基于自适应流抽样测量的网络异常检测技术研究
|
摘要
近年来,随着互联网用户数量的持续增长和新型网络应用的快速部署,针对网络的流量攻击威胁问题也愈发严重,分布式拒绝服务攻击(Distributed DenialofService,DDoS)、僵尸网络和蠕虫攻击等频繁发生,对网络的正常运行造成极大的危害。如何在高速网络环境下对网络异常行为进行及时感知和快速处理,对于保证网络有效运行和提高服务提供能力的稳健性具有非常重要的意义。
本文依托国家973计划重大课题——“可重构信息通信基础网络体系研究”,结合项目对异常事件精确感知的研究需求,以高速网络抽样测量获得的数据作支撑,重点研究异常流量的检测识别技术。鉴于流量预测模型能够在不同时间尺度上对网络流量行为的动态趋势做出合理准确的推断,论文采用流量预测与机器学习相结合的方法,首先,通过多维时间尺度预测实现对网络异常流量的粗检测,然后,再利用机器学习方法对由粗检测判断为正常的流量进行细检测,最终实现对异常行为的精确感知。本文的主要研究内容如下:
1.针对现有的常用抽样方法关注于保存流统计特性而忽略流量特征信息的缺陷,提出了一种特征感知的自适应流抽样(Adaptive Flow Sampling,AFS)算法。该算法采用自适应抽样和后期抽样技术相结合的方案,能够修正抽样概率以使流量特征分布的失真度最小。它根据流特征矩大小选择流,从而可以忽略冗余大流而关注对异常检测具有重要作用的小流。与随机流抽样算法相比,AFS算法减少了由抽样过程引起的信息损失且系统的异常检测能力得到了提高。
2.通过分析正常流量和异常流量数据在分数阶傅里叶变换(Fractional FourierTransform,FrFT)域的统计特性,得到实际网络流量在FrFT域满足自相似性。进一步地,针对网络流量在FrFT域的“时域”和“频域”展开,分别给出了基于改进的整体经验模态分解—去趋势波动分析(Modified Ensemble Empirical Mode Decomposition—DetrendedFluctuation Analysis,MEEMD-DFA)的Hurst指数估计法以及基于一维加权最小二乘回归(Weighted Least Square Regression,WLSR)的Hurst指数自适应估计法,并将它们应用于分形高斯噪声和真实网络流量数据。仿真结果表明,相比于现有估值算法,MEEMD-DFA法具有较高的估计精度,但其计算复杂度高;而FrFT自适应估计法则具有更优的估计鲁棒性,且计算复杂度较低,可作为一种实时在线估计真实网络数据Hurst指数的方法。
3.针对网络流量在大时间尺度上呈现出的自相似特性,提出了一种基于改进的整体经验模态分解(MEEMD)与自适应分数阶粒子群优化RBF神经网络(AdaptiveFractional-order Particle Swarm Optimization trained Radial Basis Function Neural Network,AFOPSO-RBFNN)的流量预测模型。首先,采用MEEMD方法对流量序列进行分解,再利用AFOPSO-RBF神经网络对分解得到的固有模式函数分量进行预测,最后,合成所有分量的预测结果,获得最终的预测值。对真实网络流量的预测结果表明,相比于EMD与自回归滑动平均(Auto Regressive MovingAverage,ARMA)、EMD与支持向量机(SupportVector Machines,SVM)以及EEMD与人工神经网络(Artificial Neural Networks,ANN)方法,该算法具有较低的计算复杂度和更高的预测精度。
4.针对网络流量在小时间尺度上的高维非线性,提出了一种由量子位、通用量子门和量子加权构成的量子神经网络(QuantumNeural Network,QNN)模型。为提高网络的收敛速度和防止算法陷入局部最优,给出了基于改进PRP共轭梯度(ModifiedPolak–Ribière–Polyak conjugate gradient Conjugate Gradient,MPRPCG)的学习算法,并从理论上证明了算法的全局收敛性。对小时间尺度上网络流量的预测结果表明,相比于现有的局部支持向量机回归(Local Support Vector Machine Regression,LSVMR)与柔性神经树模型(Flexible Neural Tree,FNT),QNN模型具有更高的预测精度和较低的计算复杂度,并且其收敛速度、鲁棒性均优于BP网络及量子加权神经网络(Quantum WeightedNeural Network,QWNN)。
5.针对机器学习任务中用来检测异常的特征子集难以确定的问题,提出了一种基于归一化互信息特征选择(Normalized Mutual Information Feature Selection,NMIFS)与量子小波神经网络(Quantum Wavelet Neural Network,QWNN)的异常检测模型。首先,采用NMIFS方法从给定的样本特征集中选择检测所需的最佳特征组合,以实现对高维特征数据的有效降维,然后在训练阶段将获得的最佳组合特征向量交由QWNN分类器进行学习训练,得到异常检测模型,在检测阶段则将数据送入已经建立起来的检测模型中,并输出精确的检测结果。综合考虑经验风险与置信风险,QWNN分类器采用基于结构风险最小化的极速学习机(Structural Risk Minimization Extreme Learning Machine,SRM-ELM)学习算法。对真实异常数据的实验结果表明,相比于现有的常用异常检测方法,NMIFS-QWNN方法具有较高的检测精度和较低的漏报率,且算法复杂度较低,检测准确率达到95.8%。
最后,提出了基于流量预测方法的粗检测技术与基于机器学习方法的细检测技术相结合的异常检测方案,并分别用人工合成数据和真实骨干网流量数据进行了实验验证,结果表明,本文提出方案的检测准确率能够达到96.9%。
Network anomaly detection, which establishes the normal network traffic behavior modelto detect the abnormal behavior of the network, is an important means of Intrusion Detection. Inrecent years, with the continued growth of the number of Internet users and the rapiddeployment of new network applications, threat of attack against the network traffic hasbecome increasingly serious, distributed denial of service attack (DDoS), botnet and wormattacks etc. occur frequently, they have caused great harm to the normal operation of thenetwork. How to timely perception and fast processing of network anomaly behavior in thehigh-speed network environment, it has a very important significance for ensuring the effectiveoperation of the network and raising the robustness of service providing ability.
Combined with the fundamental technique research task of identifying abnormal eventsaccurately in the“Research on Reconfigurable Information Communication Basic NetworkSystem” project belonging to the National Priority Basic Research and Development Programof China(973Program), this dissertation primarily discussed how to better detect networktraffic anomaly based on measurement in high-speed backbone link. Considering the trafficprediction model can make reasonable accurate inference for the dynamic trend of networktraffic behavior on different time scales, the paper achieves accurate perception of abnormalbehavior through the combination of traffic prediction method and machine learning method.First of all, this paper realizes the coarse detection of network traffic abnormally through themultidimensional time scales prediction. Then, to prevent the emergence of false positive, ituses machine learning method to carry out fine detection for normal traffic judging from thecoarse detection module. The main research contents of this paper are outlined as follows:
1. Aiming at the deficiencies of the existing common sampling methods, a feature-awareadaptive flow sampling (AFS) algorithm is proposed. The algorithm can correct the samplingprobability to minimize the distortion of the traffic feature distribution through the combinationof adaptive sampling method and late sampling technique. In the algorithm, the fows areselected according to the size of their moments, thus it can ignore the redundant flow and focuson the small flows which play an important role in anomaly detection. Compared with therandom flow sampling algorithm, AFS algorithm reduces the loss of information caused by thesampling process, and the anomaly detection capabilities of the system has been improved.
2. Statistical characteristic of network traffic data in the fractional Fourier transform (FrFT)domain are analyzed, which indicates the self-similarity feature. Further, Hurst parameterestimation methods based on modified ensemble empirical mode decomposition-detrendedfluctuation analysis (MEEMD-DFA) and adaptive estimator with weighted least square regression (WLSR) are presented, which are aimed at the displaying network traffic in―time‖or―frequency‖domain of FrFT domain separately. Experimental results demonstrate that theMEEMD-DFA method has more accurate estimate precision but higher computationalcomplexity than existing common methods. While the overall robustness of adaptive estimatoris satisfactory over the other six methods in simulation, and that it has lower computationalcomplexity. Thus, it can be used as a real-time online Hurst parameter estimator for traffic data.
3. Aiming at the self-similarity of network traffic on large-time scale, a traffic forecastingmodel based on modified ensemble empirical mode decomposition (MEEMD) and adaptivefractional particle swarm optimization radial basis function neural network (AFOPSO-RBFNN)is presented. Firstly, the MEEMD method is employed to decompose the traffic data sequenceinto intrinsic mode function (IMF) component. Then, the AFOPSO-RBFNN is adopted toforecast the IMF components. Ultimately, the final prediction value is obtained via synthetizingthe prediction results of all components. The forecast results on real network traffic show thatthe proposed algorithm has a lower computational complexity and higher prediction accuracythan that of EMD and Auto Regressive Moving Average (ARMA), EMD and Support VectorMachines (SVM), EEMD and Artificial Neural Networks (ANN) method.
4. Aiming at the high-dimensional nonlinear behavior of network traffic on small-timescale, a novel quantum neural network (QNN) model is presented. The quantum neural networkis composed of quantum bits, universal quantum gates and quantum weighted. Then, toaccelerate the convergence speed and prevent the algorithm from falling into local optimum, alearning algorithm based on modified descent Polak–Ribière–Polyak conjugate gradient(MPRPCG) method is given, and its global convergence is proved in theory. Forecasting resultson real small-time scale network traffic demonstrate that the proposed method has lowercomputational complexity and more accurate prediction precision than that of flexible neuraltree (FNT) and local support vector machine regression model (LSVMR). Moreover, comparedto BP neural network and Quantum weighted neural Network (QWNN), the convergence andthe robustness of the method in this paper are outstanding.
5. Aiming at the difficult problem of determining the feature subset used to detect anomalyin machine learning task, an anomaly detection model based on normalized mutual informationfeature selection (NMIFS) and quantum wavelet neural network (QWNN) is presented. Firstly,in order to realize the effective reduction for high-dimensional feature data, NMIFS method isused to select the best feature combination from a given set of sample features. Then, the bestcombination of feature vectors are sent to the QWNN classifier for learning and training in thetraining phase, and the anomaly detection model will be obtained. At the detection stage, thedata is fed into the detection model that has been established during the detection phase; ultimately output the accurate detection results to the client. Considering the empirical risk andconfidence risk comprehensively, the learning algorithm of structural risk minimization extremelearning machine (SRM-ELM) is employed by the QWNN classifier. The experimental resultson real abnormal data demonstrate that the NMIFS-QWNN method has higher detectionaccuracy and lower false negative rate than existing common anomaly detection methods.Further more, the complexity of the algorithm is low and the detection accuracy can reach up to95.8%.
Finally, the anomaly detection scheme, which is consisted of coarse detection technologybased on traffic prediction method and fine detection technology based on machine learningmethod, is proposed. Experimental results on synthetic data and real backbone traffic data showthat the detection accuracy of the proposed program can reach more than96.9%.
本文依托国家973计划重大课题——“可重构信息通信基础网络体系研究”,结合项目对异常事件精确感知的研究需求,以高速网络抽样测量获得的数据作支撑,重点研究异常流量的检测识别技术。鉴于流量预测模型能够在不同时间尺度上对网络流量行为的动态趋势做出合理准确的推断,论文采用流量预测与机器学习相结合的方法,首先,通过多维时间尺度预测实现对网络异常流量的粗检测,然后,再利用机器学习方法对由粗检测判断为正常的流量进行细检测,最终实现对异常行为的精确感知。本文的主要研究内容如下:
1.针对现有的常用抽样方法关注于保存流统计特性而忽略流量特征信息的缺陷,提出了一种特征感知的自适应流抽样(Adaptive Flow Sampling,AFS)算法。该算法采用自适应抽样和后期抽样技术相结合的方案,能够修正抽样概率以使流量特征分布的失真度最小。它根据流特征矩大小选择流,从而可以忽略冗余大流而关注对异常检测具有重要作用的小流。与随机流抽样算法相比,AFS算法减少了由抽样过程引起的信息损失且系统的异常检测能力得到了提高。
2.通过分析正常流量和异常流量数据在分数阶傅里叶变换(Fractional FourierTransform,FrFT)域的统计特性,得到实际网络流量在FrFT域满足自相似性。进一步地,针对网络流量在FrFT域的“时域”和“频域”展开,分别给出了基于改进的整体经验模态分解—去趋势波动分析(Modified Ensemble Empirical Mode Decomposition—DetrendedFluctuation Analysis,MEEMD-DFA)的Hurst指数估计法以及基于一维加权最小二乘回归(Weighted Least Square Regression,WLSR)的Hurst指数自适应估计法,并将它们应用于分形高斯噪声和真实网络流量数据。仿真结果表明,相比于现有估值算法,MEEMD-DFA法具有较高的估计精度,但其计算复杂度高;而FrFT自适应估计法则具有更优的估计鲁棒性,且计算复杂度较低,可作为一种实时在线估计真实网络数据Hurst指数的方法。
3.针对网络流量在大时间尺度上呈现出的自相似特性,提出了一种基于改进的整体经验模态分解(MEEMD)与自适应分数阶粒子群优化RBF神经网络(AdaptiveFractional-order Particle Swarm Optimization trained Radial Basis Function Neural Network,AFOPSO-RBFNN)的流量预测模型。首先,采用MEEMD方法对流量序列进行分解,再利用AFOPSO-RBF神经网络对分解得到的固有模式函数分量进行预测,最后,合成所有分量的预测结果,获得最终的预测值。对真实网络流量的预测结果表明,相比于EMD与自回归滑动平均(Auto Regressive MovingAverage,ARMA)、EMD与支持向量机(SupportVector Machines,SVM)以及EEMD与人工神经网络(Artificial Neural Networks,ANN)方法,该算法具有较低的计算复杂度和更高的预测精度。
4.针对网络流量在小时间尺度上的高维非线性,提出了一种由量子位、通用量子门和量子加权构成的量子神经网络(QuantumNeural Network,QNN)模型。为提高网络的收敛速度和防止算法陷入局部最优,给出了基于改进PRP共轭梯度(ModifiedPolak–Ribière–Polyak conjugate gradient Conjugate Gradient,MPRPCG)的学习算法,并从理论上证明了算法的全局收敛性。对小时间尺度上网络流量的预测结果表明,相比于现有的局部支持向量机回归(Local Support Vector Machine Regression,LSVMR)与柔性神经树模型(Flexible Neural Tree,FNT),QNN模型具有更高的预测精度和较低的计算复杂度,并且其收敛速度、鲁棒性均优于BP网络及量子加权神经网络(Quantum WeightedNeural Network,QWNN)。
5.针对机器学习任务中用来检测异常的特征子集难以确定的问题,提出了一种基于归一化互信息特征选择(Normalized Mutual Information Feature Selection,NMIFS)与量子小波神经网络(Quantum Wavelet Neural Network,QWNN)的异常检测模型。首先,采用NMIFS方法从给定的样本特征集中选择检测所需的最佳特征组合,以实现对高维特征数据的有效降维,然后在训练阶段将获得的最佳组合特征向量交由QWNN分类器进行学习训练,得到异常检测模型,在检测阶段则将数据送入已经建立起来的检测模型中,并输出精确的检测结果。综合考虑经验风险与置信风险,QWNN分类器采用基于结构风险最小化的极速学习机(Structural Risk Minimization Extreme Learning Machine,SRM-ELM)学习算法。对真实异常数据的实验结果表明,相比于现有的常用异常检测方法,NMIFS-QWNN方法具有较高的检测精度和较低的漏报率,且算法复杂度较低,检测准确率达到95.8%。
最后,提出了基于流量预测方法的粗检测技术与基于机器学习方法的细检测技术相结合的异常检测方案,并分别用人工合成数据和真实骨干网流量数据进行了实验验证,结果表明,本文提出方案的检测准确率能够达到96.9%。
Network anomaly detection, which establishes the normal network traffic behavior modelto detect the abnormal behavior of the network, is an important means of Intrusion Detection. Inrecent years, with the continued growth of the number of Internet users and the rapiddeployment of new network applications, threat of attack against the network traffic hasbecome increasingly serious, distributed denial of service attack (DDoS), botnet and wormattacks etc. occur frequently, they have caused great harm to the normal operation of thenetwork. How to timely perception and fast processing of network anomaly behavior in thehigh-speed network environment, it has a very important significance for ensuring the effectiveoperation of the network and raising the robustness of service providing ability.
Combined with the fundamental technique research task of identifying abnormal eventsaccurately in the“Research on Reconfigurable Information Communication Basic NetworkSystem” project belonging to the National Priority Basic Research and Development Programof China(973Program), this dissertation primarily discussed how to better detect networktraffic anomaly based on measurement in high-speed backbone link. Considering the trafficprediction model can make reasonable accurate inference for the dynamic trend of networktraffic behavior on different time scales, the paper achieves accurate perception of abnormalbehavior through the combination of traffic prediction method and machine learning method.First of all, this paper realizes the coarse detection of network traffic abnormally through themultidimensional time scales prediction. Then, to prevent the emergence of false positive, ituses machine learning method to carry out fine detection for normal traffic judging from thecoarse detection module. The main research contents of this paper are outlined as follows:
1. Aiming at the deficiencies of the existing common sampling methods, a feature-awareadaptive flow sampling (AFS) algorithm is proposed. The algorithm can correct the samplingprobability to minimize the distortion of the traffic feature distribution through the combinationof adaptive sampling method and late sampling technique. In the algorithm, the fows areselected according to the size of their moments, thus it can ignore the redundant flow and focuson the small flows which play an important role in anomaly detection. Compared with therandom flow sampling algorithm, AFS algorithm reduces the loss of information caused by thesampling process, and the anomaly detection capabilities of the system has been improved.
2. Statistical characteristic of network traffic data in the fractional Fourier transform (FrFT)domain are analyzed, which indicates the self-similarity feature. Further, Hurst parameterestimation methods based on modified ensemble empirical mode decomposition-detrendedfluctuation analysis (MEEMD-DFA) and adaptive estimator with weighted least square regression (WLSR) are presented, which are aimed at the displaying network traffic in―time‖or―frequency‖domain of FrFT domain separately. Experimental results demonstrate that theMEEMD-DFA method has more accurate estimate precision but higher computationalcomplexity than existing common methods. While the overall robustness of adaptive estimatoris satisfactory over the other six methods in simulation, and that it has lower computationalcomplexity. Thus, it can be used as a real-time online Hurst parameter estimator for traffic data.
3. Aiming at the self-similarity of network traffic on large-time scale, a traffic forecastingmodel based on modified ensemble empirical mode decomposition (MEEMD) and adaptivefractional particle swarm optimization radial basis function neural network (AFOPSO-RBFNN)is presented. Firstly, the MEEMD method is employed to decompose the traffic data sequenceinto intrinsic mode function (IMF) component. Then, the AFOPSO-RBFNN is adopted toforecast the IMF components. Ultimately, the final prediction value is obtained via synthetizingthe prediction results of all components. The forecast results on real network traffic show thatthe proposed algorithm has a lower computational complexity and higher prediction accuracythan that of EMD and Auto Regressive Moving Average (ARMA), EMD and Support VectorMachines (SVM), EEMD and Artificial Neural Networks (ANN) method.
4. Aiming at the high-dimensional nonlinear behavior of network traffic on small-timescale, a novel quantum neural network (QNN) model is presented. The quantum neural networkis composed of quantum bits, universal quantum gates and quantum weighted. Then, toaccelerate the convergence speed and prevent the algorithm from falling into local optimum, alearning algorithm based on modified descent Polak–Ribière–Polyak conjugate gradient(MPRPCG) method is given, and its global convergence is proved in theory. Forecasting resultson real small-time scale network traffic demonstrate that the proposed method has lowercomputational complexity and more accurate prediction precision than that of flexible neuraltree (FNT) and local support vector machine regression model (LSVMR). Moreover, comparedto BP neural network and Quantum weighted neural Network (QWNN), the convergence andthe robustness of the method in this paper are outstanding.
5. Aiming at the difficult problem of determining the feature subset used to detect anomalyin machine learning task, an anomaly detection model based on normalized mutual informationfeature selection (NMIFS) and quantum wavelet neural network (QWNN) is presented. Firstly,in order to realize the effective reduction for high-dimensional feature data, NMIFS method isused to select the best feature combination from a given set of sample features. Then, the bestcombination of feature vectors are sent to the QWNN classifier for learning and training in thetraining phase, and the anomaly detection model will be obtained. At the detection stage, thedata is fed into the detection model that has been established during the detection phase; ultimately output the accurate detection results to the client. Considering the empirical risk andconfidence risk comprehensively, the learning algorithm of structural risk minimization extremelearning machine (SRM-ELM) is employed by the QWNN classifier. The experimental resultson real abnormal data demonstrate that the NMIFS-QWNN method has higher detectionaccuracy and lower false negative rate than existing common anomaly detection methods.Further more, the complexity of the algorithm is low and the detection accuracy can reach up to95.8%.
Finally, the anomaly detection scheme, which is consisted of coarse detection technologybased on traffic prediction method and fine detection technology based on machine learningmethod, is proposed. Experimental results on synthetic data and real backbone traffic data showthat the detection accuracy of the proposed program can reach more than96.9%.
引文
[1].中国互联网信息中心.第31次中国互联网络发展状况调查[EB/OL].http://www.cnnic.cn/index/0E/00/11/index.htm.2013-01.
[2].人民邮电报[EB/OL].http://mag.big-bit.com/news/61163.html.2012-08.
[3].韦乐平.中国信息产业网[EB/OL].http://www.cnii.com.cn/contenet/2011-06/09/content_883772.html.
[4].杭强伟.国家反计算机入侵和防病毒研究中心[EB/OL].http://www.antivirus-china.org.cn.
[5].腾讯QQ专家网络安全形势分析报告[EB/OL].http://guanjia.qq.com/security/report2012/page.html?id=5.
[6].张震.基于流量测量的高速IP业务感知技术研究[D].解放军信息工程大学,2012.
[7].裴昌幸.现代通信系统与网络测量[M].北京:人民邮电出版社,2008.
[8]. Marina Thottan, Chuanyi Ji. Anomaly Detection in IP Networks[J]. IEEE Transactions on SignalProcessing, Vol.51, No.8,2003:2191-2204.
[9]. Manranjan Pradhan, Sateesh Kumar Pradhan, Sudhir Kumar Sahu. A Survey on Detection Methods inIntrusion Detection System [J]. International Journal of Computer Application,2012,3(2):81-90.
[10].王风宇,云晓春,曹震中.多时间尺度同步的网络异常检测方法[J].通信学报,2007,28(12):60-65.
[11].国家科技部973计划信息技术领域办公室.可重构信息通信基础网络体系研究项目申请指南
[EB/OL]. http://www.973.gov.cn/FuJianPath/1011/08/FJ_101108-14-01-49-8218_978.pdf.
[12]. CIO时代网[EB/OL]. http://www.ciotimes.com/from=844b/bd_page_type=1/ssid=0/uid=D027C2B4.
[13]. Chuck Fraleigh, Sue Moon, Bryan Lyles, Christophe Diot.Packet-Level Traffic Measurements from theSprint IP Backbone [J]. IEEE Transactions on Networking,2003,11(3):6-16.
[14]. Hong N, Veitch D. Inverting sampled traffic [J]. IEEE/ACM Transactions on Networking,2006,14(1):68-80.
[15].程光,龚俭.互联网流测量[M].南京:东南大学出版社,2008.
[16]. K.C.Claffy, George C. polyzos, Hans-Werner Braun. Application of sampling methodologies tonetwork traffic characterization[C]. In: Proc. of ACM Sigcomm1993, Madison,1993:267-280.
[17]. Cisco System. NetFlow Services Solutions Guide [EB/OL]. http://www.cisco.com/en/US/docs/ios/solutions_docs/netflow/nfwhite.html.
[18]. Nick Duffield, Carsten Lund, Mikkel Thorup. Properties and Prediction of Flow Statistics fromSampled Packet Streams[C]. In Proc. of ACM Internet Measurement Conference, Nashville,2002:67-80.
[19]. Nicolas Hohn, Darryl Veitch. Inverting Sampled Traffic[C]. In: Proc. of ACM Internet MeasurementConference, Tokyo,2003:45-54.
[20]. Jack Drobisz, Kenneth J. Christensen. Adaptive Sampling Methods to Determine Network TrafficStatistics including the Hurst Parameter[C]. In: Proc. of IEEE23rd Annual Conference on LocalComputer Networks, Georgia,1998:563-572.
[21]. Baek-Young Choi, Jaesung Park, Zhi-Li Zhang. Adaptive Random Sampling for Traffic LoadMeasurement[C]. In: Proc. of IEEE ICC’03, Seoul,2003:892-905.
[22]. B.-Y. Choi, J. Park, Z.-L. Zhang. Adaptive random sampling for load change detection[C]. In: Proc. ofACM SIGMETRICS,2002:272-273.
[23]. N. G. Duffield, Matthias Grossglauser. Trajectory Sampling for Direct Traffic Observation [J].IEEE/ACM Transactions on Networking,2001,9(3):1232-1244.
[24]. X. Guan, T. Qin, W. Li, P. Wang. Dynamic feature analysis and measurement for large-scale networktraffic monitoring [J]. IEEE Trans. Inf. Forens. Security,2010,5(4):905–919.
[25]. A. Kumar, J. Xu. Sketch guided sampling-Using on-line estimates of flow size for adaptive datacollection[C]. In: Proc. IEEE INFOCOM,2006:1-12.
[26]. C. Hu, S. Wang, J. Tian, B. Liu, Y. Cheng, Y. Chen. Accurate and efficient traffic monitoring usingadaptive non-linear sampling method[C]. In: Proc. IEEE INFOCOM,2008.
[27]. Chengchen Hu, Bin Liu, Sheng Wang, Jia Tian, Yu Cheng, Yan Chen. Adaptive Non-Linear SamplingMethod for Accurate Flow Size Measurement [J]. IEEE Transactions on Communications,2012,60(3):789-798.
[28].杨家海,吴建平,安常青.互联网络流量测量及应用[M].北京:人民邮电出版社,2009.10.
[29]. Cristian Estan, Ken Keys, David Moore, George Varghese. Building a Better NetFlow[C]. In Proc. ofACM Sigcomm, Hague,2006:432-445.
[30]. Ramana Rao Kompella, Cristian Estan. The Power of Slicing in Internet Flow Measurement[C]. InACM Internet Measurement Conference, Michigan,2005:422-435.
[31]. Brownlee N, Claffy K. Internet Measurement [J]. IEEE lnternet Computing,2004,8(5):30-33.
[32]. N. Duffield, C. Lund. Predicting resource usage and estimation accuracy in an ip flow measurementcollection infrastructure[C]. In: Proc. of ACM Internet Measurement Conference, Miami Beach, FL,2003:179-191.
[33]. Estan, C., Varghese, G. New directions in traffic measurement and accounting[C]. In: Proceedings ofthe2002Conference on Applications, Technologies, Architectures, and Protocols for ComputerCommunications, SIGCOMM2002:323–336. ACM, New York,2002.
[34].吴桦,龚俭,杨望.一种基于双重Counter Bloom Filter的长流识别算法[J].软件学报,2010,Vol.21, No.5:11151126.
[35]. Mahmood Ahmadi, Stephan Wong. A Memory-optimized Bloom Filter using An Additional HashingFunction[C]. In: Proc. of the IEEE GLOBECOM2008:1-5.
[36]. Abhishek Kumar Jun (Jim) Xu. Space-Code Bloom Filter for Efficient Per-Flow TrafficMeasurement[C]. In: Proc. of IEEE Infocom’04, Hongkong,2004,315-328.
[37].张进,邬江兴,钮晓娜.空间高效的数据包公平抽样算法[J].软件学报,2010, Vol.21, No.10:2642-2655.
[38]. P. García-Teodoroa, J. Díaz-Verdejo, G. Maciá-Fernández, E. Vázquez. Anomaly-based networkintrusion detection: Techniques, systems and challenges [J]. Computers&Security,2009,28:18-28.
[39]. Thottan M., Ji C. Proactive Anomaly Detection Us ing Distributed Intelligent Agents [J]. IEEE Network.1998, Vol.12, no.5:21-27.
[40]. Wang, H., Zhang, D., Shin, K. G. Detecting SYN flooding attacks [J]. In: Proc. of IEEE INFOCOM,2002.
[41]. Barford P., Kline J., Plonka D., Ron A. A Signal Analysis of Network Traffic Anomalies [J]. In: Proc.of the2nd ACM SIGCOMM Workshop on Internet Measurements,2002,71-82.
[42]. Kim S. S., Reddy A. Statistical Techniques for Detecting Traffic Anomalies through Packet HeaderData [J]. IEEE/ACM Tran. Networking,2008.
[43]. Bianco, A. M., Ben, M. G., Martinez, E. J., and Yohai, V. J. Outlier detection in regression models witharima errors using robust estimates [J]. Journal of Forecasting,2001,20(8):565-579.
[44]. Galeano, P., Pea, D., Tsay, R. S. Outlier detection in multivariate time series via projection pursuit [J].Statistics and Econometrics Working Papers ws044211, Universidad Carlos III, Department de Estadsticay Econometr ca,2004.
[45]. Asrul H. Yaacob, Ian K. T. Tan, Su Fong Chien, Hon Khi Tan. ARIMA Based Network AnomalyDetection[C]. Second International Conference on Communication Software and Networks,2010:205-209.
[46].李金明,王汝传.基于VTP方法的DDoS攻击实时检测技术研究[J].电子学报,2007,35(4):791-796.
[47].任勋益,王汝传,王海艳.基于自相似检测DDoS攻击的小波分析方法[J].通信学报,2006,27(5):6-11.
[48].许晓东,朱士瑞,孙亚民.基于分形特性的宏观流量异常分析[J].通信学报,2009,30(9):43-53.
[49]. Daniela Brauckhoff, Kave Salamatian, Martin May. Applying PCA for Traffic Anomaly Detection:Problems and Solutions[C]. In: Proc. of IEEE INFOCOM2009:1-8.
[50]. Chih-Fong Tsai, Yu-Feng Hsu, Chia-Ying Lin, Wei-Yang Lin. Intrusion detection by machine learning:A review [J]. Expert Systems with Applications,2009,36:11994–12000.
[51]. Yasser Yasami, Saadat Pour Mozaffari. A novel unsupervised classification approach for networkanomaly detection by k-Means clustering and ID3decision tree learning methods [J]. J Supercomput.,2010,53:231–245.
[52]. Ming-Yang Su. Using clustering to improve KNN-based classifiers for online anomaly network trafficidentification [J]. Journal of Network and Computer Applications,2011,34:722-730.
[53]. George, Annie. Anomaly detection based on Machine learning dimens ionality reduction using PCA andclassification using SVM [J]. International Journal of Computer Applications,2012, Vol.47, No.21:5-8.
[54]. Guan XQ. Research on the classifying algorithm based on decision tree [M]. Taiyuan: ShanxiUniversity,2006(in Chinese with English abstract).
[55]. Sharma Sanjay Kumar, Pendey Pankaj, Susheel Kumar, Sisodia Mahendra Singh. An improvednetwork intrusion detection technique based on K-means clustering via Na ve bayes classification [C].International conference on Advances in Engineering, Science and management,2012:417-422.
[56]. Lu Li, Guoyin Zhang, Jinyuan Nile, Yingjiao Niu, Aihong Yao. The application of Genetic Algorithmto Intrusion Detection in MP2P [J]. ICSI2012, Part I, LNCS7331:390-397. Springer-Verlag BerlinHeidelberg2012.
[57]. Shah Bhavin, H Trivedi Bhushan. Artificial Neural Network based Intrusion Detection System: Asurvey [J]. International Journal of Computer Applications,2012, Vol.39, No.6:13-18.
[58].周亚建,徐晨,李继国.基于改进CURE聚类算法的无监督异常检测方法[J].通信学报,2010,31(7):18-23.
[59]. Mai, J., Chuah, C.-N., Sridharan, A., Ye, T., Zang, H. Is sampled data sufficient for anomaly detection?
[C]. In: Proceedings of the6th ACM SIGCOMM Conference on Internet Measurement, IMC2006:165-176. ACM, New York,2006.
[60]. Duffield, N., Lund, C., Thorup, M. Properties and prediction of flow statistics from sampled packetstreams[C]. In: Proceedings of the2nd ACM SIGCOMM Workshop on Internet Measurement, NewYork, NY, USA,2002:159–171.
[61]. Hohn, N., Veitch, D. Inverting sampled traffic [J]. IEEE/ACM Transactions on Networking,2006,14(1):68-80.
[62]. Duffield, N., Lund, C., Thorup, M. Estimating flow distributions from sampled flow statistics [J].IEEE/ACM Transactions on Networking,2005,13,933-946.
[63]. Choi, B.-Y., Zhang, Z.-L. Adaptive random sampling for traffic volume measurement [J].Telecommunication Systems,2007,34,71-80.
[64]. P. Ali, S., Haq, I.U., etc. On mitigating sampling-induced accuracy loss in traffic anomaly detectionsystems [J]. SIGCOMM Comput. Commun. Rev.,2010,40,4-16.
[65]. Yang, L., Michailidis, G. Sampled based estimation of network traffic flow characteristics[C]. In:26thIEEE International Conference on Computer Communications, INFOCOM2007:1775–1783.
[66]. Duffield, N. Sampling for passive internet measurement: A review [J]. Statistical Science,2004,19:472-498.
[67]. Androulidakis, G., Papavassiliou, S. Improving network anomaly detection via selective flow-basedsampling [J]. IET Communications,2008,2(3):399-409.
[68]. Brauckhoff D, Tellenbach B, Wagner A, et al. Impact of Packet Sampling on Anomaly DetectionMetrics[C]. In Proc.of the6th ACM Sigcomm conference on Internet measurement,2006.
[69]. Androulidakis, G., Chatzigiannakis, V., Papavassiliou, S. Network anomaly detection and classificationvia opportunistic sampling [J]. Network. Mag. of Global Internet,2009,23,6-12.
[70]. A. Karel Bartos, Martin Rehak. Towards Efficient Flow Sampling Technique for Anomaly Detection[J]. TMA2012, LNCS7189:93–106. Springer-Verlag Berlin Heidelberg2012.
[71]. NLANR. Passive Measurement and Analysis (PMA)[EB/OL]. http://pma.nlanr.net.
[72]. Ertoz, L., Eilertson, E., Lazarevic, etc. Minds—minnesota intrusion detection system[J]. In: NextGeneration Data Mining, MIT Press,2004.
[73]. Xu, K., Zhang, Z.-L., Bhattacharrya, S. Reducing Unwanted Traffic in a Backbone Network[C]. In:USENIXWorkshop on Steps to Reduce Unwanted Traffic in the Internet (SRUTI), Boston, MA,2005.
[74]. Lakhina, A., Crovella, M., Diot, C. Diagnosis Network-Wide Traffic Anomalies [J]. In: ACMSIGCOMM2004:219-230. ACM Press, New York,2004.
[75]. Lakhina, A., Crovella, M., Diot, C. Mining Anomalies using Traffic Feature Distributions [J]. In: ACMSIGCOMM, Philadelphia, PA:217-228. ACM Press, New York,2005.
[76]. Sridharan, A., Ye, T., Bhattacharyya, S. Connectionless port scan detection on the backbone [M].Phoenix, AZ, USA,2006.
[77]. Leland WE, Taqqu MS, Willinger W, Wilson DV. On the self-similar nature of Ethernet traffic(extended version)[J]. IEEE/ACM Trans. on Networking,1994,2(1):115.
[78]. P. Borgnat, G. Dawaele, K. Fukuda, P. Abry, K. Cho. Seven years and one day: Sketching the evolutionof Internet traffic[C]. In: Proc. Of the28th Conf. on Computer Communications (INFOCOM2009).Rio deJaneiro: IEEE,2009:711719.
[79]. Himanshu Gupta, Vinay J. Ribeiro, Anirban Mahanti. A Longitudinal Study of Small-Time ScalingBehavior of Internet Traffic [J]. NETWORKING2010Lecture Notes in Computer Science,2010,Volume6091:83-95.
[80]. C. Ciflikli, A. Gezer, A.T. zsahin,. zkasap. Bittorrent packet traffic features over IPv6and IPv4[J].Simulation Modeling Practice and Theory, Elsevier,2010,18(9):1124–1214.
[81]. C. Ciflikli, A. Gezer, A.T. zsahin,. zkasap. Packet traffic Features of IPv6and IPv4Protocol traffic[J]. Turkish Journal of Electrical Engineering and Computer Sciences,2010, in press.
[82]. Alina B rulescu, Cristina Serban, Carmen Maftel. Evaluation of Hurst exponent for precipitation timeseries [J]. LATEST TRENDS on COMPUTERS (Volume II),2010:590-595.
[83].张宾,杨家海,吴建平. Internet流量模型分析与评述[J].软件学报,2011,22(1):115-131.
[84]. William Rea, Les Oxley, Marco Reale, Jennifer Brown. Estimators for Long Range Dependence: AnEmpirical Study [J]. Electronic Journal of Statistics,2009, Vol.0:1-16.
[85].陶然,邓兵,王越.分数阶Fourier变换在信号处理领域的研究进展[J].中国科学E辑信息科学2006,36(2):113-136.
[86]. Cebrail Ciflikli, Ali Gezer. Self similarity analysis via fractional Fourier transforms [J]. SimulationModeling Practice and Theory,2011,19:986–995.
[87]. Sun, R., Chen, Y., Zaveri, N., Zhou. A. Local analysis of long-range dependence based on fractionalFourier transform [J]. In Proceedings of the2006IEEE mountain workshop on adaptive and learningsystems,2006:13–18.
[88]. Chen, Y., Sun, R., Zhou, A. An improved Hurst parameter estimator based on fractional Fouriertransform [J]. Telecommun System,2010,43:197–206.
[89]. Stilian Stoev, Murad S. Taqqu, Cheolwoo Park, George Michailidis, J.S. Marron. LASS: a tool for thelocal analysis of self-similarity [J]. Computational Statistics&Data Analys is, May2006,50(1):2447-2471.
[90]. Stefano Bregni, Luca Primerano. The Modified Allan Variance as Time-Domain Analysis Tool forEstimating the Hurst Parameter of Long-Range Dependent Traffic [J]. IEEE GLOBECOM '04,GlobalTelecommunications Conference,2004,Vol.3:1406-1410.
[91]. Yuangan Wang, Honglin Yu, Xinyu Liang. Time Delay Model of Fractional Fourier Transform and theApplication in Signal Filtering [J]. Applied Mechanics and Materials,2012, Vol.121-126:3637-3641.
[92]. Bellcore lab. Traces available in the internet traffic archive [EB/OL].http://ita.ee.lbl.gov/html/traces.html.1989.
[93]. MAWI working group traffic archive [EB/OL]. http://tracer.csl.sony.co.jp/mawi.2011,12.
[94]. Jean-Marc Bardet, Imen Kammoun. Asymptotic Properties of the Detrended Fluctuation Analysis ofLong Range Dependence Processes [J]. IEEE Transactions on Information Theory, July2006:1-10.
[95]. Weron R. Estimation long-range dependence: finite sample properties and confidence intervals [J].Physica A,2002,312:285~299.
[96]. Xi-Yuan Qian, Wei-Xing Zhou, Gao-Feng Gu. Modified detrended fluctuation analysis based onempirical mode decomposition [J]. Physica A: Statistical Mechanics and its applications, Nov.1,2011,Vol.390, No.23:4388-4395.
[97]. Wu, Z., Huang, N. E.. Ensemble empirical mode decomposition: A noise assisted data analysis method[J]. Advances in Adaptive Data Analysis,2009,1(1):1-41.
[98]. Jinshan Lin. Improved Ensemble Empirical Mode Decomposition Method and Its Simulation [J].Advances in Intelligent Systems,2012,138:109-115.
[99]. Paula Tarrio, Ana M. Bernardos, Jose R. Casar. Weighted Least Squares Techniques for ImprovedReceived Signal Strength Based Localization [J].Sensors2011,11:8569-8592.
[100]. Tarik Yardibi, Jian Li, Petre Stoica, el. Source Localization and Sensing: A Nonparametric IterativeAdaptive Approach Based on Weighted Least Squares [J]. IEEE Transactions on Aerospace andElectaonic Systems, Jan.2010, Vol.46, No.1:425-433.
[101]. Bels ley, D. A., Kuh, E., and Welsch, R. E. Regression diagnostics: identifying influential data andsources of collinearity [M]. John Wiley&Sons, New York-Chichester-Brisbane,28Jan.2005:39-48.
[102]. Kuo-ChingChang, Chui-LiangChiang, Chung-BowLee. The Comparison of Algorithms inChange-Points Problem [J].Journal of Applied Science and Engineering,2012, Vol.15, No.1:11-19.
[103]. Pierre, R. Bertrand, Mehdi Fhima, Arnaud Guilin. Fast change point analysis on the Hurst index ofpiecewise fractional Brownian motion [J]. Journée de Statistiques2011(JDS2011), Tunis2011:1-6.
[104]. Ng Kooi Huat, Habshah Midi. Change Point Detection with Robust Control Chart [J]. MathematicalProblems in Engineering,2011:1-20.
[105]. H. Sheng, Y. Q. Chen, T. Qiu. On the robustness of Hurst estimators [J]. IET Signal Process.,2011,Vol.5, Iss.2:209-225.
[106]. Stilian Stoev's new web page. http://www.stat.lsa.umich.edu/~sstoev.2011,06.
[107]. Juhyun Park, Cheolwoo Park. Robust estimation of the Hurst parameter and selection of an onsetscaling [J]. Statistica Sinica,2009,19(4):1531-1555.
[108]. George Xylomenos, Konstantinos Katsaros, Vasilis Tsakanikas. Support of multiple content variants inthe multimedia broadcast/multicast service [J]. International Journal of Communication Systems,2011,24:691–708.
[109].高波,张钦宇,梁永生,刘宁宁,黄程波,张乃通.基于EMD及ARMA的自相似网络流量预测[J].通信学报,2011,Vol.32,No.4:4756.
[110]. Zhihui, Z., Yunlian, S., Yu, J. Short term Load Forecasting Based on EMD and SVM [J]. High VoltageEngineering,2007,33:118-122.
[111]. Zhenhai Guo, Weigang Zhao, Haiyan Lu, Jianzhou Wang. Multi-step forecasting for wind speed usinga modified EMD-based artificial neural network model [J]. Renewable Energy,2012,37:241-249.2012Elsevier Ltd.
[112]. Gao Qian, Li Guang-xia, Tian Xiang, Sun Jian. A Novel Traffic Prediction Method based on IMF [J].Advanced Materials Research,2012, Vol.490-495:1421-1425.
[113]. Jian Zhang, Ruqiang Yan, Robert X.Gao, Zhihua Feng. Performance enhancement of ensembleempirical mode decomposition [J]. Mechanical Systems and Signal Processing,2010,24:2104-2123.2010Elsevier Ltd.
[114]. Jinshan Lin. Improved Ensemble Empirical Mode Decomposition Method and Its Simulation [J].Advances in Intelligent Systems,2012,138:109-115. Springer-Verlag Berlin Heidelberg2012.
[115].李军,刘君华.一种新型广义RBF神经网络在混沌时间序列预测中的研究[J].物理学报, Oct.2005, Vol.54, No.10:4569-4577.
[116].张军峰,胡寿松.基于一种新型聚类算法的RBF神经网络混沌时间序列预测[J].物理学报, Feb.2007, Vol.56, No.2:713-719.
[117]. WANG J S, GAO Z W. Network traffic modeling and prediction based on RBF neural network [J].Computer Engineering and Applications,2008,44(13):6-11.
[118]. Yumin Pan, Chengyu Huang, Quanzhu Zhang. A Forecasting Model of RBF Neural Network Based onParticle Swarm Optimization [J]. Applied Mechanics and Materials,2011, Vol.65:605-612.
[119]. Kennedy J, Eberhart R. Particle swarm optimization[C]. In Proc. IEEE International Conf. on NeuralNetworks,1995,4:1942-1948.
[120]. Chen, Wei-neng, Zhang. A novel set-based particle swarm optimization method for discreteoptimization problem [J]. IEEE Transactions on Evolutionary Computation, Jun.2010,14(2):278–300.
[121]. Tao Zhang, Tiesong Hu, Yue Zheng, Xuning Guo. An improved partic le swarm optimization forsolving bi-level mulitiobjective programming problem [J]. Journal of Applied Mathematics,2012,2(4):1-13.
[122]. S.-Y. Ho, H.-S. Lin, W.-H. Liauh, S.-J. Ho.OPSO: Orthogonal particle swarm optimization and itsapplication to task assignment problems [J].IEEE Transactions on Systems, Man, Cybernetics A:Systems, Humans, Mar.2008, Vol.38, No.2:288–298.
[123]. Niknam T., Amiri, B.. An efficient hybrid approach based on PSO, ACO and k-means for clusteranalysis [J]. Applied Soft Computing,2010,10(1):183–197.
[124]. Sarika Varshney, Laxmi Srivastava, Manjaree Pandit. Parameter tuning of Statcom using particleswarm optimization based neural network [J]. Advances in intelligent and Soft computing,2012,Vol.130:813-824.
[125]. Pires, J.A. Tenreiro Machado, P.B. de Moura Oliveira, et al. Particle swarm optimization withfractional-order velocity [J]. Nonlinear Dynamics,2010,61:295-301. Springer-Verlag2010.
[126]. Xu L, Krzyzak A, Oja E. Rival penalized competitive learning for clustering analysis, RBF net, andcurve detection[J]. IEEE Transactions on Neural Networks,1993,4(4):636-649.
[127]. Zhan Z H, Zhang J, Li Y, et al. Adaptive particle swarm optimization [J]. IEEE Transactions onSystems, Man, and Cybernetics, Part B: Cybernetics,2009,39(6):1362-1381.
[128]. ALFI Alireza. PSO with Adaptive Mutation and Inertia Weight and Its Application in ParameterEstimation of Dynamic Systems [J]. Acta Automatic Sinica, May2011, Vol.37, No.5:541-549.
[129]. Xiaodong Chen, Yumin Zhang. Optimum Design of PID Controller Parameters by Improved ParticleSwarm Optimization Algorithm [J]. Recent Advances in Computer Science and InformationEngineering, Lecture Notes in Electrical Engineering,2012, Vol.125:79-84. Springer-Verlag BerlinHeidelberg2012.
[130].吕振肃,侯志荣.自适应变异的粒子群优化算法[J].电子学报,Mar.2004, Vol.32, No.3:416-420.
[131]. NLANR. Passive Measurement and Analysis (PMA)[EB/OL]. http://pma.nlanr.net.
[132].王升辉,裘正定.结合多重分形的网络流量非线性预测[J].通信学报,2007,28(2):45-50.
[133].温祥西,孟相如,马志强,张永春.小时间尺度网络流量混沌性分析及趋势预测[J].电子学报,2012,40(8):1609-1616.
[134]. Z. L. Zhang, V. J.Ribeiro, S. Moon, C.Diot. Small-time scaling behaviors of Internet backbone traffc:an empirical study [J]. IEEE INFOCOM3,2003:1826–1836.
[135].林青家,陈涤,刘允才.网络流量的小尺度特性分析[J].电子测量与仪器学报,2007,3:92-97.
[136]. Himanshu Gupta, Vinay J. Ribeiro, Anirban Mahanti. A Longitudinal Study of Small-Time ScalingBehavior of Internet Traffic [J]. NETWORKING2010Lecture Notes in Computer Science,2010,6091:83-95.
[137]. Chen B S, Peng S C, Wang K C. Traffic modeling, prediction, and congestion control for high-speednetworks:A fuzzy AR approach [J]. IEEE Transactions on Fuzzy Systems,2000,8(5):491-508.
[138].姜明,吴春明,胡大民.网络流量预测中的时间序列模型比较研究[J].电子学报,2009,37(11):2353-2358.
[139]. Doulamis A D, Doulamis N D, Kollias S D. An adaptable neural-network model for recursivenonlinear traffic prediction and modeling of MPEG video sources [J]. IEEE Transactions on NeuralNetworks,2003,14(1):150-166.
[140]. H.-L. Sun, Y.-H. Jin, Y.-D. Cui, S.-D. Cheng, Network traffic prediction by a wavelet-based combinedmodel [J]. Chin. Phys. B,2009,18(11):47–60.
[141]. Vieira F H T, Bianchi G R, Lee L L. A network traffic prediction approach based on multifractalmodeling [J]. Journal of High Speed Networks,2010,17(2):83-96.
[142]. Qing-Fang M, Yue-Hui C, Yu-Hua P. Small-time scale network traffic prediction based on a localsupport vector machine regression model [J]. Chinese Physics B,2009,18(6):2194.
[143]. Chen Y, Yang B, Meng Q. Small-time scale network traffic prediction based on flexible neural tree [J].Applied Soft Computing,2012,12(1):274-279.
[144]. Purushothaman G, Karayiannis N B. Quantum neural networks (QNNs): inherently fuzzy feedforwardneural networks [J]. IEEE Transactions on Neural Networks,1997,8(3):679-693.
[145]. Zhou R, Ding Q. Quantum MP neural network [J]. International Journal of Theoretical Physics,2007,46(12):3209-3215.
[146]. Panchi L, Shiyong L. Learning algorithm and application of quantum BP neural networks based onuniversal quantum gates [J]. Journal of systems engineering and electronics,2008,19(1):167-174.
[147].李盼池.一种量子神经网络模型学习算法及应用[J].控制理论与应用,2009,26(5),531-534.
[148]. Zhou R. Quantum competitive neural network [J]. International Journal of Theoretical Physics,2010,49(1):110-119.
[149].李军,刘君华.一种新型广义RBF神经网络在混沌时间序列预测中的研究[J].物理学报,2005,54(10):4569-4577.
[150].邓万宇,郑庆华,陈琳等.神经网络极速学习方法研究[J].计算机学报,2010,33(2):279-287.
[151]. Hestenes M.R., Stiefel E.L. Methods of conjugate gradients for solving linear systems [J]. J. Res. Nat.Bur. Stand. Sect. B.,1952,49:409–432.
[152]. Fletcher, R., Reeves, C. Function minimization by conjugate gradients [J]. Comput. J.,1964,7:149–154.
[153]. POLAK E,RIBIERE G. Note sur la convergence dedirections conjuguees [J]. Rev Francaise informatRecherche Operatinelle,1969,16(3):35-43.
[154]. Dai Y, Han J, Liu G, et al. Convergence properties of nonlinear conjugate gradient methods [J]. SIAMJournal on Optimization,2000,10(2):345-358.
[155]. Yu, G.H. Nonlinear Conjugate Gradient Methods [D].2007Ph. D. Dissertation (Sun Yat-SenUniversity).
[156]. Yuan G. Modified nonlinear conjugate gradient methods with sufficient descent property for large-scaleoptimization problems [J]. Optimization Letters,2009,3(1):11-21.
[157]. Zhang L, Zhou W, Li D H. A descent modified Polak–Ribière–Polyak conjugate gradient method andits global convergence [J]. IMAJournal of Numerical Analysis,2006,26(4):629-640.
[158]. Andrei N. A modified Polak–Ribière–Polyak conjugate gradient algorithm for unconstrainedoptimization[J]. Optimization,2011,60(12):1457-1471.
[159]. Dai Z, Tian B S. Global convergence of some modified PRP nonlinear conjugate gradient methods[J].Optimization Letters,2011,5(4):615-630.
[160]. Li M, Feng H, Liu J. The global convergence of a descent PRP conjugate gradient method[J].Computational&Applied Mathematics,2012,31(1):59-83.
[161]. Zhang Y, Zheng H, Zhang C. Global Convergence of a Modified PRP Conjugate Gradient Method[J].Procedia Engineering,2012,31:986-995.
[162]. Internet traffic archive. http://ita.ee.lbl.gov/
[163]. Marina Thottan, Guanglei Liu, Chuanyi Ji. Anomaly Detection Approaches for CommunicationNetworks [J].
[164].朱应武,杨家海,张金祥.基于流量信息结构的异常检测[J].软件学报,2010,Vol.21, No.10:2573-2583.
[165]. Chou TS, Yen KK, Luo J. Network intrusion detection design using feature selection of soft computingparadigms [J]. International Journal of computational Intelligence,2008,4(3):196–208.
[166]. Fatemeh Amiri, Mohammad Mahdi, Rezaei Yousefi, et al. Mutual information-based feature selectionfor intrusion detection systems [J]. Journal of Network and Computer Applications,2011,34:1184–1199.
[167]. N. Kwak, C.-H. Choi. Input feature selection for classification problems [J]. IEEE Trans. Neural Netw.,Jan.2002, Vol.3, No.1:143–159.
[168]. L. Yu, H. Liu. Efficient feature selection via analys is of relevance and redundancy [J]. J. Mach. Learn.Res., Oct.2004, Vol.5:1205–1224.
[169]. G. Lashkia, L. Anthony. Relevant, irredundant feature selection and noisy example elimination [J].IEEE Trans. Syst. Man Cybern. B, Cybern., Apr.2004, Vol.34, No.2:888–897.
[170]. Battiti, R. Using mutual information for selecting features in supervised neural net learning [J]. IEEETrans. Neural Networks,1994,5(4):537–550.
[171]. Kwak, N. and Choi, C. Input Feature Selection for Classification Problems [J]. IEEE Transactions onNeural Networks,2002,13(1):143–159.
[172]. Peng, H., Long, F., Ding, C. Feature Selection Based on Mutual Information: Criteria ofMax-Dependency, Max-Relevance, and Min-Redundancy [J]. IEEE Transactions on Pattern Analysisand Machine Intelligence,2005,27(8):1226–1238.
[173]. Pablo A. Estévez, Michel Tesmer, Claudio A. Perez, Jacek M. Zurada. Normalized Mutual InformationFeature Selection [J]. IEEE Transactions on Neural Networks, Feb.2009, Vol.20, No.2:189-201.
[174]. B. Krishna, Y. R. Satyaji Rao, P. C. Nayak. Time Series Modeling of River Flow Us ing Wavelet NeuralNetworks [J]. Journal of Water Resource and Protection,2011,3:50-59.
[175]. Li Panchi, Li Shiyong. Learning algorithm and application of quantum BP neural networks based onuniversal quantum gates [J]. Journal of Systems Engineering and Electronics,2008, Vol.19, No.1:167-174.
[176]. T. M. Cover, J. A. Thomas, Elements of Information Theory [M]. New York: Wiley,1991.
[177]. S. Kullback. Information Theory and Statistics [M]. New York: Dover,1997.
[178]. Guang-Bin Huang, Dian Hui Wang, Yuan Lan. Extreme learning machines: a survey [J]. Int. J. Mach.Learn.&Cyber.,2011,2:107–122.
[179]. Guang-Bin Huang, Qin-Yu Zhu, Chee-Kheong Siew. Extreme learning machine: Theory andapplications [J]. Neurocomputing,2006,70:489–501.
[180]. Yoan Miche, Antti Sorjamaa, Patrick Bas, Olli Simula. OP-ELM: Optimally Pruned Extreme LearningMachine [J]. IEEE Trans. Neural Netw., Jan.2010, Vol.21, No.1:158-162.
[181]. W. Yao, S. Chen, S. Tan, L. Hanzo. Minimum Bit Error Rate Multiuser Transmission Designs UsingParticle Swarm Optimisation [J]. IEEE Trans. Wireless Communications, Oct2009, Vol.8, No.10:5012-5017.
[182]. I-Cheng Yeh, Pei-Yen Tseng, Kuan-Chieh Huang, Yau-Hwang Kuo. Minimum Risk Neural Networksand Weight Decay Technique [J]. ICIC2012, CCIS304,2012:10–16. Springer-Verlag BerlinHeidelberg2012.
[183]. Vladimir N. Vapnik. An Overview of Statistical Learning Theory [J]. IEEE Trans. Neural Netw., Sep.1999, Vol.10, No.5:988-999.
[184]. KDD Cup1999Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html,2010.
[185].徐鹏,林森.基于C4.5决策树的流量分类方法[J].软件学报,2009, Vol.20, No.10:2692-2704.
[186]. Trace LBL-TCP-3[EB/OL]. http://ita.ee.1b1.gov/html/eontrib/LBL-TCP-html.
[187]. DARPA Intrusion Detection Evaluation Data Set [EB/OL]. http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html.
[188].郑黎明,邹鹏,贾焰,韩伟红.网络流量异常检测中分类器的提取与训练方法研究[J].计算机学报,2012,35(4):719-729.
[2].人民邮电报[EB/OL].http://mag.big-bit.com/news/61163.html.2012-08.
[3].韦乐平.中国信息产业网[EB/OL].http://www.cnii.com.cn/contenet/2011-06/09/content_883772.html.
[4].杭强伟.国家反计算机入侵和防病毒研究中心[EB/OL].http://www.antivirus-china.org.cn.
[5].腾讯QQ专家网络安全形势分析报告[EB/OL].http://guanjia.qq.com/security/report2012/page.html?id=5.
[6].张震.基于流量测量的高速IP业务感知技术研究[D].解放军信息工程大学,2012.
[7].裴昌幸.现代通信系统与网络测量[M].北京:人民邮电出版社,2008.
[8]. Marina Thottan, Chuanyi Ji. Anomaly Detection in IP Networks[J]. IEEE Transactions on SignalProcessing, Vol.51, No.8,2003:2191-2204.
[9]. Manranjan Pradhan, Sateesh Kumar Pradhan, Sudhir Kumar Sahu. A Survey on Detection Methods inIntrusion Detection System [J]. International Journal of Computer Application,2012,3(2):81-90.
[10].王风宇,云晓春,曹震中.多时间尺度同步的网络异常检测方法[J].通信学报,2007,28(12):60-65.
[11].国家科技部973计划信息技术领域办公室.可重构信息通信基础网络体系研究项目申请指南
[EB/OL]. http://www.973.gov.cn/FuJianPath/1011/08/FJ_101108-14-01-49-8218_978.pdf.
[12]. CIO时代网[EB/OL]. http://www.ciotimes.com/from=844b/bd_page_type=1/ssid=0/uid=D027C2B4.
[13]. Chuck Fraleigh, Sue Moon, Bryan Lyles, Christophe Diot.Packet-Level Traffic Measurements from theSprint IP Backbone [J]. IEEE Transactions on Networking,2003,11(3):6-16.
[14]. Hong N, Veitch D. Inverting sampled traffic [J]. IEEE/ACM Transactions on Networking,2006,14(1):68-80.
[15].程光,龚俭.互联网流测量[M].南京:东南大学出版社,2008.
[16]. K.C.Claffy, George C. polyzos, Hans-Werner Braun. Application of sampling methodologies tonetwork traffic characterization[C]. In: Proc. of ACM Sigcomm1993, Madison,1993:267-280.
[17]. Cisco System. NetFlow Services Solutions Guide [EB/OL]. http://www.cisco.com/en/US/docs/ios/solutions_docs/netflow/nfwhite.html.
[18]. Nick Duffield, Carsten Lund, Mikkel Thorup. Properties and Prediction of Flow Statistics fromSampled Packet Streams[C]. In Proc. of ACM Internet Measurement Conference, Nashville,2002:67-80.
[19]. Nicolas Hohn, Darryl Veitch. Inverting Sampled Traffic[C]. In: Proc. of ACM Internet MeasurementConference, Tokyo,2003:45-54.
[20]. Jack Drobisz, Kenneth J. Christensen. Adaptive Sampling Methods to Determine Network TrafficStatistics including the Hurst Parameter[C]. In: Proc. of IEEE23rd Annual Conference on LocalComputer Networks, Georgia,1998:563-572.
[21]. Baek-Young Choi, Jaesung Park, Zhi-Li Zhang. Adaptive Random Sampling for Traffic LoadMeasurement[C]. In: Proc. of IEEE ICC’03, Seoul,2003:892-905.
[22]. B.-Y. Choi, J. Park, Z.-L. Zhang. Adaptive random sampling for load change detection[C]. In: Proc. ofACM SIGMETRICS,2002:272-273.
[23]. N. G. Duffield, Matthias Grossglauser. Trajectory Sampling for Direct Traffic Observation [J].IEEE/ACM Transactions on Networking,2001,9(3):1232-1244.
[24]. X. Guan, T. Qin, W. Li, P. Wang. Dynamic feature analysis and measurement for large-scale networktraffic monitoring [J]. IEEE Trans. Inf. Forens. Security,2010,5(4):905–919.
[25]. A. Kumar, J. Xu. Sketch guided sampling-Using on-line estimates of flow size for adaptive datacollection[C]. In: Proc. IEEE INFOCOM,2006:1-12.
[26]. C. Hu, S. Wang, J. Tian, B. Liu, Y. Cheng, Y. Chen. Accurate and efficient traffic monitoring usingadaptive non-linear sampling method[C]. In: Proc. IEEE INFOCOM,2008.
[27]. Chengchen Hu, Bin Liu, Sheng Wang, Jia Tian, Yu Cheng, Yan Chen. Adaptive Non-Linear SamplingMethod for Accurate Flow Size Measurement [J]. IEEE Transactions on Communications,2012,60(3):789-798.
[28].杨家海,吴建平,安常青.互联网络流量测量及应用[M].北京:人民邮电出版社,2009.10.
[29]. Cristian Estan, Ken Keys, David Moore, George Varghese. Building a Better NetFlow[C]. In Proc. ofACM Sigcomm, Hague,2006:432-445.
[30]. Ramana Rao Kompella, Cristian Estan. The Power of Slicing in Internet Flow Measurement[C]. InACM Internet Measurement Conference, Michigan,2005:422-435.
[31]. Brownlee N, Claffy K. Internet Measurement [J]. IEEE lnternet Computing,2004,8(5):30-33.
[32]. N. Duffield, C. Lund. Predicting resource usage and estimation accuracy in an ip flow measurementcollection infrastructure[C]. In: Proc. of ACM Internet Measurement Conference, Miami Beach, FL,2003:179-191.
[33]. Estan, C., Varghese, G. New directions in traffic measurement and accounting[C]. In: Proceedings ofthe2002Conference on Applications, Technologies, Architectures, and Protocols for ComputerCommunications, SIGCOMM2002:323–336. ACM, New York,2002.
[34].吴桦,龚俭,杨望.一种基于双重Counter Bloom Filter的长流识别算法[J].软件学报,2010,Vol.21, No.5:11151126.
[35]. Mahmood Ahmadi, Stephan Wong. A Memory-optimized Bloom Filter using An Additional HashingFunction[C]. In: Proc. of the IEEE GLOBECOM2008:1-5.
[36]. Abhishek Kumar Jun (Jim) Xu. Space-Code Bloom Filter for Efficient Per-Flow TrafficMeasurement[C]. In: Proc. of IEEE Infocom’04, Hongkong,2004,315-328.
[37].张进,邬江兴,钮晓娜.空间高效的数据包公平抽样算法[J].软件学报,2010, Vol.21, No.10:2642-2655.
[38]. P. García-Teodoroa, J. Díaz-Verdejo, G. Maciá-Fernández, E. Vázquez. Anomaly-based networkintrusion detection: Techniques, systems and challenges [J]. Computers&Security,2009,28:18-28.
[39]. Thottan M., Ji C. Proactive Anomaly Detection Us ing Distributed Intelligent Agents [J]. IEEE Network.1998, Vol.12, no.5:21-27.
[40]. Wang, H., Zhang, D., Shin, K. G. Detecting SYN flooding attacks [J]. In: Proc. of IEEE INFOCOM,2002.
[41]. Barford P., Kline J., Plonka D., Ron A. A Signal Analysis of Network Traffic Anomalies [J]. In: Proc.of the2nd ACM SIGCOMM Workshop on Internet Measurements,2002,71-82.
[42]. Kim S. S., Reddy A. Statistical Techniques for Detecting Traffic Anomalies through Packet HeaderData [J]. IEEE/ACM Tran. Networking,2008.
[43]. Bianco, A. M., Ben, M. G., Martinez, E. J., and Yohai, V. J. Outlier detection in regression models witharima errors using robust estimates [J]. Journal of Forecasting,2001,20(8):565-579.
[44]. Galeano, P., Pea, D., Tsay, R. S. Outlier detection in multivariate time series via projection pursuit [J].Statistics and Econometrics Working Papers ws044211, Universidad Carlos III, Department de Estadsticay Econometr ca,2004.
[45]. Asrul H. Yaacob, Ian K. T. Tan, Su Fong Chien, Hon Khi Tan. ARIMA Based Network AnomalyDetection[C]. Second International Conference on Communication Software and Networks,2010:205-209.
[46].李金明,王汝传.基于VTP方法的DDoS攻击实时检测技术研究[J].电子学报,2007,35(4):791-796.
[47].任勋益,王汝传,王海艳.基于自相似检测DDoS攻击的小波分析方法[J].通信学报,2006,27(5):6-11.
[48].许晓东,朱士瑞,孙亚民.基于分形特性的宏观流量异常分析[J].通信学报,2009,30(9):43-53.
[49]. Daniela Brauckhoff, Kave Salamatian, Martin May. Applying PCA for Traffic Anomaly Detection:Problems and Solutions[C]. In: Proc. of IEEE INFOCOM2009:1-8.
[50]. Chih-Fong Tsai, Yu-Feng Hsu, Chia-Ying Lin, Wei-Yang Lin. Intrusion detection by machine learning:A review [J]. Expert Systems with Applications,2009,36:11994–12000.
[51]. Yasser Yasami, Saadat Pour Mozaffari. A novel unsupervised classification approach for networkanomaly detection by k-Means clustering and ID3decision tree learning methods [J]. J Supercomput.,2010,53:231–245.
[52]. Ming-Yang Su. Using clustering to improve KNN-based classifiers for online anomaly network trafficidentification [J]. Journal of Network and Computer Applications,2011,34:722-730.
[53]. George, Annie. Anomaly detection based on Machine learning dimens ionality reduction using PCA andclassification using SVM [J]. International Journal of Computer Applications,2012, Vol.47, No.21:5-8.
[54]. Guan XQ. Research on the classifying algorithm based on decision tree [M]. Taiyuan: ShanxiUniversity,2006(in Chinese with English abstract).
[55]. Sharma Sanjay Kumar, Pendey Pankaj, Susheel Kumar, Sisodia Mahendra Singh. An improvednetwork intrusion detection technique based on K-means clustering via Na ve bayes classification [C].International conference on Advances in Engineering, Science and management,2012:417-422.
[56]. Lu Li, Guoyin Zhang, Jinyuan Nile, Yingjiao Niu, Aihong Yao. The application of Genetic Algorithmto Intrusion Detection in MP2P [J]. ICSI2012, Part I, LNCS7331:390-397. Springer-Verlag BerlinHeidelberg2012.
[57]. Shah Bhavin, H Trivedi Bhushan. Artificial Neural Network based Intrusion Detection System: Asurvey [J]. International Journal of Computer Applications,2012, Vol.39, No.6:13-18.
[58].周亚建,徐晨,李继国.基于改进CURE聚类算法的无监督异常检测方法[J].通信学报,2010,31(7):18-23.
[59]. Mai, J., Chuah, C.-N., Sridharan, A., Ye, T., Zang, H. Is sampled data sufficient for anomaly detection?
[C]. In: Proceedings of the6th ACM SIGCOMM Conference on Internet Measurement, IMC2006:165-176. ACM, New York,2006.
[60]. Duffield, N., Lund, C., Thorup, M. Properties and prediction of flow statistics from sampled packetstreams[C]. In: Proceedings of the2nd ACM SIGCOMM Workshop on Internet Measurement, NewYork, NY, USA,2002:159–171.
[61]. Hohn, N., Veitch, D. Inverting sampled traffic [J]. IEEE/ACM Transactions on Networking,2006,14(1):68-80.
[62]. Duffield, N., Lund, C., Thorup, M. Estimating flow distributions from sampled flow statistics [J].IEEE/ACM Transactions on Networking,2005,13,933-946.
[63]. Choi, B.-Y., Zhang, Z.-L. Adaptive random sampling for traffic volume measurement [J].Telecommunication Systems,2007,34,71-80.
[64]. P. Ali, S., Haq, I.U., etc. On mitigating sampling-induced accuracy loss in traffic anomaly detectionsystems [J]. SIGCOMM Comput. Commun. Rev.,2010,40,4-16.
[65]. Yang, L., Michailidis, G. Sampled based estimation of network traffic flow characteristics[C]. In:26thIEEE International Conference on Computer Communications, INFOCOM2007:1775–1783.
[66]. Duffield, N. Sampling for passive internet measurement: A review [J]. Statistical Science,2004,19:472-498.
[67]. Androulidakis, G., Papavassiliou, S. Improving network anomaly detection via selective flow-basedsampling [J]. IET Communications,2008,2(3):399-409.
[68]. Brauckhoff D, Tellenbach B, Wagner A, et al. Impact of Packet Sampling on Anomaly DetectionMetrics[C]. In Proc.of the6th ACM Sigcomm conference on Internet measurement,2006.
[69]. Androulidakis, G., Chatzigiannakis, V., Papavassiliou, S. Network anomaly detection and classificationvia opportunistic sampling [J]. Network. Mag. of Global Internet,2009,23,6-12.
[70]. A. Karel Bartos, Martin Rehak. Towards Efficient Flow Sampling Technique for Anomaly Detection[J]. TMA2012, LNCS7189:93–106. Springer-Verlag Berlin Heidelberg2012.
[71]. NLANR. Passive Measurement and Analysis (PMA)[EB/OL]. http://pma.nlanr.net.
[72]. Ertoz, L., Eilertson, E., Lazarevic, etc. Minds—minnesota intrusion detection system[J]. In: NextGeneration Data Mining, MIT Press,2004.
[73]. Xu, K., Zhang, Z.-L., Bhattacharrya, S. Reducing Unwanted Traffic in a Backbone Network[C]. In:USENIXWorkshop on Steps to Reduce Unwanted Traffic in the Internet (SRUTI), Boston, MA,2005.
[74]. Lakhina, A., Crovella, M., Diot, C. Diagnosis Network-Wide Traffic Anomalies [J]. In: ACMSIGCOMM2004:219-230. ACM Press, New York,2004.
[75]. Lakhina, A., Crovella, M., Diot, C. Mining Anomalies using Traffic Feature Distributions [J]. In: ACMSIGCOMM, Philadelphia, PA:217-228. ACM Press, New York,2005.
[76]. Sridharan, A., Ye, T., Bhattacharyya, S. Connectionless port scan detection on the backbone [M].Phoenix, AZ, USA,2006.
[77]. Leland WE, Taqqu MS, Willinger W, Wilson DV. On the self-similar nature of Ethernet traffic(extended version)[J]. IEEE/ACM Trans. on Networking,1994,2(1):115.
[78]. P. Borgnat, G. Dawaele, K. Fukuda, P. Abry, K. Cho. Seven years and one day: Sketching the evolutionof Internet traffic[C]. In: Proc. Of the28th Conf. on Computer Communications (INFOCOM2009).Rio deJaneiro: IEEE,2009:711719.
[79]. Himanshu Gupta, Vinay J. Ribeiro, Anirban Mahanti. A Longitudinal Study of Small-Time ScalingBehavior of Internet Traffic [J]. NETWORKING2010Lecture Notes in Computer Science,2010,Volume6091:83-95.
[80]. C. Ciflikli, A. Gezer, A.T. zsahin,. zkasap. Bittorrent packet traffic features over IPv6and IPv4[J].Simulation Modeling Practice and Theory, Elsevier,2010,18(9):1124–1214.
[81]. C. Ciflikli, A. Gezer, A.T. zsahin,. zkasap. Packet traffic Features of IPv6and IPv4Protocol traffic[J]. Turkish Journal of Electrical Engineering and Computer Sciences,2010, in press.
[82]. Alina B rulescu, Cristina Serban, Carmen Maftel. Evaluation of Hurst exponent for precipitation timeseries [J]. LATEST TRENDS on COMPUTERS (Volume II),2010:590-595.
[83].张宾,杨家海,吴建平. Internet流量模型分析与评述[J].软件学报,2011,22(1):115-131.
[84]. William Rea, Les Oxley, Marco Reale, Jennifer Brown. Estimators for Long Range Dependence: AnEmpirical Study [J]. Electronic Journal of Statistics,2009, Vol.0:1-16.
[85].陶然,邓兵,王越.分数阶Fourier变换在信号处理领域的研究进展[J].中国科学E辑信息科学2006,36(2):113-136.
[86]. Cebrail Ciflikli, Ali Gezer. Self similarity analysis via fractional Fourier transforms [J]. SimulationModeling Practice and Theory,2011,19:986–995.
[87]. Sun, R., Chen, Y., Zaveri, N., Zhou. A. Local analysis of long-range dependence based on fractionalFourier transform [J]. In Proceedings of the2006IEEE mountain workshop on adaptive and learningsystems,2006:13–18.
[88]. Chen, Y., Sun, R., Zhou, A. An improved Hurst parameter estimator based on fractional Fouriertransform [J]. Telecommun System,2010,43:197–206.
[89]. Stilian Stoev, Murad S. Taqqu, Cheolwoo Park, George Michailidis, J.S. Marron. LASS: a tool for thelocal analysis of self-similarity [J]. Computational Statistics&Data Analys is, May2006,50(1):2447-2471.
[90]. Stefano Bregni, Luca Primerano. The Modified Allan Variance as Time-Domain Analysis Tool forEstimating the Hurst Parameter of Long-Range Dependent Traffic [J]. IEEE GLOBECOM '04,GlobalTelecommunications Conference,2004,Vol.3:1406-1410.
[91]. Yuangan Wang, Honglin Yu, Xinyu Liang. Time Delay Model of Fractional Fourier Transform and theApplication in Signal Filtering [J]. Applied Mechanics and Materials,2012, Vol.121-126:3637-3641.
[92]. Bellcore lab. Traces available in the internet traffic archive [EB/OL].http://ita.ee.lbl.gov/html/traces.html.1989.
[93]. MAWI working group traffic archive [EB/OL]. http://tracer.csl.sony.co.jp/mawi.2011,12.
[94]. Jean-Marc Bardet, Imen Kammoun. Asymptotic Properties of the Detrended Fluctuation Analysis ofLong Range Dependence Processes [J]. IEEE Transactions on Information Theory, July2006:1-10.
[95]. Weron R. Estimation long-range dependence: finite sample properties and confidence intervals [J].Physica A,2002,312:285~299.
[96]. Xi-Yuan Qian, Wei-Xing Zhou, Gao-Feng Gu. Modified detrended fluctuation analysis based onempirical mode decomposition [J]. Physica A: Statistical Mechanics and its applications, Nov.1,2011,Vol.390, No.23:4388-4395.
[97]. Wu, Z., Huang, N. E.. Ensemble empirical mode decomposition: A noise assisted data analysis method[J]. Advances in Adaptive Data Analysis,2009,1(1):1-41.
[98]. Jinshan Lin. Improved Ensemble Empirical Mode Decomposition Method and Its Simulation [J].Advances in Intelligent Systems,2012,138:109-115.
[99]. Paula Tarrio, Ana M. Bernardos, Jose R. Casar. Weighted Least Squares Techniques for ImprovedReceived Signal Strength Based Localization [J].Sensors2011,11:8569-8592.
[100]. Tarik Yardibi, Jian Li, Petre Stoica, el. Source Localization and Sensing: A Nonparametric IterativeAdaptive Approach Based on Weighted Least Squares [J]. IEEE Transactions on Aerospace andElectaonic Systems, Jan.2010, Vol.46, No.1:425-433.
[101]. Bels ley, D. A., Kuh, E., and Welsch, R. E. Regression diagnostics: identifying influential data andsources of collinearity [M]. John Wiley&Sons, New York-Chichester-Brisbane,28Jan.2005:39-48.
[102]. Kuo-ChingChang, Chui-LiangChiang, Chung-BowLee. The Comparison of Algorithms inChange-Points Problem [J].Journal of Applied Science and Engineering,2012, Vol.15, No.1:11-19.
[103]. Pierre, R. Bertrand, Mehdi Fhima, Arnaud Guilin. Fast change point analysis on the Hurst index ofpiecewise fractional Brownian motion [J]. Journée de Statistiques2011(JDS2011), Tunis2011:1-6.
[104]. Ng Kooi Huat, Habshah Midi. Change Point Detection with Robust Control Chart [J]. MathematicalProblems in Engineering,2011:1-20.
[105]. H. Sheng, Y. Q. Chen, T. Qiu. On the robustness of Hurst estimators [J]. IET Signal Process.,2011,Vol.5, Iss.2:209-225.
[106]. Stilian Stoev's new web page. http://www.stat.lsa.umich.edu/~sstoev.2011,06.
[107]. Juhyun Park, Cheolwoo Park. Robust estimation of the Hurst parameter and selection of an onsetscaling [J]. Statistica Sinica,2009,19(4):1531-1555.
[108]. George Xylomenos, Konstantinos Katsaros, Vasilis Tsakanikas. Support of multiple content variants inthe multimedia broadcast/multicast service [J]. International Journal of Communication Systems,2011,24:691–708.
[109].高波,张钦宇,梁永生,刘宁宁,黄程波,张乃通.基于EMD及ARMA的自相似网络流量预测[J].通信学报,2011,Vol.32,No.4:4756.
[110]. Zhihui, Z., Yunlian, S., Yu, J. Short term Load Forecasting Based on EMD and SVM [J]. High VoltageEngineering,2007,33:118-122.
[111]. Zhenhai Guo, Weigang Zhao, Haiyan Lu, Jianzhou Wang. Multi-step forecasting for wind speed usinga modified EMD-based artificial neural network model [J]. Renewable Energy,2012,37:241-249.2012Elsevier Ltd.
[112]. Gao Qian, Li Guang-xia, Tian Xiang, Sun Jian. A Novel Traffic Prediction Method based on IMF [J].Advanced Materials Research,2012, Vol.490-495:1421-1425.
[113]. Jian Zhang, Ruqiang Yan, Robert X.Gao, Zhihua Feng. Performance enhancement of ensembleempirical mode decomposition [J]. Mechanical Systems and Signal Processing,2010,24:2104-2123.2010Elsevier Ltd.
[114]. Jinshan Lin. Improved Ensemble Empirical Mode Decomposition Method and Its Simulation [J].Advances in Intelligent Systems,2012,138:109-115. Springer-Verlag Berlin Heidelberg2012.
[115].李军,刘君华.一种新型广义RBF神经网络在混沌时间序列预测中的研究[J].物理学报, Oct.2005, Vol.54, No.10:4569-4577.
[116].张军峰,胡寿松.基于一种新型聚类算法的RBF神经网络混沌时间序列预测[J].物理学报, Feb.2007, Vol.56, No.2:713-719.
[117]. WANG J S, GAO Z W. Network traffic modeling and prediction based on RBF neural network [J].Computer Engineering and Applications,2008,44(13):6-11.
[118]. Yumin Pan, Chengyu Huang, Quanzhu Zhang. A Forecasting Model of RBF Neural Network Based onParticle Swarm Optimization [J]. Applied Mechanics and Materials,2011, Vol.65:605-612.
[119]. Kennedy J, Eberhart R. Particle swarm optimization[C]. In Proc. IEEE International Conf. on NeuralNetworks,1995,4:1942-1948.
[120]. Chen, Wei-neng, Zhang. A novel set-based particle swarm optimization method for discreteoptimization problem [J]. IEEE Transactions on Evolutionary Computation, Jun.2010,14(2):278–300.
[121]. Tao Zhang, Tiesong Hu, Yue Zheng, Xuning Guo. An improved partic le swarm optimization forsolving bi-level mulitiobjective programming problem [J]. Journal of Applied Mathematics,2012,2(4):1-13.
[122]. S.-Y. Ho, H.-S. Lin, W.-H. Liauh, S.-J. Ho.OPSO: Orthogonal particle swarm optimization and itsapplication to task assignment problems [J].IEEE Transactions on Systems, Man, Cybernetics A:Systems, Humans, Mar.2008, Vol.38, No.2:288–298.
[123]. Niknam T., Amiri, B.. An efficient hybrid approach based on PSO, ACO and k-means for clusteranalysis [J]. Applied Soft Computing,2010,10(1):183–197.
[124]. Sarika Varshney, Laxmi Srivastava, Manjaree Pandit. Parameter tuning of Statcom using particleswarm optimization based neural network [J]. Advances in intelligent and Soft computing,2012,Vol.130:813-824.
[125]. Pires, J.A. Tenreiro Machado, P.B. de Moura Oliveira, et al. Particle swarm optimization withfractional-order velocity [J]. Nonlinear Dynamics,2010,61:295-301. Springer-Verlag2010.
[126]. Xu L, Krzyzak A, Oja E. Rival penalized competitive learning for clustering analysis, RBF net, andcurve detection[J]. IEEE Transactions on Neural Networks,1993,4(4):636-649.
[127]. Zhan Z H, Zhang J, Li Y, et al. Adaptive particle swarm optimization [J]. IEEE Transactions onSystems, Man, and Cybernetics, Part B: Cybernetics,2009,39(6):1362-1381.
[128]. ALFI Alireza. PSO with Adaptive Mutation and Inertia Weight and Its Application in ParameterEstimation of Dynamic Systems [J]. Acta Automatic Sinica, May2011, Vol.37, No.5:541-549.
[129]. Xiaodong Chen, Yumin Zhang. Optimum Design of PID Controller Parameters by Improved ParticleSwarm Optimization Algorithm [J]. Recent Advances in Computer Science and InformationEngineering, Lecture Notes in Electrical Engineering,2012, Vol.125:79-84. Springer-Verlag BerlinHeidelberg2012.
[130].吕振肃,侯志荣.自适应变异的粒子群优化算法[J].电子学报,Mar.2004, Vol.32, No.3:416-420.
[131]. NLANR. Passive Measurement and Analysis (PMA)[EB/OL]. http://pma.nlanr.net.
[132].王升辉,裘正定.结合多重分形的网络流量非线性预测[J].通信学报,2007,28(2):45-50.
[133].温祥西,孟相如,马志强,张永春.小时间尺度网络流量混沌性分析及趋势预测[J].电子学报,2012,40(8):1609-1616.
[134]. Z. L. Zhang, V. J.Ribeiro, S. Moon, C.Diot. Small-time scaling behaviors of Internet backbone traffc:an empirical study [J]. IEEE INFOCOM3,2003:1826–1836.
[135].林青家,陈涤,刘允才.网络流量的小尺度特性分析[J].电子测量与仪器学报,2007,3:92-97.
[136]. Himanshu Gupta, Vinay J. Ribeiro, Anirban Mahanti. A Longitudinal Study of Small-Time ScalingBehavior of Internet Traffic [J]. NETWORKING2010Lecture Notes in Computer Science,2010,6091:83-95.
[137]. Chen B S, Peng S C, Wang K C. Traffic modeling, prediction, and congestion control for high-speednetworks:A fuzzy AR approach [J]. IEEE Transactions on Fuzzy Systems,2000,8(5):491-508.
[138].姜明,吴春明,胡大民.网络流量预测中的时间序列模型比较研究[J].电子学报,2009,37(11):2353-2358.
[139]. Doulamis A D, Doulamis N D, Kollias S D. An adaptable neural-network model for recursivenonlinear traffic prediction and modeling of MPEG video sources [J]. IEEE Transactions on NeuralNetworks,2003,14(1):150-166.
[140]. H.-L. Sun, Y.-H. Jin, Y.-D. Cui, S.-D. Cheng, Network traffic prediction by a wavelet-based combinedmodel [J]. Chin. Phys. B,2009,18(11):47–60.
[141]. Vieira F H T, Bianchi G R, Lee L L. A network traffic prediction approach based on multifractalmodeling [J]. Journal of High Speed Networks,2010,17(2):83-96.
[142]. Qing-Fang M, Yue-Hui C, Yu-Hua P. Small-time scale network traffic prediction based on a localsupport vector machine regression model [J]. Chinese Physics B,2009,18(6):2194.
[143]. Chen Y, Yang B, Meng Q. Small-time scale network traffic prediction based on flexible neural tree [J].Applied Soft Computing,2012,12(1):274-279.
[144]. Purushothaman G, Karayiannis N B. Quantum neural networks (QNNs): inherently fuzzy feedforwardneural networks [J]. IEEE Transactions on Neural Networks,1997,8(3):679-693.
[145]. Zhou R, Ding Q. Quantum MP neural network [J]. International Journal of Theoretical Physics,2007,46(12):3209-3215.
[146]. Panchi L, Shiyong L. Learning algorithm and application of quantum BP neural networks based onuniversal quantum gates [J]. Journal of systems engineering and electronics,2008,19(1):167-174.
[147].李盼池.一种量子神经网络模型学习算法及应用[J].控制理论与应用,2009,26(5),531-534.
[148]. Zhou R. Quantum competitive neural network [J]. International Journal of Theoretical Physics,2010,49(1):110-119.
[149].李军,刘君华.一种新型广义RBF神经网络在混沌时间序列预测中的研究[J].物理学报,2005,54(10):4569-4577.
[150].邓万宇,郑庆华,陈琳等.神经网络极速学习方法研究[J].计算机学报,2010,33(2):279-287.
[151]. Hestenes M.R., Stiefel E.L. Methods of conjugate gradients for solving linear systems [J]. J. Res. Nat.Bur. Stand. Sect. B.,1952,49:409–432.
[152]. Fletcher, R., Reeves, C. Function minimization by conjugate gradients [J]. Comput. J.,1964,7:149–154.
[153]. POLAK E,RIBIERE G. Note sur la convergence dedirections conjuguees [J]. Rev Francaise informatRecherche Operatinelle,1969,16(3):35-43.
[154]. Dai Y, Han J, Liu G, et al. Convergence properties of nonlinear conjugate gradient methods [J]. SIAMJournal on Optimization,2000,10(2):345-358.
[155]. Yu, G.H. Nonlinear Conjugate Gradient Methods [D].2007Ph. D. Dissertation (Sun Yat-SenUniversity).
[156]. Yuan G. Modified nonlinear conjugate gradient methods with sufficient descent property for large-scaleoptimization problems [J]. Optimization Letters,2009,3(1):11-21.
[157]. Zhang L, Zhou W, Li D H. A descent modified Polak–Ribière–Polyak conjugate gradient method andits global convergence [J]. IMAJournal of Numerical Analysis,2006,26(4):629-640.
[158]. Andrei N. A modified Polak–Ribière–Polyak conjugate gradient algorithm for unconstrainedoptimization[J]. Optimization,2011,60(12):1457-1471.
[159]. Dai Z, Tian B S. Global convergence of some modified PRP nonlinear conjugate gradient methods[J].Optimization Letters,2011,5(4):615-630.
[160]. Li M, Feng H, Liu J. The global convergence of a descent PRP conjugate gradient method[J].Computational&Applied Mathematics,2012,31(1):59-83.
[161]. Zhang Y, Zheng H, Zhang C. Global Convergence of a Modified PRP Conjugate Gradient Method[J].Procedia Engineering,2012,31:986-995.
[162]. Internet traffic archive. http://ita.ee.lbl.gov/
[163]. Marina Thottan, Guanglei Liu, Chuanyi Ji. Anomaly Detection Approaches for CommunicationNetworks [J].
[164].朱应武,杨家海,张金祥.基于流量信息结构的异常检测[J].软件学报,2010,Vol.21, No.10:2573-2583.
[165]. Chou TS, Yen KK, Luo J. Network intrusion detection design using feature selection of soft computingparadigms [J]. International Journal of computational Intelligence,2008,4(3):196–208.
[166]. Fatemeh Amiri, Mohammad Mahdi, Rezaei Yousefi, et al. Mutual information-based feature selectionfor intrusion detection systems [J]. Journal of Network and Computer Applications,2011,34:1184–1199.
[167]. N. Kwak, C.-H. Choi. Input feature selection for classification problems [J]. IEEE Trans. Neural Netw.,Jan.2002, Vol.3, No.1:143–159.
[168]. L. Yu, H. Liu. Efficient feature selection via analys is of relevance and redundancy [J]. J. Mach. Learn.Res., Oct.2004, Vol.5:1205–1224.
[169]. G. Lashkia, L. Anthony. Relevant, irredundant feature selection and noisy example elimination [J].IEEE Trans. Syst. Man Cybern. B, Cybern., Apr.2004, Vol.34, No.2:888–897.
[170]. Battiti, R. Using mutual information for selecting features in supervised neural net learning [J]. IEEETrans. Neural Networks,1994,5(4):537–550.
[171]. Kwak, N. and Choi, C. Input Feature Selection for Classification Problems [J]. IEEE Transactions onNeural Networks,2002,13(1):143–159.
[172]. Peng, H., Long, F., Ding, C. Feature Selection Based on Mutual Information: Criteria ofMax-Dependency, Max-Relevance, and Min-Redundancy [J]. IEEE Transactions on Pattern Analysisand Machine Intelligence,2005,27(8):1226–1238.
[173]. Pablo A. Estévez, Michel Tesmer, Claudio A. Perez, Jacek M. Zurada. Normalized Mutual InformationFeature Selection [J]. IEEE Transactions on Neural Networks, Feb.2009, Vol.20, No.2:189-201.
[174]. B. Krishna, Y. R. Satyaji Rao, P. C. Nayak. Time Series Modeling of River Flow Us ing Wavelet NeuralNetworks [J]. Journal of Water Resource and Protection,2011,3:50-59.
[175]. Li Panchi, Li Shiyong. Learning algorithm and application of quantum BP neural networks based onuniversal quantum gates [J]. Journal of Systems Engineering and Electronics,2008, Vol.19, No.1:167-174.
[176]. T. M. Cover, J. A. Thomas, Elements of Information Theory [M]. New York: Wiley,1991.
[177]. S. Kullback. Information Theory and Statistics [M]. New York: Dover,1997.
[178]. Guang-Bin Huang, Dian Hui Wang, Yuan Lan. Extreme learning machines: a survey [J]. Int. J. Mach.Learn.&Cyber.,2011,2:107–122.
[179]. Guang-Bin Huang, Qin-Yu Zhu, Chee-Kheong Siew. Extreme learning machine: Theory andapplications [J]. Neurocomputing,2006,70:489–501.
[180]. Yoan Miche, Antti Sorjamaa, Patrick Bas, Olli Simula. OP-ELM: Optimally Pruned Extreme LearningMachine [J]. IEEE Trans. Neural Netw., Jan.2010, Vol.21, No.1:158-162.
[181]. W. Yao, S. Chen, S. Tan, L. Hanzo. Minimum Bit Error Rate Multiuser Transmission Designs UsingParticle Swarm Optimisation [J]. IEEE Trans. Wireless Communications, Oct2009, Vol.8, No.10:5012-5017.
[182]. I-Cheng Yeh, Pei-Yen Tseng, Kuan-Chieh Huang, Yau-Hwang Kuo. Minimum Risk Neural Networksand Weight Decay Technique [J]. ICIC2012, CCIS304,2012:10–16. Springer-Verlag BerlinHeidelberg2012.
[183]. Vladimir N. Vapnik. An Overview of Statistical Learning Theory [J]. IEEE Trans. Neural Netw., Sep.1999, Vol.10, No.5:988-999.
[184]. KDD Cup1999Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html,2010.
[185].徐鹏,林森.基于C4.5决策树的流量分类方法[J].软件学报,2009, Vol.20, No.10:2692-2704.
[186]. Trace LBL-TCP-3[EB/OL]. http://ita.ee.1b1.gov/html/eontrib/LBL-TCP-html.
[187]. DARPA Intrusion Detection Evaluation Data Set [EB/OL]. http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html.
[188].郑黎明,邹鹏,贾焰,韩伟红.网络流量异常检测中分类器的提取与训练方法研究[J].计算机学报,2012,35(4):719-729.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |