计算机病毒智能检测技术研究
|
摘要
日益泛滥的病毒问题已成为信息安全的最严重威胁之一。由于加密和变形病毒的出现使得传统的特征扫描法不再有效,研究新的反病毒方法刻不容缓。本文以统计学习理论为指导,对病毒的自动检测技术进行了深入研究,取得了以下几个方面的研究成果:
1.提出了基于多重朴素贝叶斯算法的病毒动态检测框架。检测系统在虚拟机中对可疑程序的行为进行监控,记录程序在运行时与操作系统交互过程中所调用的API函数相关信息,从中抽取特征输入检测器,检测器对样本集进行学习后即可用于对可疑程序进行自动检测,该法能有效地检测目前日益流行的变形病毒。
2.提出了基于模糊模式识别的病毒动态检测新思路。检测系统用定义在特征域上的模糊集来描述正常程序和病毒程序,然后采用“择近原则”进行模式分类。通过使用模糊智能学习技术,系统检测准确率达到91.93%。
3.提出了基于支持向量机的病毒动态检测方法。注意到正常程序的API调用序列具有局部连续性的性质,受此启发探讨了以API函数调用短序为特征空间的病毒自动检测方法。将支持向量机应用到病毒检测中,可以保证在先验知识不足的情况下,仍然有较好的分类正确率,这在较难获得大量病毒样本的情况下十分有利。实验表明基于支持向量机的病毒动态检测模型能有效地将正常和异常程序区分开来,只需要较少的病毒样本数据做训练,就能得到较高的检测精确率。由于检测过程中提取的是程序的行为信息,故而可以有效地检测采用了加密、迷惑化和动态库加载技术的病毒。
4.在借鉴传统特征扫描技术的基础上,提出了病毒静态分析检测方法。检测系统以程序中静态抽取的n-gram信息为特征,根据特征的信息增益值进行特征选择,应用粗糙集理论对所抽取的特征进行约简,消除冗余特征。检测系统通过统计方法找出正常程序与病毒程序的差异性,病毒检测过程中不需人工事先提取病毒的特征码。重点研究了基于核的属性约简方法,优化后的约简算法时间开销远小于经典属性约简算法。
5.深入研究了集成神经网络作为模式识别器在病毒静态检测中的应用。在Bagging算法的基础上,提出了IG-Bagging集成方法。IG-Bagging方法将基于信息增益的特征选择技术引入集成神经网络的构建中,同时扰动训练数据和扰动输入属性,使得生成的个体网络差异度大。实验结果表明,IG-Bagging的泛化能力比Bagging方法强,与Attribute Bagging方法相当,但其效率远优于AttributeBagging方法。
6.提出了基于D-S证据理论的病毒动态检测与静态检测相融合的新方法。检测系统采用支持向量机作为成员分类器对病毒的动态行为建模,使用概率神经网络作为成员分类器对病毒的静态行为建模,最后将各成员分类器的检测结果用D-S证据理论融合。应用D-S证据理论进行信息融合的一个最重要的环节就是证据信度值的确定。注意到相对某分类器,在对实际问题建模时都要尽力扩大类之间的距离,其类可分性强,则其分类结果越好,据此提出了基于类间距离测度的证据信度分配新方法。一般情形下Dempster组合规则的复杂度为P-complete,在本文的研究环境下,证明可以得到一种计算时间代价为O(N)的计算方法,说明提出的病毒检测方法符合高性能需求。通过应用D-S证据理论组合异构分类器,提高了集成病毒检测器的准确率,实验测试和结果分析表明该方法对未知和变形病毒均具有良好的检测效果,且性能优于流行的商用反病毒工具软件。
Computer viruses have been one of the most serious threats to information security due to the significant damage and the fast spread of them. As virus become more complex and sophisticated, the classical scanning detection method is no longer able to detect various forms of virus code effectively. It is crucial to develop new methods for defending viruses. In this dissertation, we explore the intelligent methods of automatically detecting viruses based on statistical learning theory. The main contributions of the dissertation are summarized as following:
Firstly, a multi-na(?)ve Bayes algorithm to detect computer viruses automatically is presented. This model monitors programs in the virtual machine to learn their behavior. As program interacts with operating system at runtime, the most relevant API calls are extracted as feature vector in detection engine. After being trained, the multi-na(?)ve Bayes classifier could be used to check malicious file. It is an efficient method for detecting the polymorphic viruses.
Secondly, using the method based on fuzzy pattern recognition algorithm, an intelligent system to detect the computer viruses is proposed. In this method the program files could be expressed as fuzzy sets. Then the principle of fuzzy closeness optimization to classification of samples is applied. Experimental results show that the method could detect known and unknown viruses by analyzing their behavior. The accuracy of the detection method is 91.93%
Thirdly, a method based on support vector machine (SVM) is proposed for detecting the computer virus. By utilizing SVM, the generalizing ability of virus detection system is still good even the sample dataset size is small. An experiment using system API function call trace is given to illustrate the performance of this model. It is found that the detection system based on SVM needs less priori knowledge than other methods and can shorten the training time under the same detection performance condition. The encrypted virus, the obfuscated virus and the dynamic load library virus can be detected by analyzing the behavior information of the programs.
Fourthly, motivated by the standard signature-based technique for detecting viruses, we explore the idea of automatically detecting viruses by use of the n-gram analysis. The original sample data is preprocessed with the knowledge reduction algorithm of rough set theory, and the redundant features are eliminated from the working sample dataset to reduce space dimension of sample data. The detection system categorizes a program as either normal or abnormal by the statistical method. It has no use for extracting the characteristic code of viruses before detection. An efficient implementation to calculate relative core, based on positive region definition is presented.
Fifthly, we generalize the problem of neural network ensemble by use of the modified bagging method to detect previously unknown viruses. After selecting features based on information gain, the probabilistic neural network is used in the process of building and testing the proposed ensemble system. Experimental results produced by the proposed detection engine show the improvement of the generalization compared to the classical bagging method. And the approach yields great efficiency compared to the attribute bagging method.
Last, we present a virus detection system based on the D-S theory of evidence, in which the dynamic and static analysis methods are combined. The detection engine applies two types of classifier, support vector machine and probabilistic neural network to detect the virus. For SVM classifier, we extract the feature vector by monitoring the samples. And the static feature of samples is used in the probabilistic neural network classifier. Finally, the D-S theory of evidence is used to combine the contribution of each individual classifier to give the final decision.
The approach of the belief estimation is the key of D-S theory. We propose a new method based on statistical measure of the individual classifier. In a general way, the main aim of a classifier is to enlarge the inter class distances, however no matter what the theory behind it is. That is say the more a classifier is able to discriminate between the classes, the better the classification results is. Based on this observation, we use inter class distances as an evidence of our belief.
As we know the complexity of Dempster's combination rule is P-complete. But in the domain of virus detection, we prove that its time complexity is O(N) in the restricted situation. This shows the presented method is efficient for the detection of viruses. Comparison experiments on polymorphic viruses show that the performance of our method is better than that of the commercial-grade antivirus tools.
1.提出了基于多重朴素贝叶斯算法的病毒动态检测框架。检测系统在虚拟机中对可疑程序的行为进行监控,记录程序在运行时与操作系统交互过程中所调用的API函数相关信息,从中抽取特征输入检测器,检测器对样本集进行学习后即可用于对可疑程序进行自动检测,该法能有效地检测目前日益流行的变形病毒。
2.提出了基于模糊模式识别的病毒动态检测新思路。检测系统用定义在特征域上的模糊集来描述正常程序和病毒程序,然后采用“择近原则”进行模式分类。通过使用模糊智能学习技术,系统检测准确率达到91.93%。
3.提出了基于支持向量机的病毒动态检测方法。注意到正常程序的API调用序列具有局部连续性的性质,受此启发探讨了以API函数调用短序为特征空间的病毒自动检测方法。将支持向量机应用到病毒检测中,可以保证在先验知识不足的情况下,仍然有较好的分类正确率,这在较难获得大量病毒样本的情况下十分有利。实验表明基于支持向量机的病毒动态检测模型能有效地将正常和异常程序区分开来,只需要较少的病毒样本数据做训练,就能得到较高的检测精确率。由于检测过程中提取的是程序的行为信息,故而可以有效地检测采用了加密、迷惑化和动态库加载技术的病毒。
4.在借鉴传统特征扫描技术的基础上,提出了病毒静态分析检测方法。检测系统以程序中静态抽取的n-gram信息为特征,根据特征的信息增益值进行特征选择,应用粗糙集理论对所抽取的特征进行约简,消除冗余特征。检测系统通过统计方法找出正常程序与病毒程序的差异性,病毒检测过程中不需人工事先提取病毒的特征码。重点研究了基于核的属性约简方法,优化后的约简算法时间开销远小于经典属性约简算法。
5.深入研究了集成神经网络作为模式识别器在病毒静态检测中的应用。在Bagging算法的基础上,提出了IG-Bagging集成方法。IG-Bagging方法将基于信息增益的特征选择技术引入集成神经网络的构建中,同时扰动训练数据和扰动输入属性,使得生成的个体网络差异度大。实验结果表明,IG-Bagging的泛化能力比Bagging方法强,与Attribute Bagging方法相当,但其效率远优于AttributeBagging方法。
6.提出了基于D-S证据理论的病毒动态检测与静态检测相融合的新方法。检测系统采用支持向量机作为成员分类器对病毒的动态行为建模,使用概率神经网络作为成员分类器对病毒的静态行为建模,最后将各成员分类器的检测结果用D-S证据理论融合。应用D-S证据理论进行信息融合的一个最重要的环节就是证据信度值的确定。注意到相对某分类器,在对实际问题建模时都要尽力扩大类之间的距离,其类可分性强,则其分类结果越好,据此提出了基于类间距离测度的证据信度分配新方法。一般情形下Dempster组合规则的复杂度为P-complete,在本文的研究环境下,证明可以得到一种计算时间代价为O(N)的计算方法,说明提出的病毒检测方法符合高性能需求。通过应用D-S证据理论组合异构分类器,提高了集成病毒检测器的准确率,实验测试和结果分析表明该方法对未知和变形病毒均具有良好的检测效果,且性能优于流行的商用反病毒工具软件。
Computer viruses have been one of the most serious threats to information security due to the significant damage and the fast spread of them. As virus become more complex and sophisticated, the classical scanning detection method is no longer able to detect various forms of virus code effectively. It is crucial to develop new methods for defending viruses. In this dissertation, we explore the intelligent methods of automatically detecting viruses based on statistical learning theory. The main contributions of the dissertation are summarized as following:
Firstly, a multi-na(?)ve Bayes algorithm to detect computer viruses automatically is presented. This model monitors programs in the virtual machine to learn their behavior. As program interacts with operating system at runtime, the most relevant API calls are extracted as feature vector in detection engine. After being trained, the multi-na(?)ve Bayes classifier could be used to check malicious file. It is an efficient method for detecting the polymorphic viruses.
