Information Survivability Conference and Exposition, 2000, 2, (1): 12-26.
[62]向日华,王润生.一种基于高斯混合模型的距离图像分割算法[J].软件学报,2003,14(07):1250-1257.
[63]侯风雷,张昆帆,王炳锡.基于正交高斯混合模型的说话人识别研究[J].信息工程大学学报,2002,3(2):43-45.
[64] Di He, Henry Leung. Network Intrusion Detection Using CFAR Abrupt-Change Detectors, IEEE trans. on instrumentation and measurement, 2008, 57, (3): 490-497.
[65]韦红军,何迪.基于ARMA模型的CFAR网络入侵检测方法研究.上海交通大学硕士学位论文[M]. 2007.01.
[66] Hua Chen, Wei Xiong. Application of Relevance Vector Machine to downscale GCMs to runoff in hydrology. Fifth International Conference on Fuzzy Systems and Knowledge Discovery, 2008, 598-601.
[67] J A K Suykem,J Vandewalle.Leasst squares support vector machines classifiers[J].Neural Network Letters,1999,9(3):293—300.
[68] XIANG Min-xu, MAO Yun-feng, XIONG Jia-ni. Classification performance comparison between RVM and SVM [C]. IEEE International Workshop on Anti-counterfeiting, Security, Identification.USA: IEEE, 2007: 208-211.
[69] Tipping M E. The relevance vector machine[J].Advances in Information Processing System,2000,(2):652-658.
[70] Tipping M E. Sparse bayesian learning and the relevance vector machine [J]. Journal of Machine Learning Research,2001,1(3):211—244.
[71] Liang Yu-Lei, Qing Zhang. Relevance vector machine based bearing fault diagnosis machine learning and cybernetics[C]. 2006 International Conference on Aug. 2006. 3492-3496.
[72] Quinonero Candela, J Hansen. Time series prediction based on therelevance vector machine with adaptive kernels[C]. Acoustics, Speech, and Signal Processing, 2002, Proceedings. IEEE International Conference on 2002, (1): 985-988.
[73] Lu Changhua, Chang Ningning. A novel algorithm for moving objects recognition based on sparse Bayesian classification[C]. Machine Learning for Signal Processing, 2006. Proceedings of the 2006 16th IEEE Signal Processing Society Workshop on 2006, 135-139.
[74] Jongcheol Kim, Yasuo Suga. A New Approach to Fuzzy Modeling of Nonlinear Dynamic Systems with Noise: Relevance Vector Learning Mechanism. IEEE TRANSACTIONS ON FUZZY SYSTEMS, VOL. 14, NO. 2, APRIL 2006: 222-231.
[75] Ana S. Lukic, Miles N. WernickBayesian. Kernel Methods for Analysis ofFunctional Neuroimages. IEEE TRANSACTIONS ON MEDICAL IMAGING, VOL. 26, NO. 12, DECEMBER 2007: 1613-1623.
[76] Gustavo Camps-Valls, Manel Martínez-Ramón. Nonlinear System Identification with Composite Relevance Vector Machines. IEEE SIGNAL PROCESSING LETTERS, VOL. 14, NO. 4, APRIL 2007: 279-182.
[77] Kyuho Hwang and Sooyong Choi. Blind Equalization Method Based on Sparse Bayesian Learning. IEEE SIGNAL PROCESSING LETTERS, VOL. 16, NO. 4, APRIL 2009: 315-318.
[78] Liyang Wei, Yongyi Yang. Relevance Vector Machine for Automatic Detection of Clustered Microcalcifications. IEEE TRANSACTIONS ON MEDICAL IMAGING, VOL. 24, NO. 10, OCTOBER 2005: 1278-1285.
[79] Biao Yang, Zengke Zhang, and Zhengshun Sun. Robust Relevance Vector Regression with Trimmed Likelihood Function. IEEE SIGNAL PROCESSING LETTERS, VOL. 14, NO. 10, OCTOBER 2007: 746-749.
[80] S. Chen, S. R. Gunn, and C. J. Harris. The Relevance Vector Machine Technique for Channel Equalization Application. IEEE TRANSACTIONS ON NEURAL NETWORKS, VOL. 12, NO. 6, NOVEMBER 2001: 1529-1532.