Secondly, using the method based on fuzzy pattern recognition algorithm, an intelligent system to detect the computer viruses is proposed. In this method the program files could be expressed as fuzzy sets. Then the principle of fuzzy closeness optimization to classification of samples is applied. Experimental results show that the method could detect known and unknown viruses by analyzing their behavior. The accuracy of the detection method is 91.93%
Thirdly, a method based on support vector machine (SVM) is proposed for detecting the computer virus. By utilizing SVM, the generalizing ability of virus detection system is still good even the sample dataset size is small. An experiment using system API function call trace is given to illustrate the performance of this model. It is found that the detection system based on SVM needs less priori knowledge than other methods and can shorten the training time under the same detection performance condition. The encrypted virus, the obfuscated virus and the dynamic load library virus can be detected by analyzing the behavior information of the programs.
Fourthly, motivated by the standard signature-based technique for detecting viruses, we explore the idea of automatically detecting viruses by use of the n-gram analysis. The original sample data is preprocessed with the knowledge reduction algorithm of rough set theory, and the redundant features are eliminated from the working sample dataset to reduce space dimension of sample data. The detection system categorizes a program as either normal or abnormal by the statistical method. It has no use for extracting the characteristic code of viruses before detection. An efficient implementation to calculate relative core, based on positive region definition is presented.
Fifthly, we generalize the problem of neural network ensemble by use of the modified bagging method to detect previously unknown viruses. After selecting features based on information gain, the probabilistic neural network is used in the process of building and testing the proposed ensemble system. Experimental results produced by the proposed detection engine show the improvement of the generalization compared to the classical bagging method. And the approach yields great efficiency compared to the attribute bagging method.
Last, we present a virus detection system based on the D-S theory of evidence, in which the dynamic and static analysis methods are combined. The detection engine applies two types of classifier, support vector machine and probabilistic neural network to detect the virus. For SVM classifier, we extract the feature vector by monitoring the samples. And the static feature of samples is used in the probabilistic neural network classifier. Finally, the D-S theory of evidence is used to combine the contribution of each individual classifier to give the final decision.
The approach of the belief estimation is the key of D-S theory. We propose a new method based on statistical measure of the individual classifier. In a general way, the main aim of a classifier is to enlarge the inter class distances, however no matter what the theory behind it is. That is say the more a classifier is able to discriminate between the classes, the better the classification results is. Based on this observation, we use inter class distances as an evidence of our belief.
As we know the complexity of Dempster's combination rule is P-complete. But in the domain of virus detection, we prove that its time complexity is O(N) in the restricted situation. This shows the presented method is efficient for the detection of viruses. Comparison experiments on polymorphic viruses show that the performance of our method is better than that of the commercial-grade antivirus tools.
引文
[1]Chen L C,Carley K M.The impact of countermeasure propagation,on the prevalence of computer viruses.IEEE Transactions on Systems Man and Cybernetics Part B- Cybernetics.2004,34(2):823-833
[2]陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法.软件学报.2006,17(4):885-897
[3]Hariri S,Qu G Z,Dharmagadda T,et al.Impact analysis of faults and attacks in large scale networks.IEEE Security & Privacy,2003,1(5):49-54
[4]CERT.http://www.cert.org
[5]Syrnantec Corporation.Symantec Internet Security Threat Report,Volume Ⅸ,2006.http://eval.symantec.com/mktginfo/enterprise/white_papers/ent-white paper_symantec_internet_security_threat_report_ix.pdf
[6]Computer Economics.Malware report 2005:the impact of malicious code attacks,2006.http://www.computereconomics.com/article.cfm?id=1090
[7]Gordon L A,Loeb M P,Lucyshyn W,Rchardson R.2006 CSI/FBI computer crime and security survery.Computer Security Institute Publications,2005
[8]中华人民共和国公安部公共信息网络安全监察局.2006年全国信息网络安全状况与计算机病毒疫情调查分析报告,2006.http://www.antivirus-china.org.cn/content/report2006.doc
[9]北京瑞星科技股份有限公司.中国大陆地区2006年度电脑病毒疫情和互联网安全报告,2006.http://www.rising.com.crdanti_report/index.htm
[10]文伟平.恶意代码机理与防范技术研究.博士学位论文,北京:中国科学院软件研究所,2004
[11]David Harley,Robert Slade,Urs E.Gattiker.Viruses Revealed.New York:McGraw-Hill,2001
[12]Hughes L A,DeLone G J.Viruses,worms,and Trojan horses-Serious crimes,nuisance,or both? SOCIAL SCIENCE COMPUTER REVIEW,2007,25(1):78-98
[13]Wang S J.Measures of retaining digital evidence to prosecute computer based cybercrimes.COMPUTER STANDARDS & INTERFACES.2007,29(2):216-223
[14]Wildlist.http://www.wildlist.org/
[15]ICSA Labs.http://www.iscalabs.org/html/communities/antivirus
[16]Virus Bulletin.http://www.virusbtn.com
[17]Adleman L M.An Abstract Theory of Computer Viruses.In Proc Advances in Cryptology-CRYPTO'88,LNCS,Vol 403,Goldwasser(ed.),Berlin:Springer- Verlag,1990,354-374
[18]Cohen F.Computer viruses-theory and experiments.Computers & Security,1987,6:22-53
[19]Cohen F.A Short Course on Compter Viruses.New York:John Wiley & Sons,1994
[20]Cohen F.Computational Aspects of Computer Viruses.Computer & Security,1989,8(4):325-344
[21]田畅,郑少仁.计算机病毒计算模型的研究.计算机学报,2001,24(2):158-163
[22]Grimes R A.Malicious Mobile Code,Virus Protection for Windows.Sebastopol:O'Reilly&Associates Inc,2001
[23]Reynolds J.The Helminthiasis of the Internet.1989,12.http://rfc.net/rfc1135.html
[24]Micha Moffie,Winnie Cheng,David Kaeli.Hunting Trojan Horses.In Proc.of the 1st workshop on Architectural and system support for improving software dependability(ASID'06),California,Oct 2006,12-17
[25]Harold Thimbleby,Stuart Anderson,Paul Cairns.A framework for modeling trojans and computer virus infection.Computer Journal,1999,41(7):444-458
[26]Ladkin P B,Thimbleby H W.Comments on a Paper by Voas,Payne and Cohen,'A Model For Detecting The Existence of Software Corruption in Real Time'.Computers & Security,1994,13(6):527-531
[27]Crispin Cowan,Dave Maier,Dave Maier,et al.Stackguard:Automatic adaptive detection and prevention of buffer-overflow attacks.In 7th USENIX Security Symposium,San Antonio,TX,1998.http://www.usenix.org/publications/library/proceedings/sec98/full_papers/cowan/cowan.pdf
[28]Tesauro G,Kephart J,Sorkin G.Neural networks for computer virus recognition.IEEE Expert,1996(11):5-6
[29]Arnold W,Tesauro G.Automatically generated Win32 heuristic virus detection.In Proceedings of the 2000 International Virus Bulletin Conference(2000)
[30]Symantec.Plymorphic virus detection module.United States Patent,5696822,2004
[31]Schultz M G,Eskin E,Zadok E,Bhattacharyya M,Stolfo S J.MEF:Malicious Email Filter,A UNIX mail filter that detects malicious windows executables.In Proceedings of USENIX Annual Technical Conference,2001,245-252
[32]Schultz M G,Eskin E,Zadok E,Stolfo S.Data mining methods for detection of new malicious executables.In:Proc of the 2001 IEEE Symposium on Security and Privacy.Los Alamitos:IEEE press,2001,38-49
[33]何申,张四海等.网络脚本病毒的统计分析方法.计算机学报,2006,29(6):970-975
[34]Douglas Summerville,Victor Skormin,Alexander Volynkin,and James Moronski.Prevention of Information Attacks by Run-Time Detection of Self-replication in Computer Codes.In Proc.Gorodetsky V,Kotenko I,and Skormin V(Eds.):MMM-ACNS 2005,LNCS,Vol 3685,Springer-Vedag Berlin Heidelberg,2005,54-75
[35]Szappanos G.Are There Any Polymorphic Macro Viruses at ALL(and What to Do with Them).In:Proceedings of the 12th International Virus Bulletin Conference,2001,1-14.http://www.virusbtn.com /files/gaborszappanos_vb2002.pdf
[36]Assaleh T A,Cercone N,Keselj V,Sweidan R.Detection of new malicious code using N-grams signatures.In Proceedings of the Second Annual Conference on Privacy,Security and Trust,2004,193-196
[37]Kolter J Z,Maloof M A.Learning to detect malicious executables in the wild.In Proceedings of the 10th ACM SIG KDD International Conference on Knowledge Discovery and Data Mining.New York:ACM Press,2004,470-478
[38]Witten I,Frank E.Data mining:Practical machine learning tools and techniques with Java implementations.San Francisco:Morgan Kaufmann,2000
[39]Krishna D Sandeep Reddy,Subrat Kumar Dash,Arun K Pujari.New Malicious Code Detection Using Variable Length n-grams In Proc.A.Bagchi and V.Atluri (Eds.):ICISS 2006,LNCS,Vol 4332,Springer-Verlag Berlin Heidelberg,2006,276-288
[40]Bergeron J,Debbabi M,Desharnais J,Erhioui M M,Lavoie Y,and Tawbi N.Static detection of malicious code in executable programs.In Symposium on Requirements Engineering for Information Security,March 2001,1-8
[41]Singh P and Lakhotia A.Static verification of worm and virus behavior in binary executables using model checking.In 4th IEEE Information Assurance Workshop,June 2003,298-300
[42]Lakhotia A,Singh P.Challenges in getting 'formal' with viruses.Virus Bulletin,September 2003,15-19
[43]Christodorescu M,Jha S.Static analysis of executables to detect malicious patterns.In Proceedings of the 12th USENIX Security Symposium(Security'03),USENIX Association,August 2003,169-186
[44]赵庆松.安全操作系统的恶意代码防御技术的研究与实施.博士学位论文,北京:中科院软件所,2003
[45]EunYoung Kim,CheolHo Lee,HyungGeun Oh,and JinSeok Lee.The System Modeling for Detections of New Malicious Codes.In Proc.J.Dongarra,K.Madsen,and J.Wa'sniewski(Eds.):PARA 2004,LNCS,vol 3732,Springer-Verlag Berlin Heidelberg,2006,992-999.
[46]Akira Mori.Detecting unknown computer viruses-a new approach.ISSS2003, LNCS, Vol 3233, 2004, 226-241
[47] Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith. Detecting Malicious Code by Model Checking. In Proc. K. Julisch and C.Kruegel (Eds.): DIMVA 2005, LNCS, Vol 3548, Springer-Verlag Berlin Heidelberg 2005,174-187
[48] Sungsuk Kim, Chang Choi, Junho Choi,Pankoo Kim2, and Hanil Kim.A Method for Efficient Malicious Code Detection Based on Conceptual Similarity In Proc.M. Gavrilova et al. (Eds.): ICCSA 2006, LNCS, Vol 3983, Springer-Verlag Berlin Heidelberg 2006, 567 - 576
[49] Luigi Catuogno and Ivan Visconti. A Format-Independent Architecture for Run-Time Integrity Checking of Executable Code.In Proc. S. Cimato et al. (Eds.):SCN 2002, LNCS, Vol 2576, Springer-Verlag Berlin Heidelberg 2003, 219-233
[50] Ruby B. Lee, David K. Karig, John P. McGregor, and Zhijie Shi.Enlisting Hardware Architecture to Thwart Malicious Code Injection. In Proc.D. Hutter et al. (Eds.): Security in Pervasive Computing 2003, LNCS, Vol 2802,Springer-Verlag Berlin Heidelberg 2004, 237-252
[51] Ulrich Bayer,Andreas Moser, Christopher Kruegel, Engin Kirda. Dynamic analysis of malicious code. Journal in Computer Virology, 2006, (2):67-77
[52] Seung-Jae Yoo and Kuinam J. Kim.Detection Methods for Executive Compressed Malicious Codes in Wire/Wireless Networks. In Proc. M. Gavrilova et al. (Eds.): ICCSA 2006, LNCS,Vol3981, Springer-Verlag Berlin Heidelberg 2006,1025-1032
[53] Arun Lakhotia and Prashant Pathak .Virus Analysis: Techniques, Tools, and Research Issues Tutorial. In Proceedings of the 11th Working Conference on Reverse Engineering (WCRE'04). Los Alamitos:IEEE Computer Society Press,
[54] Murat Fiskiran A, Ruby B. Lee. Runtime Execution Monitoring (REM) to Detect and Prevent Malicious Code Execution. In Proc. Of the IEEE international conference on computer design (ICCD'04), Los AIamitos:IEEE Computer Society Press, 2004,452-457
[55] Tony Abou-Assaleh, Nick Cercone, Vlado Keselj, Ray Sweidan. N-gram based Detection of New Malicious Code. In Proceedings of the 28th Annual International Computer Software and Applications Conference (COMPSAC'04) Los Alamitos:IEEE Computer Society Press, 2004,41-42
[56] Arun Lakhotia, Eric Uday Kumar, and Michael Venable. A Method for Detecting Obfuscated Calls in Malicious Binaries. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2005, 31(11): 955-968
[57] Oystein Hallaraker and Giovanni Vigna. Detecting Malicious JavaScript Code in Mozilla. Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05), Los Alamitos:IEEE Computer Society Press, 2005,1-10
[58] Victor Skormin,Alexander Volyn,Douglas Summerville,James Moronski. In The Search of the "Gene of Self-Replication" In Malicious Codes.In Proceedings of the 2005 IEEE Workshop on Information Assurance and Security . West Point,Los Alamitos:IEEE Computer Society Press, 2005,193-200
[59] Amit Vasudevan and Ramesh Yerraballi. Stealth Breakpoints. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005),Tucson,Arizona, Los Alamitos:IEEE Computer Society Press,2005, 381-392
[60] Joon S. Park, Gautam Jayaprakash, and Joseph Giordano. Component Integrity Check and Recovery Against Malicious Codes. Proceedings of the 20th International Conference on Advanced Information Networking and Applications (AINA'06), Los Alamitos:IEEE Computer Society Press, 2006,466-470
[61] Amit Vasudevan and Ramesh Yerraballi. Cobra: Fine-grained Malware Analysis using Stealth Localized-executions. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'O6), Los Alamitos:IEEE Computer Society Press,2006, 264-279
[62] Mihai Christodorescu and Somesh Jha. Testing Malware Detectors. In Proc. Of ISSTA'04, Boston, Massachusetts, July 2004, 34-44
[63] Xu P J-Y, Sung A H, Chavez P, Mukkamala S. Polymorphic Malicious Executable Scanner by API Sequence Analysis. In Proceedings of the Fourth International Conference on Hybrid Intelligent Systems (HIS'04). Los Alamitos:IEEE Computer Society Press, 2004,378-383
[64] Jesse C, Rabek R, Khazan I, Scott M, Robert L and Cunningham K. Detection of Injected, Dynamically Generated,and Obfuscated Malicious Code. In Proc. of 2003 ACM workshop on Rapid Malcode, Oct 2003,76-82
[65] Sung A, Xu J, Chavez P, and Mukkamala S. Static Analyzer for Vicious Executables (SAVE). 20th Annual computer Security Applications Conference,IEEE Computer Society,Washington, DC, USA, 2004, 326-334
[66] Akira Mori, Tomonori Izumida, Toshimi Sawada ,Tadashi Inoue.A Tool for Analyzing and Detecting Malicious Mobile Code.In Proc. ICSE'06, , Shanghai,China. May 2006, 831-834
[67] Micha Moffie, Winnie Cheng, David Kaeli. Hunting Trojan Horses.In Proc. Of ASID'06, San Jose, California, Oct 2006,12-17
[68] Sirish A. Kondi ,Yoginder S. Dandass.Scanning Workstation Memory for Malicious Codes using Dedicated Coprocessors.In Proc. of ACM SE'06,Melbourne, Florida, March 2006, 661-666.
[69] Mohamed R. Chouchane,Arun Lakhotia.Using Engine Signature to Detect Metamorphic Malware. In Proc. Of WORM'06, Alexandria, Virginia, November 2006,73-78
[70]Hung-Min Sun,Yue-Hsun Lin,and Ming-Fung Wu.API Monitoring System for Defeating Worms and Exploits in MS-Windows System.L.Batten and R.Safavi-Naini(Eds.):ACISP 2006,LNCS,Vol4058,2006,159-170,Springer-Vedag Berlin Heidelberg 2006
[71]Lionel Litty,David Lie.Manitou:A LayerBelow Approach to Fighting Malware.ASID'06,San Jose,California,2006,6-11
[72]Mila Dalla Preda,Mihai Christodorescu and Somesh Jha,Saumya Debray.A Semantics-Based Approach to Malware Detection.In Proc.POPL'07,Nice,France.Jan,2007,377-388
[73]Christodorescu M,Jha S,Seshia S A,Song D,and Bryant R E.Semantics-aware malware detection.In Proceedings of the 2005 IEEE Symposium on Security and Privacy(S&P'05),Oakland,CA,USA,May 2005,32-46
[74]Hyungjoon Lee.Biologically inspired compter virus detection system.BioADIT 2004,LNCS,Vol3141,2004,153-165
[75]彭国军,张焕国,王丽娜等.Windows PE病毒中的关键技术分析.计算机应用研究,2006,(5):92-95
[76]Jefery Richer.Windows核心编程.北京:机械工业出版社,2005
[77]祝恩,殷建平,蔡志平等.计算机病毒自动变形机理的分析.计算机工程与科学,2002,24(6):14-17
[78]王剑,唐朝京.基于扩展通用图灵机的计算机病毒传染模型.计算机研究与发展.2003,40(9):1300-1306
[79]Chess D M and White S R.An undetectable computer virus.In Virus Bulletin Conf.,Sept.2000.http://www.research.ibm.com/antivirus/SciPapers /VB2000DC.pdf
[80]马建平.准确检测计算机病毒的可判定性.江汉石油学院学报.1991,13(1):74-76
[81]Diomidis Spinellis.Reliable Identification of Bounded-Length Viruses Is NP-Complete.IEEE Transactions on Informations Theory,2003,49(1):280-284
[82]Leitold F.Mathematical Model of Computer Viruses.EICAR 2000 Best Paper Proceedings,2000,194-217
[83]John Edwards.Next-Generation Viruses Present New Challenges.Computer,2001,(5):16-18
[84]Matthew M.Williamson Using Behavior to Detect and Classify Information Stealing Malware.Sana Security,Inc.USA,2005
[85]Ford R.A.,Thompson H.H.The Future of Proactive Virus Detection.Proceedings of EICAR Conference,Luxembourg,2004
[86]Wagner M.Behavior Oriented Detection of Malicious Code at Run-time.M.Sc.Thesis,Florida Institute of Technology,2004
[87]Richard Ford,Jason Michalske.Gatekeeper Ⅱ:New approaches to Generic Virus Prevention.Florida Institute of Technology,2004
[88]张波云,殷建平,蒿敬波,张鼎兴.基于多重朴素贝叶斯算法的未知病毒检测.计算机工程,2006,(10):18-20
[89]Fried N,Geiger D,et al.Bayesian network classifiers.Machine Learning,1997,29(2-3):131-163
[90]Langley P,Iba W,Thompson K.An analysis of Bayesian classifiers.In:Proceedings of the Tenth National conference on Artificial Intelligence.Menlo Park,USA:AAAI Press,1992,223-228.
[91]Vmware.http://www.vmware.com
[92]彭国军,张焕国,王丽娜,傅建明.Windows PE病毒中的关键技术分析.计算机应用研究,2006,(5):92-95
[93]王建军.PE文件内部结构探密.实验科学与技术,2005,(3):37-39
[94]祝恩,殷建平,蔡志平等.计算机病毒的本质特性分析及检测.计算机科学,2001(28):192-194
[95]Vx heavens,http://www.vx.netlux.org
[96]Ford R,Wagner M,Michalske J.Gatekeeper Ⅱ:New approaches to generic virus prevention.In:Proceeding of the International Virus Bulletin Conference,Chicago,IL,2004
[97]Peter Hall,Qi Li,Jeff Racine.Cross-Validation and the Estimation of Conditional Probability Densities.Journal of the American Statistical Association.2004,99(468):1015-1026
[98]Tom Fawcett.An introduction to ROC analysis.Pattern Recognition Letters,2006,27:861-874
[99]唐伟,周志华.基于Bagging的选择性聚类集成.软件学报,2005,16(4):496-502
[100]Sharon Lawner Weinberg,Sarah Knapp Abramowitz.Data Analysis for the Behavioral Sciences Using SPSS.Cambridge:Cambridge University Press,2002
[101]ZADEH L A.Fuzzy sets.Inf and Control,1965,(8):338-353
[102]Pedrycz W.Fuzzy sets in pattern recognition:methodology and methods.Pattern Recognition.1990,23(1-2):121-146
[103]陈守煜.工程模糊集理论与应用.北京:国防工业出版社,1998
[104]陈守煜.系统模糊决策理论与应用.大连:大连理工大学出版社,1994
[105]Chen Shouyu.Theory of fuzzy Optimum Selection for Multistage and Multi-objection Decision Making System.Journal of Fuzzy Mathematics,1994.2(1):163-174
[106]Pal S K,Dutta Majumder D K.Fuzzy mathematical approach to pattern recognition.New York:Halsted Press,1986
[107]王彩华,宋连天.模糊论方法学.北京:中国建筑工业出版社,1988
[108]张跃等.模糊数学方法及其应用.北京:煤炭工业出版社,1986
[109]Ted Pedersen.A simple approach to building ensembles of Naive Bayesian classifiers for word sense disambiguation.In proceedings of the first conference on North American chapter of the Association for Computational Linguistics table of contents,,Washington,2000,63-69
[110]Dash D,Cooper G F.Model Averaging for Prediction with Discrete Bayesian Networks.The Journal of Machine Learning Research.2004,(5):1177-1203
[111]Ron Meir,Tong Zhang.Generalization error bounds for Bayesian mixture algorithms.The Journal of Machine Learning Research.2003,(4):839-860
[112]Matthias Seege.Pac-bayesian generalisation error bounds for gaussian process classification.The Journal of Machine Learning Research.2003,(3):233-269
[113]Bezdek J C.Pattern Recognition with Fuzzy Objective Function Algorithms.New York:Plenum Press,1981,39-40
[114]Joshi A,Ramakrishman N,Houstis E N,Rice J R.On neurobiological,neuro-fuzzy,machine learning,and statistical pattern recognition techniques.IEEE Transactions on Neural Networks,1997,8(1):18-31
[115]Zahid N,Limouri M and Essaid A.A new cluster-validity for fuzzy clustering.Pattern Recognition,1999,(32):1089-1097
[116]Schalkoff RJ.Pattern recognition:statistical,structural and neural approaches.New York:John Wiley & Sons,Inc.1991
[117]Bezdek J C.Computing with uncertainty.IEEE Communications Magazine,1992,30(9):24-36
[118]Miao Xiren,Zhang Peiming.Application of fuzzy pattern recognition to electrical apparatus evaluation.In Proc.of the 3rd World Congress on Intelligent Control and Automation,2000,(5):3665-3669
[119]Yu Lu,Xilu Fan.Fuzzy-weighted distance and its applications in pattern recognition and classification.In Proc.9th International Conference on Pattern Recognition,Nov.1988,(2):1065-1067
[120]Canuto A M P,Howells W G J,Fairhurst M C.Fuzzy multi-layer perceptron for binary pattern recognition.In Proc.Seventh International Conference on Image Processing And Its Applications,July 1999,(1):260-264
[121]Boyun Zhang,Jianping Yin,Jingbo Hao.Using Fuzzy Pattern Recognition to Detect Unknown Malicious Executable Code.In Proc.FSKD2005.Lecture Notes in Artificial Intelligence,Springer-Verlag,Changsha,Aug 2005,Vol 3613,629-634
[122]Domingos P,Pazzani M.Beyond independence:conditions for the optimality of the simple Bayesian classifier.In:Proceedings of the 13th International conference on Machine Learning,1996,105-112
[123]Vapnik V N.The Nature of Statistical Learning Theory.New York:springer-Verlag,1995
[124]Berger.Statistical Decision Theory and Bayesion Analisys.New York:Springer-Verlag,1985
[125]Vapnik V N.An overview of statistical learning theory.IEEE Transactions on Neural Networks,1999,10(5):988-999
[126]YunChao Bai,MingHu Ha.The key theorem of statistical learning theory on possibility spaces.In:Proceedings of 2005 International Conference on Machine Learning and Cybernetics,Aug.2005,(7):4374-4378
[127]Hildebrand T H,Liu W.Optical recognition of handwritten Chinese characters:advances since 1980.Pattern Recognition.1993,26(2):205-225
[128]Joachims J.Text categroiztion with support vector machines:Learning with many relevant features.The European Conf on Machine Learning(ECML 1998),German,1998
[129]Osuna E,Freund R,Girosi F.Training support vector machines:Anapplication to face detection.CVPR 1997,Puerto Rico,1997
[130]李颖新,李建更,阮晓钢等.肿瘤基因表达谱分类特征基因选取问题及分析方法研究.计算机学报.2006,29(2):324-330
[131]Drucker H,Donghui Wu;Vapnik V N.Support vector machines for spam categorization.IEEE Transactions on Neural Networks.1999,10(5):1048-1054
[132]Dong Seong Kim,Ha-Nam Nguyen,Jong Sou Park.Genetic algorithm to improve SVM based network intrusion detection system.In Proc.19th International Conference on Advanced Information Networking and Applications,2005,Vol.2,155-158
[133]Boyun Zhang,Jianping Yin,Jingbo Hao,et al.Using Support Vector Machine to Detect Unknown Computer Viruses.International Journal of Computational Intelligence Research,2006,2(1):95-99
[134]Forrest S,Hofmeyr S A,and Somayaji A.Computer immunology.Communications of the ACM,1997,40(10):88-96
[135]Hofmeyr S A,Forrest S,Somayaji A.Intrusion Detection using Sequences of System Calls.Journal of Computer Security,1998,6(3):151-180
[136]饶鲜,董春曦,杨绍全.基于支持向量机的入侵检测系统.软件学报,2003,14(4):798-803
[137]闫巧,谢维信,宋歌等.基于HMM的系统调用异常检测.电子学报,2003,10:1486-1490
[138]蔡忠闽,管晓宏,邵萍等.基于粗糙集理论的入侵检测新方法.计算机学报, 2003,3:361-366
[139]徐明,陈纯,应晶.一个两层马尔可夫链异常入侵检测模型.软件学报,2005,16(2):276-285
[140]卿斯汉,蒋建春,马恒太等.入侵检测技术研究综述.通信学报,2004,25(7):19-29
[141]Mazeroff G A.Probabilistic Suffix Models for Windows Application Behavior Profilling:Fromawork and Initial Results.The University of Tennessee,Knoxville,Dec 2004.
[142]Arun Lakhotia and Eric Uday Kumar.Abstracting Stack to Detect Obfuscated Calls in Binaries.In Proceedings of the Fourth IEEE International Workshop on Source Code Analysis and Manipulation(SCAM'04),2004,17-26
[143]Lee W,Dong X.Information-Theoretic measures for anomaly detection.In:Needham R,Abadi M,(eds).Proceedings of the 2001 IEEE Symposium on Security and Privacy.Oakland,CA:IEEE Computer Society Press,2001,130-143
[144]Kira K,Rendell L A.A practical approach to feature selection.In:Sleeman D,Edwards P,eds.Proceedings of the 9th International Workshop on Machine Learning.San Francisco,CA:Morgan Kaufmann,1992,249-256.
[145]Kira K,Rendell L A.The feature selection problem:traditional methods and a new algorithm.Proceedings of the Ninth National conference on Artificial Intelligence,1992,129-134
[146]KononenkoI.Estimating attributes:Analysis and extensions of Relief.In:DeRaedt L,Bergadano F,eds.Proceedings of the 7th European Conference on Machine Learning.Berlin:Springer,1994,171-182
[147]Guangquan Zhang and Jie Lu.The Definition of Optimal Solution and an Extended Kuhn-Tucker Approach for Fuzzy Linear Bilevel Programming.IEEE Intelligent Informatics Bulletin.2005,6(2):1-7
[148]Burgers C.A Tutorial on Support Vector Machines for Pattern Recognition,Data Mining and Knowledge Discovery,1998,2(2):121-167
[149]Chang C C,Lin C J.LIBSVM:a library for support vector machines.2001.http://www.csie.ntu.edu.tw/~cjlin/libsvm
[150]Keerthi S S,Lin C J.Asymptotic behaviors of support vector machines with Gaussian kemel.Neural Computation,2003,15(7):1667-1689
[151]Boyun Zhang,Jianping Yin,Jingbo Hao.Malicious Code Detection Based on N-gram Analysis and Rough Set Theory.In Proc.CIS 2006,IEEE Computer Society & Lecture Notes in Artificial Intelligence,Springer-Verlag.Guanzhou,Nov 2006
[152]姜维,王晓龙,关毅,赵健.基于多知识源的中文词法分析系统.计算机学报,2007,30(1):137-145
[153]Jurafsky D,James H.Speech and Language Processing.New York:Prentice-Hall,Inc.,2000
[154]Kephart J,Arnold W.Automatic Extraction of Computer Virus Signatures.In:Proceedings of the 4th Virus Bulletin International Conference.Abingdon,1994,178-184
[155]Kohavi R,John G H.Wrappers for feature subset selection.Artificial Intelligence journal,special issue on relevance,1997,97(1-2):273-324
[156]张丽新.高维数据的特征选择及基于特征选择的集成学习研究.博士学位论文,北京:清华大学,2004
[157]Golan,R.Ziarko,W.Methodology for stock market analysis utilizing rough set theory.In:Proceedings of 1EEE/IAFE Conference on computational intelligence for financial engineering,New Jersey,1995,32-40
[158]Teghem,J.et al.Use of rough set method to draw premonitory factors for earthquakes by emphasizing gas geochemistry.Intelligent Decision Support-Handbook of applications and advances of the rough sets theory.Dordrecht:kluwer Academic Publishers,1992,165-179
[159]Hu,X.et al.Mining knowledge rules from databases-a rough set approach.In:Proceedings of IEEE International Conference on data engineering,1996,96-105
[160]Tsumoto,S.Tanaka,H.Incremental learning of probabilistic rules from clinical databases.Proceedings Information Processing and Management of Uncertainty on Knowledge Based Systems,1996,1457-1462
[161]Kusiak A.Rough set theory:a data mining tool for semiconductor manufacturing,IEEEE Transactions on Electronics Packaging Manufacturing,2001,24(1):44-50
[162]Pawlak Z.Rough sets present state and further prospects.Technical Report ICS Research Repoxa 32/94,Institute of Computer Science,Warsaw University of Technology,1995
[163]Skowron A,Rauszer C.The discernibility matrices and functions in information systems.Intelligent Decision Support Handbook of Application and Advances of Rough Sets Theory.Dordrecht:Kluwer Academic Publishers,1992,331-362
[164]Polkowski L,Skowron A.Rough sets in knowledge discovery 1:Methodology and Applications.Physica-Verlag,Heidelberg,1998
[165]Polkowski L,Skowron A.Rough sets in knowledge discovery 2:Applications,Case Studies and Software Systems,Physica-Verlag,Heidelberg,1998
[166]张文修等.粗糙集理论与方法.北京:科学出版社,2001
[167] Han J, Kamber M. Data Mining Concepts and Techniques. San Francisco:Morgan Kaufmann Publishers Inc., 2001
[168] Guar J, Bell D. Rough computational methods for information systems. Artificial Intelligence. 1998, (105): 77-103
[169] Mathworks(ed.): Neural Network Toolbox User's Guide (version 4). The Mathworks, Inc., Ntick, Massachussets, 2001.
[170] Hansen L K. Salamon P. neural network ensembles. IEEE Trans Pattern Analysis and machine Intelligence. 1990,12(10): 993-1001
[171] Krogh A,Vedelsby J. Neural network ensembles, cross validation, and active learning. In: Tesauro D, Touretzky D, Leen T, eds. Advances in neural information processing systems 7. Cambridge, MA: MIT Press, 1995, 231-238
[172] Boyun Zhang, Jianping Yin, Jingbo Hao, Dingxing Zhang, and Shulin Wang.Malicious Codes Detection Based on Ensemble Learning.In Proc. Bin Xiao,Laurence T. Yang, Jianhua Ma(Eds.): the 4th International Conference on Autonomic and Trusted Computing (ATC-07), Lecture Notes in Computer Science, Springer-Verlag, Hongkong, Jul 2007
[173] Hornik K. Approximation capabilities of multilayer feedforward networks. Neural Networks, 1991, 4:251-257
[174] Valiant L G. A theory of the learnalbe. Communictions of the ACM, 1984, 27(11):1134-1142
[175] Kearns M, Li M, Pitt L and Valiant L. On the learnability of boolean formulae. In Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, New York, 1987, 267-279
[176] Kearns M and Schapire R E. Efficient distribution-free learning of probabilistic concepts. In 31st Annual Symposium on Foundations of Computer Science, 1990,382-391
[177] Sollich P and Krogh A. Learning with Ensemble: How Over-Fitting can be Useful. D. Touretzky et al. (Eds.): Advances in Neural Information Processing System, 1996, Vol. 8,190-196
[178] Breiman L. Bagging predictors. Machine Learning, 1996, 24(2): 123-140
[179] Schapire R E. The Strength of Weak Learnability. Machine Learning, 1990, 5(2):197-227
[180] Freund Y. Boosting a Weak Learning Algorithm by Majority. Information and Computation, 1995, 121(2): 256-285
[181] Drucker H, Schapire R E, Simard P. Boosting Performance in Neural Networks.International Journal of Pattern Recognition and Artificial Intelligence, 1993,7(4): 705-719
[182] Freund Y, Schapire R E. A Decision-Theoretic Generalization of On-Line Learning and an Application to Boosting. Journal of Computer and System Sciences, 1997,55(1): 119-139
[183] Blum AL,Rivest R L.Training a 3-node neural network is NP-complete. Neural Networks, 1999, 5(1): 117-127
[184] Bryll R, Gutierrez-Osuna R, Quek F. Attribute bagging: Improving accuracy of classifier ensembles by using random feature subsets. Pattern Recognition, 2003,36(6): 1291-1302
[185] Specht D F. Probabilistic Neural Networks. Neural Networks, 1990, (3): 109-118
[186] Dempster A P. Upper and lower probabilities induced by multi-valued mapping.Annals of Mathematical Statistics, 1967 (2): 325-339
[187] Xu L, Krzyzak A, Suen C. Methods of combining multiple classifiers and their applica-tions to handwritten recognition. IEEE Transactions on Systems,Man and cybernetics,SMC, 1992,22(3): 418-435
[188] Srivastave, Keen. Estimation of the interclass correlation coefficient.Biometrika, 1988, (75): 731-739
[189] Xiuju Fu, Lipo Wang. Data dimensionality reduction with application to simplifying RBF network structure and improving classification performance.IEEE Transactions on Systems, Man and Cybernetics, Part B.2003,33(3):399-409
[190] Utschick W, Nachbar P, Knobloch C, et al. The evaluation of feature extraction criteria applied to neuralnetwork classifiers. In Proceedings of the Third International Conference on Document Analysis and Recognition. 1995, (1): 315-318
[191] Dempster A P. On direct probabilities. J. Roy Statist Soc Ser. 1963, 8(25):102-107
[192] Dempster A P. New methods for reasoning toward poste nor distributions based on sample data. Ann. Math. Statis, 1967, (37):355-374
[193] Dempster A P. Upper and lower probability inferences based on a sample from a finite univariant population. Biometrika, 1967, (54): 515-528
[194] Dempster A P. Upper and lower probabilities generated by a random closed interval. Ann. Math. Statis, 1968, 39 (3): 957-966
[195] Dempster A P. A generalization of Bayesian inference. J. Roy. Statis. Soc Ser B ,1968, (30): 205-247
[196] Shafer G. A Mathematical Theory of Evidence. New Jersey : Princeton University Press, 1976
[197] Shafer G, Logan R. Implementing Dempster's rule for hierarchical evidence.Articial Intelligence, 1987, (33): 271-298
[198] Shenoy P P, Shafer G . Propagating belief functions with local computations.IEEE Expert, 1986, 1(3): 43-52
[199] Devijver P A, Kittler J. Pattern Recognition, A Statistical Approach. London:Prentice Hall, 1982
[200] Dimitrios S, frossyniotis, Andreas S. A Multi-SVM Classification system, In:Proceedings of the Second International Workshop on Multiple Classifier Systems (MCS 2001), LNCS, Vol 2096,2001,198-207
[201] Kim H, Pang S, Je H, et al. Constructing Support Vector Machine Ensemble.Pattern Recognition, 2003,36(12): 2757-2767
[202] Orponen P. Dempster's rule of combination is #P-complete. Artificial Intelligence,1990,44(1-2): 245-253
[203] Barnet J A. Computational Methods for a Mathematical Theory of Evidence. In Proc. 7th International Conference on Artificial Intelligence, 1981, 868-875
[2]陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法.软件学报.2006,17(4):885-897
[3]Hariri S,Qu G Z,Dharmagadda T,et al.Impact analysis of faults and attacks in large scale networks.IEEE Security & Privacy,2003,1(5):49-54
[4]CERT.http://www.cert.org
[5]Syrnantec Corporation.Symantec Internet Security Threat Report,Volume Ⅸ,2006.http://eval.symantec.com/mktginfo/enterprise/white_papers/ent-white paper_symantec_internet_security_threat_report_ix.pdf
[6]Computer Economics.Malware report 2005:the impact of malicious code attacks,2006.http://www.computereconomics.com/article.cfm?id=1090
[7]Gordon L A,Loeb M P,Lucyshyn W,Rchardson R.2006 CSI/FBI computer crime and security survery.Computer Security Institute Publications,2005
[8]中华人民共和国公安部公共信息网络安全监察局.2006年全国信息网络安全状况与计算机病毒疫情调查分析报告,2006.http://www.antivirus-china.org.cn/content/report2006.doc
[9]北京瑞星科技股份有限公司.中国大陆地区2006年度电脑病毒疫情和互联网安全报告,2006.http://www.rising.com.crdanti_report/index.htm
[10]文伟平.恶意代码机理与防范技术研究.博士学位论文,北京:中国科学院软件研究所,2004
[11]David Harley,Robert Slade,Urs E.Gattiker.Viruses Revealed.New York:McGraw-Hill,2001
[12]Hughes L A,DeLone G J.Viruses,worms,and Trojan horses-Serious crimes,nuisance,or both? SOCIAL SCIENCE COMPUTER REVIEW,2007,25(1):78-98
[13]Wang S J.Measures of retaining digital evidence to prosecute computer based cybercrimes.COMPUTER STANDARDS & INTERFACES.2007,29(2):216-223
[14]Wildlist.http://www.wildlist.org/
[15]ICSA Labs.http://www.iscalabs.org/html/communities/antivirus
[16]Virus Bulletin.http://www.virusbtn.com
[17]Adleman L M.An Abstract Theory of Computer Viruses.In Proc Advances in Cryptology-CRYPTO'88,LNCS,Vol 403,Goldwasser(ed.),Berlin:Springer- Verlag,1990,354-374
[18]Cohen F.Computer viruses-theory and experiments.Computers & Security,1987,6:22-53
[19]Cohen F.A Short Course on Compter Viruses.New York:John Wiley & Sons,1994
[20]Cohen F.Computational Aspects of Computer Viruses.Computer & Security,1989,8(4):325-344
[21]田畅,郑少仁.计算机病毒计算模型的研究.计算机学报,2001,24(2):158-163
[22]Grimes R A.Malicious Mobile Code,Virus Protection for Windows.Sebastopol:O'Reilly&Associates Inc,2001
[23]Reynolds J.The Helminthiasis of the Internet.1989,12.http://rfc.net/rfc1135.html
[24]Micha Moffie,Winnie Cheng,David Kaeli.Hunting Trojan Horses.In Proc.of the 1st workshop on Architectural and system support for improving software dependability(ASID'06),California,Oct 2006,12-17
[25]Harold Thimbleby,Stuart Anderson,Paul Cairns.A framework for modeling trojans and computer virus infection.Computer Journal,1999,41(7):444-458
[26]Ladkin P B,Thimbleby H W.Comments on a Paper by Voas,Payne and Cohen,'A Model For Detecting The Existence of Software Corruption in Real Time'.Computers & Security,1994,13(6):527-531
[27]Crispin Cowan,Dave Maier,Dave Maier,et al.Stackguard:Automatic adaptive detection and prevention of buffer-overflow attacks.In 7th USENIX Security Symposium,San Antonio,TX,1998.http://www.usenix.org/publications/library/proceedings/sec98/full_papers/cowan/cowan.pdf
[28]Tesauro G,Kephart J,Sorkin G.Neural networks for computer virus recognition.IEEE Expert,1996(11):5-6
[29]Arnold W,Tesauro G.Automatically generated Win32 heuristic virus detection.In Proceedings of the 2000 International Virus Bulletin Conference(2000)
[30]Symantec.Plymorphic virus detection module.United States Patent,5696822,2004
[31]Schultz M G,Eskin E,Zadok E,Bhattacharyya M,Stolfo S J.MEF:Malicious Email Filter,A UNIX mail filter that detects malicious windows executables.In Proceedings of USENIX Annual Technical Conference,2001,245-252
[32]Schultz M G,Eskin E,Zadok E,Stolfo S.Data mining methods for detection of new malicious executables.In:Proc of the 2001 IEEE Symposium on Security and Privacy.Los Alamitos:IEEE press,2001,38-49
[33]何申,张四海等.网络脚本病毒的统计分析方法.计算机学报,2006,29(6):970-975
[34]Douglas Summerville,Victor Skormin,Alexander Volynkin,and James Moronski.Prevention of Information Attacks by Run-Time Detection of Self-replication in Computer Codes.In Proc.Gorodetsky V,Kotenko I,and Skormin V(Eds.):MMM-ACNS 2005,LNCS,Vol 3685,Springer-Vedag Berlin Heidelberg,2005,54-75
[35]Szappanos G.Are There Any Polymorphic Macro Viruses at ALL(and What to Do with Them).In:Proceedings of the 12th International Virus Bulletin Conference,2001,1-14.http://www.virusbtn.com /files/gaborszappanos_vb2002.pdf
[36]Assaleh T A,Cercone N,Keselj V,Sweidan R.Detection of new malicious code using N-grams signatures.In Proceedings of the Second Annual Conference on Privacy,Security and Trust,2004,193-196
[37]Kolter J Z,Maloof M A.Learning to detect malicious executables in the wild.In Proceedings of the 10th ACM SIG KDD International Conference on Knowledge Discovery and Data Mining.New York:ACM Press,2004,470-478
[38]Witten I,Frank E.Data mining:Practical machine learning tools and techniques with Java implementations.San Francisco:Morgan Kaufmann,2000
[39]Krishna D Sandeep Reddy,Subrat Kumar Dash,Arun K Pujari.New Malicious Code Detection Using Variable Length n-grams In Proc.A.Bagchi and V.Atluri (Eds.):ICISS 2006,LNCS,Vol 4332,Springer-Verlag Berlin Heidelberg,2006,276-288
[40]Bergeron J,Debbabi M,Desharnais J,Erhioui M M,Lavoie Y,and Tawbi N.Static detection of malicious code in executable programs.In Symposium on Requirements Engineering for Information Security,March 2001,1-8
[41]Singh P and Lakhotia A.Static verification of worm and virus behavior in binary executables using model checking.In 4th IEEE Information Assurance Workshop,June 2003,298-300
[42]Lakhotia A,Singh P.Challenges in getting 'formal' with viruses.Virus Bulletin,September 2003,15-19
[43]Christodorescu M,Jha S.Static analysis of executables to detect malicious patterns.In Proceedings of the 12th USENIX Security Symposium(Security'03),USENIX Association,August 2003,169-186
[44]赵庆松.安全操作系统的恶意代码防御技术的研究与实施.博士学位论文,北京:中科院软件所,2003
[45]EunYoung Kim,CheolHo Lee,HyungGeun Oh,and JinSeok Lee.The System Modeling for Detections of New Malicious Codes.In Proc.J.Dongarra,K.Madsen,and J.Wa'sniewski(Eds.):PARA 2004,LNCS,vol 3732,Springer-Verlag Berlin Heidelberg,2006,992-999.
[46]Akira Mori.Detecting unknown computer viruses-a new approach.ISSS2003, LNCS, Vol 3233, 2004, 226-241
[47] Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith. Detecting Malicious Code by Model Checking. In Proc. K. Julisch and C.Kruegel (Eds.): DIMVA 2005, LNCS, Vol 3548, Springer-Verlag Berlin Heidelberg 2005,174-187
[48] Sungsuk Kim, Chang Choi, Junho Choi,Pankoo Kim2, and Hanil Kim.A Method for Efficient Malicious Code Detection Based on Conceptual Similarity In Proc.M. Gavrilova et al. (Eds.): ICCSA 2006, LNCS, Vol 3983, Springer-Verlag Berlin Heidelberg 2006, 567 - 576
[49] Luigi Catuogno and Ivan Visconti. A Format-Independent Architecture for Run-Time Integrity Checking of Executable Code.In Proc. S. Cimato et al. (Eds.):SCN 2002, LNCS, Vol 2576, Springer-Verlag Berlin Heidelberg 2003, 219-233
[50] Ruby B. Lee, David K. Karig, John P. McGregor, and Zhijie Shi.Enlisting Hardware Architecture to Thwart Malicious Code Injection. In Proc.D. Hutter et al. (Eds.): Security in Pervasive Computing 2003, LNCS, Vol 2802,Springer-Verlag Berlin Heidelberg 2004, 237-252
[51] Ulrich Bayer,Andreas Moser, Christopher Kruegel, Engin Kirda. Dynamic analysis of malicious code. Journal in Computer Virology, 2006, (2):67-77
[52] Seung-Jae Yoo and Kuinam J. Kim.Detection Methods for Executive Compressed Malicious Codes in Wire/Wireless Networks. In Proc. M. Gavrilova et al. (Eds.): ICCSA 2006, LNCS,Vol3981, Springer-Verlag Berlin Heidelberg 2006,1025-1032
[53] Arun Lakhotia and Prashant Pathak .Virus Analysis: Techniques, Tools, and Research Issues Tutorial. In Proceedings of the 11th Working Conference on Reverse Engineering (WCRE'04). Los Alamitos:IEEE Computer Society Press,
[54] Murat Fiskiran A, Ruby B. Lee. Runtime Execution Monitoring (REM) to Detect and Prevent Malicious Code Execution. In Proc. Of the IEEE international conference on computer design (ICCD'04), Los AIamitos:IEEE Computer Society Press, 2004,452-457
[55] Tony Abou-Assaleh, Nick Cercone, Vlado Keselj, Ray Sweidan. N-gram based Detection of New Malicious Code. In Proceedings of the 28th Annual International Computer Software and Applications Conference (COMPSAC'04) Los Alamitos:IEEE Computer Society Press, 2004,41-42
[56] Arun Lakhotia, Eric Uday Kumar, and Michael Venable. A Method for Detecting Obfuscated Calls in Malicious Binaries. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2005, 31(11): 955-968
[57] Oystein Hallaraker and Giovanni Vigna. Detecting Malicious JavaScript Code in Mozilla. Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05), Los Alamitos:IEEE Computer Society Press, 2005,1-10
[58] Victor Skormin,Alexander Volyn,Douglas Summerville,James Moronski. In The Search of the "Gene of Self-Replication" In Malicious Codes.In Proceedings of the 2005 IEEE Workshop on Information Assurance and Security . West Point,Los Alamitos:IEEE Computer Society Press, 2005,193-200
[59] Amit Vasudevan and Ramesh Yerraballi. Stealth Breakpoints. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005),Tucson,Arizona, Los Alamitos:IEEE Computer Society Press,2005, 381-392
[60] Joon S. Park, Gautam Jayaprakash, and Joseph Giordano. Component Integrity Check and Recovery Against Malicious Codes. Proceedings of the 20th International Conference on Advanced Information Networking and Applications (AINA'06), Los Alamitos:IEEE Computer Society Press, 2006,466-470
[61] Amit Vasudevan and Ramesh Yerraballi. Cobra: Fine-grained Malware Analysis using Stealth Localized-executions. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'O6), Los Alamitos:IEEE Computer Society Press,2006, 264-279
[62] Mihai Christodorescu and Somesh Jha. Testing Malware Detectors. In Proc. Of ISSTA'04, Boston, Massachusetts, July 2004, 34-44
[63] Xu P J-Y, Sung A H, Chavez P, Mukkamala S. Polymorphic Malicious Executable Scanner by API Sequence Analysis. In Proceedings of the Fourth International Conference on Hybrid Intelligent Systems (HIS'04). Los Alamitos:IEEE Computer Society Press, 2004,378-383
[64] Jesse C, Rabek R, Khazan I, Scott M, Robert L and Cunningham K. Detection of Injected, Dynamically Generated,and Obfuscated Malicious Code. In Proc. of 2003 ACM workshop on Rapid Malcode, Oct 2003,76-82
[65] Sung A, Xu J, Chavez P, and Mukkamala S. Static Analyzer for Vicious Executables (SAVE). 20th Annual computer Security Applications Conference,IEEE Computer Society,Washington, DC, USA, 2004, 326-334
[66] Akira Mori, Tomonori Izumida, Toshimi Sawada ,Tadashi Inoue.A Tool for Analyzing and Detecting Malicious Mobile Code.In Proc. ICSE'06, , Shanghai,China. May 2006, 831-834
[67] Micha Moffie, Winnie Cheng, David Kaeli. Hunting Trojan Horses.In Proc. Of ASID'06, San Jose, California, Oct 2006,12-17
[68] Sirish A. Kondi ,Yoginder S. Dandass.Scanning Workstation Memory for Malicious Codes using Dedicated Coprocessors.In Proc. of ACM SE'06,Melbourne, Florida, March 2006, 661-666.
[69] Mohamed R. Chouchane,Arun Lakhotia.Using Engine Signature to Detect Metamorphic Malware. In Proc. Of WORM'06, Alexandria, Virginia, November 2006,73-78
[70]Hung-Min Sun,Yue-Hsun Lin,and Ming-Fung Wu.API Monitoring System for Defeating Worms and Exploits in MS-Windows System.L.Batten and R.Safavi-Naini(Eds.):ACISP 2006,LNCS,Vol4058,2006,159-170,Springer-Vedag Berlin Heidelberg 2006
[71]Lionel Litty,David Lie.Manitou:A LayerBelow Approach to Fighting Malware.ASID'06,San Jose,California,2006,6-11
[72]Mila Dalla Preda,Mihai Christodorescu and Somesh Jha,Saumya Debray.A Semantics-Based Approach to Malware Detection.In Proc.POPL'07,Nice,France.Jan,2007,377-388
[73]Christodorescu M,Jha S,Seshia S A,Song D,and Bryant R E.Semantics-aware malware detection.In Proceedings of the 2005 IEEE Symposium on Security and Privacy(S&P'05),Oakland,CA,USA,May 2005,32-46
[74]Hyungjoon Lee.Biologically inspired compter virus detection system.BioADIT 2004,LNCS,Vol3141,2004,153-165
[75]彭国军,张焕国,王丽娜等.Windows PE病毒中的关键技术分析.计算机应用研究,2006,(5):92-95
[76]Jefery Richer.Windows核心编程.北京:机械工业出版社,2005
[77]祝恩,殷建平,蔡志平等.计算机病毒自动变形机理的分析.计算机工程与科学,2002,24(6):14-17
[78]王剑,唐朝京.基于扩展通用图灵机的计算机病毒传染模型.计算机研究与发展.2003,40(9):1300-1306
[79]Chess D M and White S R.An undetectable computer virus.In Virus Bulletin Conf.,Sept.2000.http://www.research.ibm.com/antivirus/SciPapers /VB2000DC.pdf
[80]马建平.准确检测计算机病毒的可判定性.江汉石油学院学报.1991,13(1):74-76
[81]Diomidis Spinellis.Reliable Identification of Bounded-Length Viruses Is NP-Complete.IEEE Transactions on Informations Theory,2003,49(1):280-284
[82]Leitold F.Mathematical Model of Computer Viruses.EICAR 2000 Best Paper Proceedings,2000,194-217
[83]John Edwards.Next-Generation Viruses Present New Challenges.Computer,2001,(5):16-18
[84]Matthew M.Williamson Using Behavior to Detect and Classify Information Stealing Malware.Sana Security,Inc.USA,2005
[85]Ford R.A.,Thompson H.H.The Future of Proactive Virus Detection.Proceedings of EICAR Conference,Luxembourg,2004
[86]Wagner M.Behavior Oriented Detection of Malicious Code at Run-time.M.Sc.Thesis,Florida Institute of Technology,2004
[87]Richard Ford,Jason Michalske.Gatekeeper Ⅱ:New approaches to Generic Virus Prevention.Florida Institute of Technology,2004
[88]张波云,殷建平,蒿敬波,张鼎兴.基于多重朴素贝叶斯算法的未知病毒检测.计算机工程,2006,(10):18-20
[89]Fried N,Geiger D,et al.Bayesian network classifiers.Machine Learning,1997,29(2-3):131-163
[90]Langley P,Iba W,Thompson K.An analysis of Bayesian classifiers.In:Proceedings of the Tenth National conference on Artificial Intelligence.Menlo Park,USA:AAAI Press,1992,223-228.
[91]Vmware.http://www.vmware.com
[92]彭国军,张焕国,王丽娜,傅建明.Windows PE病毒中的关键技术分析.计算机应用研究,2006,(5):92-95
[93]王建军.PE文件内部结构探密.实验科学与技术,2005,(3):37-39
[94]祝恩,殷建平,蔡志平等.计算机病毒的本质特性分析及检测.计算机科学,2001(28):192-194
[95]Vx heavens,http://www.vx.netlux.org
[96]Ford R,Wagner M,Michalske J.Gatekeeper Ⅱ:New approaches to generic virus prevention.In:Proceeding of the International Virus Bulletin Conference,Chicago,IL,2004
[97]Peter Hall,Qi Li,Jeff Racine.Cross-Validation and the Estimation of Conditional Probability Densities.Journal of the American Statistical Association.2004,99(468):1015-1026
[98]Tom Fawcett.An introduction to ROC analysis.Pattern Recognition Letters,2006,27:861-874
[99]唐伟,周志华.基于Bagging的选择性聚类集成.软件学报,2005,16(4):496-502
[100]Sharon Lawner Weinberg,Sarah Knapp Abramowitz.Data Analysis for the Behavioral Sciences Using SPSS.Cambridge:Cambridge University Press,2002
[101]ZADEH L A.Fuzzy sets.Inf and Control,1965,(8):338-353
[102]Pedrycz W.Fuzzy sets in pattern recognition:methodology and methods.Pattern Recognition.1990,23(1-2):121-146
[103]陈守煜.工程模糊集理论与应用.北京:国防工业出版社,1998
[104]陈守煜.系统模糊决策理论与应用.大连:大连理工大学出版社,1994
[105]Chen Shouyu.Theory of fuzzy Optimum Selection for Multistage and Multi-objection Decision Making System.Journal of Fuzzy Mathematics,1994.2(1):163-174
[106]Pal S K,Dutta Majumder D K.Fuzzy mathematical approach to pattern recognition.New York:Halsted Press,1986
[107]王彩华,宋连天.模糊论方法学.北京:中国建筑工业出版社,1988
[108]张跃等.模糊数学方法及其应用.北京:煤炭工业出版社,1986
[109]Ted Pedersen.A simple approach to building ensembles of Naive Bayesian classifiers for word sense disambiguation.In proceedings of the first conference on North American chapter of the Association for Computational Linguistics table of contents,,Washington,2000,63-69
[110]Dash D,Cooper G F.Model Averaging for Prediction with Discrete Bayesian Networks.The Journal of Machine Learning Research.2004,(5):1177-1203
[111]Ron Meir,Tong Zhang.Generalization error bounds for Bayesian mixture algorithms.The Journal of Machine Learning Research.2003,(4):839-860
[112]Matthias Seege.Pac-bayesian generalisation error bounds for gaussian process classification.The Journal of Machine Learning Research.2003,(3):233-269
[113]Bezdek J C.Pattern Recognition with Fuzzy Objective Function Algorithms.New York:Plenum Press,1981,39-40
[114]Joshi A,Ramakrishman N,Houstis E N,Rice J R.On neurobiological,neuro-fuzzy,machine learning,and statistical pattern recognition techniques.IEEE Transactions on Neural Networks,1997,8(1):18-31
[115]Zahid N,Limouri M and Essaid A.A new cluster-validity for fuzzy clustering.Pattern Recognition,1999,(32):1089-1097
[116]Schalkoff RJ.Pattern recognition:statistical,structural and neural approaches.New York:John Wiley & Sons,Inc.1991
[117]Bezdek J C.Computing with uncertainty.IEEE Communications Magazine,1992,30(9):24-36
[118]Miao Xiren,Zhang Peiming.Application of fuzzy pattern recognition to electrical apparatus evaluation.In Proc.of the 3rd World Congress on Intelligent Control and Automation,2000,(5):3665-3669
[119]Yu Lu,Xilu Fan.Fuzzy-weighted distance and its applications in pattern recognition and classification.In Proc.9th International Conference on Pattern Recognition,Nov.1988,(2):1065-1067
[120]Canuto A M P,Howells W G J,Fairhurst M C.Fuzzy multi-layer perceptron for binary pattern recognition.In Proc.Seventh International Conference on Image Processing And Its Applications,July 1999,(1):260-264
[121]Boyun Zhang,Jianping Yin,Jingbo Hao.Using Fuzzy Pattern Recognition to Detect Unknown Malicious Executable Code.In Proc.FSKD2005.Lecture Notes in Artificial Intelligence,Springer-Verlag,Changsha,Aug 2005,Vol 3613,629-634
[122]Domingos P,Pazzani M.Beyond independence:conditions for the optimality of the simple Bayesian classifier.In:Proceedings of the 13th International conference on Machine Learning,1996,105-112
[123]Vapnik V N.The Nature of Statistical Learning Theory.New York:springer-Verlag,1995
[124]Berger.Statistical Decision Theory and Bayesion Analisys.New York:Springer-Verlag,1985
[125]Vapnik V N.An overview of statistical learning theory.IEEE Transactions on Neural Networks,1999,10(5):988-999
[126]YunChao Bai,MingHu Ha.The key theorem of statistical learning theory on possibility spaces.In:Proceedings of 2005 International Conference on Machine Learning and Cybernetics,Aug.2005,(7):4374-4378
[127]Hildebrand T H,Liu W.Optical recognition of handwritten Chinese characters:advances since 1980.Pattern Recognition.1993,26(2):205-225
[128]Joachims J.Text categroiztion with support vector machines:Learning with many relevant features.The European Conf on Machine Learning(ECML 1998),German,1998
[129]Osuna E,Freund R,Girosi F.Training support vector machines:Anapplication to face detection.CVPR 1997,Puerto Rico,1997
[130]李颖新,李建更,阮晓钢等.肿瘤基因表达谱分类特征基因选取问题及分析方法研究.计算机学报.2006,29(2):324-330
[131]Drucker H,Donghui Wu;Vapnik V N.Support vector machines for spam categorization.IEEE Transactions on Neural Networks.1999,10(5):1048-1054
[132]Dong Seong Kim,Ha-Nam Nguyen,Jong Sou Park.Genetic algorithm to improve SVM based network intrusion detection system.In Proc.19th International Conference on Advanced Information Networking and Applications,2005,Vol.2,155-158
[133]Boyun Zhang,Jianping Yin,Jingbo Hao,et al.Using Support Vector Machine to Detect Unknown Computer Viruses.International Journal of Computational Intelligence Research,2006,2(1):95-99
[134]Forrest S,Hofmeyr S A,and Somayaji A.Computer immunology.Communications of the ACM,1997,40(10):88-96
[135]Hofmeyr S A,Forrest S,Somayaji A.Intrusion Detection using Sequences of System Calls.Journal of Computer Security,1998,6(3):151-180
[136]饶鲜,董春曦,杨绍全.基于支持向量机的入侵检测系统.软件学报,2003,14(4):798-803
[137]闫巧,谢维信,宋歌等.基于HMM的系统调用异常检测.电子学报,2003,10:1486-1490
[138]蔡忠闽,管晓宏,邵萍等.基于粗糙集理论的入侵检测新方法.计算机学报, 2003,3:361-366
[139]徐明,陈纯,应晶.一个两层马尔可夫链异常入侵检测模型.软件学报,2005,16(2):276-285
[140]卿斯汉,蒋建春,马恒太等.入侵检测技术研究综述.通信学报,2004,25(7):19-29
[141]Mazeroff G A.Probabilistic Suffix Models for Windows Application Behavior Profilling:Fromawork and Initial Results.The University of Tennessee,Knoxville,Dec 2004.
[142]Arun Lakhotia and Eric Uday Kumar.Abstracting Stack to Detect Obfuscated Calls in Binaries.In Proceedings of the Fourth IEEE International Workshop on Source Code Analysis and Manipulation(SCAM'04),2004,17-26
[143]Lee W,Dong X.Information-Theoretic measures for anomaly detection.In:Needham R,Abadi M,(eds).Proceedings of the 2001 IEEE Symposium on Security and Privacy.Oakland,CA:IEEE Computer Society Press,2001,130-143
[144]Kira K,Rendell L A.A practical approach to feature selection.In:Sleeman D,Edwards P,eds.Proceedings of the 9th International Workshop on Machine Learning.San Francisco,CA:Morgan Kaufmann,1992,249-256.
[145]Kira K,Rendell L A.The feature selection problem:traditional methods and a new algorithm.Proceedings of the Ninth National conference on Artificial Intelligence,1992,129-134
[146]KononenkoI.Estimating attributes:Analysis and extensions of Relief.In:DeRaedt L,Bergadano F,eds.Proceedings of the 7th European Conference on Machine Learning.Berlin:Springer,1994,171-182
[147]Guangquan Zhang and Jie Lu.The Definition of Optimal Solution and an Extended Kuhn-Tucker Approach for Fuzzy Linear Bilevel Programming.IEEE Intelligent Informatics Bulletin.2005,6(2):1-7
[148]Burgers C.A Tutorial on Support Vector Machines for Pattern Recognition,Data Mining and Knowledge Discovery,1998,2(2):121-167
[149]Chang C C,Lin C J.LIBSVM:a library for support vector machines.2001.http://www.csie.ntu.edu.tw/~cjlin/libsvm
[150]Keerthi S S,Lin C J.Asymptotic behaviors of support vector machines with Gaussian kemel.Neural Computation,2003,15(7):1667-1689
[151]Boyun Zhang,Jianping Yin,Jingbo Hao.Malicious Code Detection Based on N-gram Analysis and Rough Set Theory.In Proc.CIS 2006,IEEE Computer Society & Lecture Notes in Artificial Intelligence,Springer-Verlag.Guanzhou,Nov 2006
[152]姜维,王晓龙,关毅,赵健.基于多知识源的中文词法分析系统.计算机学报,2007,30(1):137-145
[153]Jurafsky D,James H.Speech and Language Processing.New York:Prentice-Hall,Inc.,2000
[154]Kephart J,Arnold W.Automatic Extraction of Computer Virus Signatures.In:Proceedings of the 4th Virus Bulletin International Conference.Abingdon,1994,178-184
[155]Kohavi R,John G H.Wrappers for feature subset selection.Artificial Intelligence journal,special issue on relevance,1997,97(1-2):273-324
[156]张丽新.高维数据的特征选择及基于特征选择的集成学习研究.博士学位论文,北京:清华大学,2004
[157]Golan,R.Ziarko,W.Methodology for stock market analysis utilizing rough set theory.In:Proceedings of 1EEE/IAFE Conference on computational intelligence for financial engineering,New Jersey,1995,32-40
[158]Teghem,J.et al.Use of rough set method to draw premonitory factors for earthquakes by emphasizing gas geochemistry.Intelligent Decision Support-Handbook of applications and advances of the rough sets theory.Dordrecht:kluwer Academic Publishers,1992,165-179
[159]Hu,X.et al.Mining knowledge rules from databases-a rough set approach.In:Proceedings of IEEE International Conference on data engineering,1996,96-105
[160]Tsumoto,S.Tanaka,H.Incremental learning of probabilistic rules from clinical databases.Proceedings Information Processing and Management of Uncertainty on Knowledge Based Systems,1996,1457-1462
[161]Kusiak A.Rough set theory:a data mining tool for semiconductor manufacturing,IEEEE Transactions on Electronics Packaging Manufacturing,2001,24(1):44-50
[162]Pawlak Z.Rough sets present state and further prospects.Technical Report ICS Research Repoxa 32/94,Institute of Computer Science,Warsaw University of Technology,1995
[163]Skowron A,Rauszer C.The discernibility matrices and functions in information systems.Intelligent Decision Support Handbook of Application and Advances of Rough Sets Theory.Dordrecht:Kluwer Academic Publishers,1992,331-362
[164]Polkowski L,Skowron A.Rough sets in knowledge discovery 1:Methodology and Applications.Physica-Verlag,Heidelberg,1998
[165]Polkowski L,Skowron A.Rough sets in knowledge discovery 2:Applications,Case Studies and Software Systems,Physica-Verlag,Heidelberg,1998
[166]张文修等.粗糙集理论与方法.北京:科学出版社,2001
[167] Han J, Kamber M. Data Mining Concepts and Techniques. San Francisco:Morgan Kaufmann Publishers Inc., 2001
[168] Guar J, Bell D. Rough computational methods for information systems. Artificial Intelligence. 1998, (105): 77-103
[169] Mathworks(ed.): Neural Network Toolbox User's Guide (version 4). The Mathworks, Inc., Ntick, Massachussets, 2001.
[170] Hansen L K. Salamon P. neural network ensembles. IEEE Trans Pattern Analysis and machine Intelligence. 1990,12(10): 993-1001
[171] Krogh A,Vedelsby J. Neural network ensembles, cross validation, and active learning. In: Tesauro D, Touretzky D, Leen T, eds. Advances in neural information processing systems 7. Cambridge, MA: MIT Press, 1995, 231-238
[172] Boyun Zhang, Jianping Yin, Jingbo Hao, Dingxing Zhang, and Shulin Wang.Malicious Codes Detection Based on Ensemble Learning.In Proc. Bin Xiao,Laurence T. Yang, Jianhua Ma(Eds.): the 4th International Conference on Autonomic and Trusted Computing (ATC-07), Lecture Notes in Computer Science, Springer-Verlag, Hongkong, Jul 2007
[173] Hornik K. Approximation capabilities of multilayer feedforward networks. Neural Networks, 1991, 4:251-257
[174] Valiant L G. A theory of the learnalbe. Communictions of the ACM, 1984, 27(11):1134-1142
[175] Kearns M, Li M, Pitt L and Valiant L. On the learnability of boolean formulae. In Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, New York, 1987, 267-279
[176] Kearns M and Schapire R E. Efficient distribution-free learning of probabilistic concepts. In 31st Annual Symposium on Foundations of Computer Science, 1990,382-391
[177] Sollich P and Krogh A. Learning with Ensemble: How Over-Fitting can be Useful. D. Touretzky et al. (Eds.): Advances in Neural Information Processing System, 1996, Vol. 8,190-196
[178] Breiman L. Bagging predictors. Machine Learning, 1996, 24(2): 123-140
[179] Schapire R E. The Strength of Weak Learnability. Machine Learning, 1990, 5(2):197-227
[180] Freund Y. Boosting a Weak Learning Algorithm by Majority. Information and Computation, 1995, 121(2): 256-285
[181] Drucker H, Schapire R E, Simard P. Boosting Performance in Neural Networks.International Journal of Pattern Recognition and Artificial Intelligence, 1993,7(4): 705-719
[182] Freund Y, Schapire R E. A Decision-Theoretic Generalization of On-Line Learning and an Application to Boosting. Journal of Computer and System Sciences, 1997,55(1): 119-139
[183] Blum AL,Rivest R L.Training a 3-node neural network is NP-complete. Neural Networks, 1999, 5(1): 117-127
[184] Bryll R, Gutierrez-Osuna R, Quek F. Attribute bagging: Improving accuracy of classifier ensembles by using random feature subsets. Pattern Recognition, 2003,36(6): 1291-1302
[185] Specht D F. Probabilistic Neural Networks. Neural Networks, 1990, (3): 109-118
[186] Dempster A P. Upper and lower probabilities induced by multi-valued mapping.Annals of Mathematical Statistics, 1967 (2): 325-339
[187] Xu L, Krzyzak A, Suen C. Methods of combining multiple classifiers and their applica-tions to handwritten recognition. IEEE Transactions on Systems,Man and cybernetics,SMC, 1992,22(3): 418-435
[188] Srivastave, Keen. Estimation of the interclass correlation coefficient.Biometrika, 1988, (75): 731-739
[189] Xiuju Fu, Lipo Wang. Data dimensionality reduction with application to simplifying RBF network structure and improving classification performance.IEEE Transactions on Systems, Man and Cybernetics, Part B.2003,33(3):399-409
[190] Utschick W, Nachbar P, Knobloch C, et al. The evaluation of feature extraction criteria applied to neuralnetwork classifiers. In Proceedings of the Third International Conference on Document Analysis and Recognition. 1995, (1): 315-318
[191] Dempster A P. On direct probabilities. J. Roy Statist Soc Ser. 1963, 8(25):102-107
[192] Dempster A P. New methods for reasoning toward poste nor distributions based on sample data. Ann. Math. Statis, 1967, (37):355-374
[193] Dempster A P. Upper and lower probability inferences based on a sample from a finite univariant population. Biometrika, 1967, (54): 515-528
[194] Dempster A P. Upper and lower probabilities generated by a random closed interval. Ann. Math. Statis, 1968, 39 (3): 957-966
[195] Dempster A P. A generalization of Bayesian inference. J. Roy. Statis. Soc Ser B ,1968, (30): 205-247
[196] Shafer G. A Mathematical Theory of Evidence. New Jersey : Princeton University Press, 1976
[197] Shafer G, Logan R. Implementing Dempster's rule for hierarchical evidence.Articial Intelligence, 1987, (33): 271-298
[198] Shenoy P P, Shafer G . Propagating belief functions with local computations.IEEE Expert, 1986, 1(3): 43-52
[199] Devijver P A, Kittler J. Pattern Recognition, A Statistical Approach. London:Prentice Hall, 1982
[200] Dimitrios S, frossyniotis, Andreas S. A Multi-SVM Classification system, In:Proceedings of the Second International Workshop on Multiple Classifier Systems (MCS 2001), LNCS, Vol 2096,2001,198-207
[201] Kim H, Pang S, Je H, et al. Constructing Support Vector Machine Ensemble.Pattern Recognition, 2003,36(12): 2757-2767
[202] Orponen P. Dempster's rule of combination is #P-complete. Artificial Intelligence,1990,44(1-2): 245-253
[203] Barnet J A. Computational Methods for a Mathematical Theory of Evidence. In Proc. 7th International Conference on Artificial Intelligence, 1981, 868-875
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |