基于数据挖掘的自适应异常检测研究
|
摘要
随着网络应用领域日益广泛,网络攻击手段不断向多元化、复杂化、智能化方向发展,使得单纯依赖防火墙等静态防御技术已经难以满足保障网络安全的需要。入侵检测作为一种主动的信息安全保障技术,能够弥补传统安全防护技术的缺陷,应对网络流量增长、攻击模式进化带来的安全挑战。各类入侵检测技术中对变化网络环境具有自适应性的入侵检测系统成为当前入侵检测研究的热点,本文针对这一热点问题进行了以下研究:
1.分析和总结了现有入侵检测系统技术特点,特别是结合数据万挖掘技术的异常检测系统的研究现状及存在的问题。
2.提出了一种新的基于数据挖掘技术的自适应入侵检测模型AADDM。在AADDM模型中包含训练数据集合生成、有用特征选取、自适应异常检测、检测模型升级和攻击特征本体构建5个组成部分。
3.提出了一种基于自顶向下密度聚类的训练数据集生成算法。首先,给出了一种基于域密度属性的数据相似性描述方法。根据域间密度差异划分概念,定义了多维索引结构中形式化表示的簇。其次,在簇生成过程中,采用基于分支定界理念的密度剪枝(DP)算法剪除无搜索价值区域,提高聚类效率。最后,通过在仿真数据集合上与BIRCH算法比较实验和形式化证明验证算法的高效性和正确性。
4.提出了一种结合遗传算法和SVM理论的特征选取算法。该算法利用遗传算法对样本空间空间进行随机搜索,并利用One-class SVM的分类正确率评估搜索结果,获取最优特征子集。论文在KDD1999数据集上进行算法测试,验证算法有效性。
5.研究了一种基于增量密度聚类的自适应异常检测算法ADDBIC。算法在目标数据集每一特征列上根据特征值的密度信息聚类。一旦有新簇生成,其所有特征值属性被抽象为一个正常轮廓,每个轮廓由一个内部概要和一个外部概要构成。所有特征列上的正常轮廓集合构成ADDBIC算法的检测模型。实时网络连接记录产生后,将立即通过检测模块与检测模型比较,如果二者差异超过预设的“红色”异常级别,则指示有入侵发生,算法将立即向管理员报警;如果比较结果为正常,这条记录的每项有用数据都将通过插入操作被插入到已存在簇中,相应的检测轮廓也随之更新。
6.提出了一种基于增量式密度聚类分析的入侵检测本体描述方法,细化聚类算法结果并获取关于入侵攻击的详细属性描述、抽取领域概念、描述概念间的关系,以本体语言OWL描述入侵检测领域知识。简要介绍了Mitnick和Buffer Overflow攻击的本体实例化描述过程。在入侵检测过程中,利用本体描述所有的攻击实例信息,发现相关实例攻击间的联系,描述整个攻击过程。
Data mining can mine specified patterns that people are interested in from large datasets. Therefore, data mining technique is applied for intrusion detection in large number of research projects, which greatly promote the development of intrusion detection. However, there are still many problems in the field of data mining-based intrusion detection, as following: poor adaptability,inability to detect novel attacks; high ID (Intrusion Detection) modeling cost,slow updating speed; Lacking of extensibility, lack of the ability to adapt the ID model derived from certain computer system to another system.
In order to promote the development of data mining and intrusion detection techniques, aiming at the essence of problems in data mining-based intrusion detection, this paper provides new methods and effective approaches for intrusion detection in theory and in application as following aspects:
1. The classification of IDS is dissertated. Meanwhile,the system structure of IDS and related detection technologies are discussed in detail. Also, a survey about ID modeling technology is given and the primary problems of ID modeling are discussed.
2. A novel ID model-AADDM is put forward. The design process, model structure and means of collecting and retreating network connection records are also given. AADDM filters the noise /attack data in source dataset and generates a pure training dataset by a top-down density-based clustering method; builds a lightweight and efficient intrusion detection system by GA-SVM based useful feature selection algorithm; makes use of unsupervised self-learning mechanism-incremental density-based clustering,partitions network behavior set into normal behavior set, abnormal behavior set and generate intrusion detection profiles. The intrusion patterns are extracted automatically from real time security affairs data,so the intrusion patterns database can be updated automatically according to the current condition. Besides,training datasets and background knowledge are not needed,so AADDM has the advantage of less cost. AADDM provides a novel idea for ID research.
3. In this paper, we have proposed a training data set generation algorithm which uses a novel top-down clustering method based on region density using a multidimensional index. Generally, multidimensional indexes have inherent clustering property of storing similar objects in the same or adjacent data pages. By taking advantage of this property, our method finds similar objects using only the region density information without incurring the high cost of accessing the objects themselves and calculating distances among them. First, we have provided a formal definition of the cluster based on the concept of region contrast partition. Next, we have proposed the density_ pruning_clustering algorithm(DP). DP employs a branch-and-bound mechanism that improves efficiency by pruning unnecessary search in finding the set of dense regions. To evaluate the performance of the proposed algorithm, we have conducted extensive experiments. Experimental results show that the accuracy of the proposed algorithm is similar or superior to that of BIRCH except for exactly spherical clusters. The results also show that the efficiency of the proposed algorithm is far superior to that of BIRCH due to density-based pruning. Experimental results for large data sets consisting of 10 million objects show that density_pruning_clustering algorithm reduces the elapsed time by up to 96 times compared with that of BIRCH. Even with the cost of index creation and maintenance considered, the proposed algorithm is significantly (by an order of magnitude) more efficient than BIRCH. Further, we note that the improvement in performance becomes more marked as the size of the database increases, making this method more suitable for larger databases. The top-down clustering approach proposed in this paper greatly improves the clustering performance for large databases without sacrificing accuracy. We believe that the proposed methods will be practically usable in application as intrusion detection training dataset generation.
4. Feature selection is one of the main methods for data preprocessing, which can be used for alleviating the effect of the curse of dimensionality, enhancing generalization capability and improving model interpretablity. This paper proposes a new feature selection algorithm, called GA-SVM, aiming at building intrusion detection system by (1) using a hybrid strategy of genetic algorithm and heuristical seareching algorithm as the search strategy to specify a feature subset for evaluation ; (2) using one class Support Vector Machines to evalueate the quality of the searching results. We seperated KDD1999 intrusion detection dataset into several testing groups. The experimental results show that the approach is able not only to speed up the process of detection but also make a better detection quality.
5. In this paper we present an adaptive anomaly detection algorithm using density-based incremental clustering called ADDBIC. It applies a new statistical method to summarize the normality profiles of the clusters generated by the algorithm automatically. Each normality profile is corresponding to a cluster and composed of two different summaries: internal and external. The internal summary contains the properties of the cluster while the external summary represents the statistics of noise values around the cluster. All normality profiles are collected and used to monitor the target system as a detection model. Updating algorithms of insertion and deletion are explored to adjust existing clusters and normality profiles in a real-time manner. Due to the density-based nature, updating operations affects existing clusters only in a small range neighborhood of the inserted or deleted training instances. The major contributions of this paper lie in twofold. Firstly, initial clusters on training data set are generated by density-based clustering and adjusted in a small range in a real-time manner. By comparing feature values of training data set, we discover that normal values always concentrate on a small numerical range while abnormal values spread around the normal values. So we can distinguish normal and abnormal values by their density relationship. When updating detection model by insertion or deletion operations, feature values will be inserted in or deleted from existing clusters. It can be shown that our insertion or deletion operations will not greatly change the density relationship of normal values in existing clusters. So we can update the detection models just by some adjustments in a small range of existing clusters instead of retraining on the whole database. Time cost of updating is greatly saved and the updating can be done in real time. The second contribution of our paper is that we use the statistical method to describe the detection model generation and attack detection. Once a cluster generated or modified, normality profiles of feature values involved in clustering will be calculated and compared with the online connection records by our statistical method. For containing only statistical summaries of existing clustering results, our normality profiles could be updated and compared much efficiently. ADDBIC shows a better performance on real-time anomaly detection, when compared to other existing adaptive detection algorithms such as ADWICE. The comparison experiments have shown that ADDBIC demonstrates a better performance on the given data set than ADWICE in terms of both false alarm rate reduction and profile updating these important factors for anomaly detection systems.
6. In the paper, a kind of ontology description method of IDS based on the incremental density based clustering is provided. The method captures the detailed description of attack attributes, extracts the concepts and relationships between the concepts, and depicts the knowledge of the IDS domain using the OWL. We introduce the instantiation description of Mitnick and Buffer Overlfow by ontology description method. During the intrusion detection, the instance information, the relationships between the attacks and the whole procedure of the attacks can be detailed described and generated by the method. Provided the sharing of domain knowledge, ontology-based intrusion detection system possesses the ability of reasoning upon the instance information of attacks and the description of attacks provides the same agreement on the knowledge in heterogeneous intrusion detection systems.
In conclusion, this dissertation has academic significance and value of application, and it enriches the research of intrusion detection. It also provides constructive method and techniques for research of intrusion detection.
1.分析和总结了现有入侵检测系统技术特点,特别是结合数据万挖掘技术的异常检测系统的研究现状及存在的问题。
2.提出了一种新的基于数据挖掘技术的自适应入侵检测模型AADDM。在AADDM模型中包含训练数据集合生成、有用特征选取、自适应异常检测、检测模型升级和攻击特征本体构建5个组成部分。
3.提出了一种基于自顶向下密度聚类的训练数据集生成算法。首先,给出了一种基于域密度属性的数据相似性描述方法。根据域间密度差异划分概念,定义了多维索引结构中形式化表示的簇。其次,在簇生成过程中,采用基于分支定界理念的密度剪枝(DP)算法剪除无搜索价值区域,提高聚类效率。最后,通过在仿真数据集合上与BIRCH算法比较实验和形式化证明验证算法的高效性和正确性。
4.提出了一种结合遗传算法和SVM理论的特征选取算法。该算法利用遗传算法对样本空间空间进行随机搜索,并利用One-class SVM的分类正确率评估搜索结果,获取最优特征子集。论文在KDD1999数据集上进行算法测试,验证算法有效性。
5.研究了一种基于增量密度聚类的自适应异常检测算法ADDBIC。算法在目标数据集每一特征列上根据特征值的密度信息聚类。一旦有新簇生成,其所有特征值属性被抽象为一个正常轮廓,每个轮廓由一个内部概要和一个外部概要构成。所有特征列上的正常轮廓集合构成ADDBIC算法的检测模型。实时网络连接记录产生后,将立即通过检测模块与检测模型比较,如果二者差异超过预设的“红色”异常级别,则指示有入侵发生,算法将立即向管理员报警;如果比较结果为正常,这条记录的每项有用数据都将通过插入操作被插入到已存在簇中,相应的检测轮廓也随之更新。
6.提出了一种基于增量式密度聚类分析的入侵检测本体描述方法,细化聚类算法结果并获取关于入侵攻击的详细属性描述、抽取领域概念、描述概念间的关系,以本体语言OWL描述入侵检测领域知识。简要介绍了Mitnick和Buffer Overflow攻击的本体实例化描述过程。在入侵检测过程中,利用本体描述所有的攻击实例信息,发现相关实例攻击间的联系,描述整个攻击过程。
Data mining can mine specified patterns that people are interested in from large datasets. Therefore, data mining technique is applied for intrusion detection in large number of research projects, which greatly promote the development of intrusion detection. However, there are still many problems in the field of data mining-based intrusion detection, as following: poor adaptability,inability to detect novel attacks; high ID (Intrusion Detection) modeling cost,slow updating speed; Lacking of extensibility, lack of the ability to adapt the ID model derived from certain computer system to another system.
In order to promote the development of data mining and intrusion detection techniques, aiming at the essence of problems in data mining-based intrusion detection, this paper provides new methods and effective approaches for intrusion detection in theory and in application as following aspects:
1. The classification of IDS is dissertated. Meanwhile,the system structure of IDS and related detection technologies are discussed in detail. Also, a survey about ID modeling technology is given and the primary problems of ID modeling are discussed.
2. A novel ID model-AADDM is put forward. The design process, model structure and means of collecting and retreating network connection records are also given. AADDM filters the noise /attack data in source dataset and generates a pure training dataset by a top-down density-based clustering method; builds a lightweight and efficient intrusion detection system by GA-SVM based useful feature selection algorithm; makes use of unsupervised self-learning mechanism-incremental density-based clustering,partitions network behavior set into normal behavior set, abnormal behavior set and generate intrusion detection profiles. The intrusion patterns are extracted automatically from real time security affairs data,so the intrusion patterns database can be updated automatically according to the current condition. Besides,training datasets and background knowledge are not needed,so AADDM has the advantage of less cost. AADDM provides a novel idea for ID research.
3. In this paper, we have proposed a training data set generation algorithm which uses a novel top-down clustering method based on region density using a multidimensional index. Generally, multidimensional indexes have inherent clustering property of storing similar objects in the same or adjacent data pages. By taking advantage of this property, our method finds similar objects using only the region density information without incurring the high cost of accessing the objects themselves and calculating distances among them. First, we have provided a formal definition of the cluster based on the concept of region contrast partition. Next, we have proposed the density_ pruning_clustering algorithm(DP). DP employs a branch-and-bound mechanism that improves efficiency by pruning unnecessary search in finding the set of dense regions. To evaluate the performance of the proposed algorithm, we have conducted extensive experiments. Experimental results show that the accuracy of the proposed algorithm is similar or superior to that of BIRCH except for exactly spherical clusters. The results also show that the efficiency of the proposed algorithm is far superior to that of BIRCH due to density-based pruning. Experimental results for large data sets consisting of 10 million objects show that density_pruning_clustering algorithm reduces the elapsed time by up to 96 times compared with that of BIRCH. Even with the cost of index creation and maintenance considered, the proposed algorithm is significantly (by an order of magnitude) more efficient than BIRCH. Further, we note that the improvement in performance becomes more marked as the size of the database increases, making this method more suitable for larger databases. The top-down clustering approach proposed in this paper greatly improves the clustering performance for large databases without sacrificing accuracy. We believe that the proposed methods will be practically usable in application as intrusion detection training dataset generation.
4. Feature selection is one of the main methods for data preprocessing, which can be used for alleviating the effect of the curse of dimensionality, enhancing generalization capability and improving model interpretablity. This paper proposes a new feature selection algorithm, called GA-SVM, aiming at building intrusion detection system by (1) using a hybrid strategy of genetic algorithm and heuristical seareching algorithm as the search strategy to specify a feature subset for evaluation ; (2) using one class Support Vector Machines to evalueate the quality of the searching results. We seperated KDD1999 intrusion detection dataset into several testing groups. The experimental results show that the approach is able not only to speed up the process of detection but also make a better detection quality.
5. In this paper we present an adaptive anomaly detection algorithm using density-based incremental clustering called ADDBIC. It applies a new statistical method to summarize the normality profiles of the clusters generated by the algorithm automatically. Each normality profile is corresponding to a cluster and composed of two different summaries: internal and external. The internal summary contains the properties of the cluster while the external summary represents the statistics of noise values around the cluster. All normality profiles are collected and used to monitor the target system as a detection model. Updating algorithms of insertion and deletion are explored to adjust existing clusters and normality profiles in a real-time manner. Due to the density-based nature, updating operations affects existing clusters only in a small range neighborhood of the inserted or deleted training instances. The major contributions of this paper lie in twofold. Firstly, initial clusters on training data set are generated by density-based clustering and adjusted in a small range in a real-time manner. By comparing feature values of training data set, we discover that normal values always concentrate on a small numerical range while abnormal values spread around the normal values. So we can distinguish normal and abnormal values by their density relationship. When updating detection model by insertion or deletion operations, feature values will be inserted in or deleted from existing clusters. It can be shown that our insertion or deletion operations will not greatly change the density relationship of normal values in existing clusters. So we can update the detection models just by some adjustments in a small range of existing clusters instead of retraining on the whole database. Time cost of updating is greatly saved and the updating can be done in real time. The second contribution of our paper is that we use the statistical method to describe the detection model generation and attack detection. Once a cluster generated or modified, normality profiles of feature values involved in clustering will be calculated and compared with the online connection records by our statistical method. For containing only statistical summaries of existing clustering results, our normality profiles could be updated and compared much efficiently. ADDBIC shows a better performance on real-time anomaly detection, when compared to other existing adaptive detection algorithms such as ADWICE. The comparison experiments have shown that ADDBIC demonstrates a better performance on the given data set than ADWICE in terms of both false alarm rate reduction and profile updating these important factors for anomaly detection systems.
6. In the paper, a kind of ontology description method of IDS based on the incremental density based clustering is provided. The method captures the detailed description of attack attributes, extracts the concepts and relationships between the concepts, and depicts the knowledge of the IDS domain using the OWL. We introduce the instantiation description of Mitnick and Buffer Overlfow by ontology description method. During the intrusion detection, the instance information, the relationships between the attacks and the whole procedure of the attacks can be detailed described and generated by the method. Provided the sharing of domain knowledge, ontology-based intrusion detection system possesses the ability of reasoning upon the instance information of attacks and the description of attacks provides the same agreement on the knowledge in heterogeneous intrusion detection systems.
In conclusion, this dissertation has academic significance and value of application, and it enriches the research of intrusion detection. It also provides constructive method and techniques for research of intrusion detection.
引文
[1]. J.P Anderson: Computer Security Threat Monitoring and Surveillance [R]. Technical report, 1980, Fort Washington.
[2]. D.E Denning: An Intrusion Detection Model [J]. IEEE Transaction on Software Engineering, 1987, Vol. SE-13, No.2, Page(s): 222-232.
[3]. Rebecca Cathey, Ling Ma, Nazli Goharian, David Grossman: Misuse detection for information retrieval systems [C]. Proceedings of the twelfth international conference on Information and knowledge management, LA USA, 2003, Page(s): 183– 190.
[4]. PLing Ma, PNazli Goharian: Query length impact on misuse detection in information retrieval systems [C]. Proceedings of the 2005 ACM symposium on Applied computing, Santa Fe, New Mexico, 2005, Page(s): 1070– 1075.
[5]. PMaheshkumar Sabhnani, PGursel Serpen: Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set [J]. Intelligent Data Analysis, 2004, Volume 8, Issue 4, Page(s): 403-415.
[6]. Slobodan Petrovic, Sverre Bakke: Improving the Efficiency of Misuse Detection by Means of the q-gram Distance [C], Proceedings of the 2008 The Fourth International Conference on Information Assurance and Security, DC USA, 2008, Page(s): 205– 208.
[7]. Terrence OConnor, Douglas Reeves: Bluetooth Network-Based Misuse Detection [C]. Proceedings of the 2008 Annual Computer Security Applications Conference, DC USA, 2008, Page(s): 377– 391.
[8]. Lingyun Yang, Chuang Liu, Jennifer M. Schopf, Ian Foster: Anomaly detection and diagnosis in grid environments [C]. Proceedings of the 2007 ACM/IEEE conference on High Performance Networking and Computing, NY USA, 2007, Page(s):1– 9.
[9]. Debin Gao, Michael K. Reiter, Dawn Song: Gray-box extraction of execution graphs for anomaly detection [C]. Proceedings of the 11th ACM conference on Computer and communications security, Washington DC, USA, 2004, Page(s):318– 329.
[10]. George K. Baah, Alexander Gray, PMary Jean Harrold: On-line anomaly detection of deployed software : a statistical machine learning approach [C]. Proceedings of the 3rd international workshop on Software quality assurance, NY USA, 2006, Page(s): 70– 77.
[11]. Lih-Chyau Wuu, Chi-Hsiang Hung, Sout-Fong Chen:Building intrusion detection pattern miner for snort network intrusion detection system [J]. Journal of System and Software, 2007, Volume 30, Issue16, Page(s): 3203-3213.
[12]. PAbhishek Mitra, Walid Najjar, Laxmi Bhuyan: Compiling PCRE to FPGA for accelerating SNORT IDS [C]. Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems, Florida, USA, 2007, Page(s): 127– 136.
[13]. V. Jacobson, C. Leres and S. McCanne: Libcap [EB/OL]. Lawrence Berkeley National Laboratory, http://www-nrg.ee.lbl.gov/, 1994.
[14]. M. M. Sebring, E. Shellhouse, M. E. Hanna: Expert systems in intrusion detections: a case study [C]. In Proceedings of the 11th National Computer Security Conference, Marland, 1998, Page(s): 74-81.
[15]. Wenke Lee, Salvatore J. Stolfo: A framework for constructing features and models for intrusion detection systems[J]. ACM Transactions on Information and System Security (TISSEC), Volume 3, Issue 4, Page(s): 227– 261.
[16]. Debra, Anderson. Thane Frivold. Alfonso Valdes: Next-generation Intrusion Detection Expert System (NIDES) A Summary [R]. Computer Science Laboratory, SRI-CSL-95-07, 1995.
[17]. Mikko T. Siponen, Harri Oinas-Kukkonen: A review of information security issues and respective research contributions [J]. ACM SIGMIS Database, 2007, Volume 38, Issue 1, Page(s): 60– 80.
[18]. Douglas Herbert, Vinaitheerthan Sundaram, Yung-Hsiang Lu, PSaurabh Bagchi. PZhiyuan Li: Adaptive correctness monitoring for wireless sensor networks using hierarchical distributed run-time invariant checking [J]. ACM Transactions on Autonomous and Adaptive Systems (TAAS), 2007, Volume 2, Issue 3, Page(s): 8-20.
[19]. Chinyang Henry Tseng, Shiau-Huey Wang, Karl Levitt: DRETA: distributed routing evidence tracing and authentication intrusion detection model for MANET [C]. Proceedings of the 2nd ACM symposium on Information, computer and communications security, Singapore, 2007, Page(s): 395– 397.
[20]. Jiantao Kong, Karsten Schwan, Min Lee, Mustaque Ahamad: Protectit: trusted distributed services operating on sensitive data. ACM SIGOPS Operating Systems Review, 2008, Volume 42, Issue 4: 137– 147.
[21]. Scott A. Wallace, S-assess: a library for behavioral self-assessment [C]. Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems, Netherlands, 2005, Page(s): 256– 263.
[22]. K .llgun: USTAT: a real-time intrusion detection system for UNIX [C]. In Proc. of the 1993 IEEE Symposium on Security and Privacy, Oakland, California, 1993, Page(s): 16-28.
[23]. S. Kumar: Classification and detection of computer intrusion [D]. West Lafayette: Purdue University,. 1995.
[24]. S. Kumar and E. H. Spafford: An application of pattern matching in intrusion detection[R]. West Lafayette: Departmenyt of Computer Sciences, Purde University, 1994.
[25]. J. Habra, B. L. Charlier, A. Mounji: ASAX: Software architecture and rule-based language ofr universal audit trail analysis[C]. Computer Security-Proceedings of ESORICS 1992, Toulouse, France, 1992, Volume: 648, Page (s): 435-450.
[26]. J. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff: architecture for intrusion detection using autonomous agents[R]. West Lafayette: Deptartment of Computer Sciences, Purde University, 1998.
[27]. J. Hochberg, K. Jackson, C. Stalings: NADIR: an automated system for detecting network intrusion and misuse [J]. Computer Security, 1993, Volume: 12, Issue: 3, Page(s): 235-248.
[28]. S. E. Smaha: Haystack: an intrusion detection system[C]. In Proceedings of the IEEE 4th Aerospace Computer Security Applications Conference, FL USA, 1998: 553-569.
[29]. L. Lankewicz and M.Benard: A Nonparametric Pattern Recognition Approach to Intrusion Detection[R]. Tulane: Tulane University Department of Computer Science, October 1990.
[30]. H. S. Vaccaro and G. E. Liepins: Detection of anomalous computer session activity[C]. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, Oakland, California, 1989, Page (s): 280-289.
[31]. Teng, H. S., Chen, K., Lu, S. C: Security audit trail analysis using inductively generated predictive rules[C]. In Proceedings of the 6th Conference on Artificial Intelligence Applications, LA USA, 1990, Page (s): 24-29.
[32]. T. Heberlein, G. Dias, K. Levitt: A network security monitor[C]. In Proc. of the 1990 IEEE Symposium on Research in Security and Privacy, CA USA, 1990, Page (s):296-304.
[33]. Levente Buttyan, Jean-Pierre Hubaux: Report on a working session on security in wireless ad hoc networks [J]. ACM SIGMOBILE Mobile Computing and Communications Review, 2003, Volume 7, Issue 1, Page(s): 74-94.
[34]. Qunwei Zheng, Xiaoyan Hong, Sibabrata Ray: Recent advances in mobility modeling for mobile ad hoc network research [C]. Proceedings of the 42nd annual Southeast regional conference, Alabama, 2004, Page(s): 70-75.
[35]. Joao B. D. Cabrera, Lundy Lewis, Raman K. Mehra: Detection and classification of intrusions and faults using sequences of system calls [J]. ACM SIGMOD Record, 2001, Volume 30, Issue 4, Page(s): 25-34.
[36]. Haoyu Song, John W. Lockwood: Efficient packet classification for network intrusion detection using FPGA [C]. Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays, California, USA, 2005, Page(s): 238– 245.
[37]. Karthik Lakshminarayanan, Anand Rangarajan, Srinivasan Venkatachary: Algorithms for advanced packet classification with ternary CAMs [J]. ACM SIGCOMM Computer Communication Review, 2005, Volume 35, Issue 4, Page(s): 193-204.
[38]. Nigel Williams, Sebastian Zander, Grenville Armitage: A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification [J]. ACM SIGCOMM Computer Communication Review, 2006, Volume 36, Issue 5, Page(s): 5-16.
[39]. PFabrizio Angiulli, PGianluigi Greco, PLuigi Palopoli: Outlier detection by logic programming [J]. ACM Transactions on Computational Logic, 2007, Volume 9, Issue 1, Page(s): 7-13.
[40]. Kenji Yamanishi, Jun-Ichi Takeuchi, Graham Williams, Peter Milne: On-line unsupervisedoutlier detection using finite mixtures with discounting learning algorithms [C]. Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining, Massachusetts, United States, 2000, Page(s): 320– 324.
[41]. Ying Liu, Alan P. Sprague, Elliot Lefkowtz: Network flow for outlier detection [C]. Proceedings of the 42nd annual Southeast regional conference, Alabama, 2004, Page(s): 402– 103.
[42]. Yucel Saygin, Vassilos S. Verykios, Chris Cliffton: Using unknowns to prevent discovery of association rules [J]. ACM SIGMOD Record, Special section on data mining for intrusion detection and threat analysis, 2001, Volume 30, Issue 4, Page(s): 45-54.
[43]. Yucel Saygin, Vassilos S. Verykios, Chris Cliffton: Using unknowns to prevent discovery of association rules [J]. ACM SIGMOD Record, Special section on data mining for intrusion detection and threat analysis, 2001, Volume 30, Issue 4, Page(s): 45-54.
[44]. V. N. Vapnik, S. Golowich, A. Smola: Support Vector method for function approximation regression and signal processing [C]. Advances in Neural Information Processing Systems 9, Cmbridge, 1997, Page(s): 281-287.
[45]. Akiko Takedaa, Takafumi Kanamorib: A robust approach based on conditional value-at-risk measure to statistical learning problems [J]. European Journal of Operational Research, 2009, Volume 198, Issue 1, Pages: 287-296.
[46]. Stefan Lessmann, Ming-Chien Sung, Johnnie E.V. Johnson: Identifying winners of competitive events: A SVM-based classification model for horserace prediction [J]. European Journal of Operational Research, 2009, Volume 196, Issue 2, Pages: 569-577.
[47]. Pawan Lingras, Cory Butz: Rough set based 1-v-1 and 1-v-r approaches to support vector machine multi-classification [J]. Information Sciences, 2007, Volume 177, Issue 18, Pages: 3782-3798.
[48]. V. Zorkadis, D.A. Karras, M. Panayotou: Efficient information theoretic strategies for classifier combination, feature extraction and performance evaluation in improving false positives and false negatives for spam e-mail filtering [J]. Neural Networks, 2005, Volume 18, Issues 5-6, Pages: 799-807.
[49]. Roung-Shiunn Wu, Wen-Hsin Chung: Ensemble one-class support vector machines for content-based image retrieval [J]. Expert Systems with Applications, 2009, Volume 36, Issue 3, Pages: 4451-4459.
[50]. Kemal Pola, Salih Güne?: A novel hybrid intelligent method based on C4.5 decision tree classifier and one-against-all approach for multi-class classification problems [J]. Expert Systems with Applications, 2009, Volume 36, Issue 2, Pages: 1587-1592.
[51]. Piotr Juszczak, David M.J. Tax, El?bieta Pe?kalska, Robert P.W. Duin: Minimum spanning tree based one-class classifier [J]. Neurocomputing, 2009, Volume 72, Issues 7-9, Pages: 1859-1869.
[52]. Pei-Yi Hao: Fuzzy one-class support vector machines [J]. Fuzzy Sets and Systems, Volume 159, Issue 18, 16 September 2008, Pages: 2317-2336.
[53]. Manuele Bicego, Mario A.T. Figueiredo: Soft clustering using weighted one-class support vector machines [J]. Pattern Recognition, Volume 42, Issue 1, January 2009, Pages: 27-32.
[54]. Kwang-Kyu Seo: An application of one-class support vector machines in content-based image retrieval [J]. Expert Systems with Applications, Volume 33, Issue 2, August 2007, Pages: 491-498.
[55]. Babak Mohammadzadeh Asl, Seyed Kamaledin Setarehdan, Maryam Mohebbi: Support vector machine-based arrhythmia classification using reduced features of heart rate variability signal [J]. Artificial Intelligence in Medicine, Volume 44, Issue 1, September 2008, Pages: 51-64.
[56]. M. Arun Kumar, M. Gopal: Least squares twin support vector machines for pattern classification [J]. Expert Systems with Applications, Volume 36, Issue 4, May 2009, Pages: 7535-7543.
[57]. Ahmet Baylar, Davut Hanbay, Murat Batan: Application of least square support vector machines in the prediction of aeration performance of plunging overfall jets from weirs [J]. Expert Systems with Applications, Volume 36, Issue 4, May 2009, Pages: 8368-8374.
[58]. Davut Hanbay, Ahmet Baylar, Murat Batan: Prediction of aeration efficiency on stepped cascades by using least square support vector machines [J]. Expert Systems with Applications, Volume 36, Issue 3, Part 1, April 2009, Pages: 4248-4252.
[59]. Wen Wen, Zhifeng Hao, Xiaowei Yang: A heuristic weight-setting strategy and iteratively updating algorithm for weighted least-squares support vector regression [J]. Neurocomputing, Volume 71, Issues 16-18, October 2008, Pages: 3096-3103.
[60]. Jooyong Shim, Insuk Sohn, Sujong Kim, Jae Won Lee, Paul E. Green, Changha Hwang: Selecting marker genes for cancer classification using supervised weighted kernel clustering and the support vector machine [J]. Computational Statistics & Data Analysis, 15 March 2009, Volume 53, Issue 5, Pages: 1736-1742.
[61]. Wen Wen, Zhifeng Hao, Xiaowei Yang: A heuristic weight-setting strategy and iteratively updating algorithm for weighted least-squares support vector regression [J]. Neurocomputing, October 2008, Volume 71, Issues 16-18, Pages: 3096-3103.
[62]. Jinfu Liu, Qinghua Hu, Daren Yu: A weighted rough set based method developed for class imbalance learning [J]. Information Sciences, 15 February 2008, Volume 178, Issue 4, Pages: 1235-1256.
[63]. Wen Yu, Xiaoou Li: Online fuzzy modeling with structure and parameter learning [J]. Expert Systems with Applications, Volume 36, Issue 4, May 2009, Pages: 7484-7492.
[64]. H. G. Chew, D. J. Crisp, R. E. bogner: Target Detection in Radar Imagery using Support Vector Machines with Training Size Biasing [C]. In Proc. Of the Sixth InternationalConference on Control, Automation, Robotics and Vision, Singapore. 2000: 1867-1874.
[65]. H. G. Chew, D. J. Crisp, R. E. bogner: Dual nu-Support Vector Machine with Error Rate and Training Size Biasing [C]. In Proc. Of 26 International Conference on Acousitics Speed and Signal Processing, USA, 2001, Pages: 1269-1272.
[66]. C. Domeniconi, D. Gunopulos: Incremental support vector machine construction [C]. Proceedings of IEEE international conference on data mining, USA, 2001, Pages: 589-592.
[67]. F.Glenn, O. L. Mangasarian: Incremental support vector machine classification [R]. Data Mining Institute Technical Report, 2001.
[68]. E. Osuna, R. Freund, F. Girosi: Training support vector machines: an application to face detection [C]. In proceedings of CVPR 1997, NY USA, 1997, Pages: 130-136.
[69]. T. Joachimes: Transductive inference for text classification using support vector machines [C]. In proceeding of the 16th international conference on machine learning, Kaufmanm, 1999, Pages: 148-159.
[70]. P. Laskov: Feasible direction decomposition algorithm for training support vector machines [J]. Machine Learning, 2002, Volume 46, Issue 1, Pages: 315-349.
[71]. C. W. Hsu, C. J. Lin: A comparison of methods for muti-class support vector machines [J]. IEEE Transactions on Neural Networks, 2002, Volume 13(2002), Pages: 415-425.
[72]. C. J. Lin: On the convergence of the decomposition method for support vector machines [J]. IEEE Transaction on Neural Network, 2001, Volume 12, Pages: 1288-1298.
[73]. N. E. Ayat, M. Cheriet, L. Remaki: KMOD-a new support vector machine kernel with moderate decreasing for pattern recognition, application to digital image recognition [C]. In proceeding of sixth international cofernece on document analysis and recognition, Seattle, USE, 2001, Pages: 1215-1211.
[74]. O. Chaplle, V. Vapnik, O. Bousquet: Choosing multiple parameters for support vector machines [J]. Machine learning, 2002, Volume 46, Issue 1-3, Pages: 131-159.
[75]. D. J. Sebald, J. A. Bucklew: support vector machines and the multiple hypothesis test problem [J]. IEEE Transaction Signal Processing, 2001, Volume 49, Issue 11, Pages: 2865-2872.
[76]. T. G. Dietterich, G. Bakiri: Solving multi-class learning problem via error-correcting output codes [J]. Journal of artificial intelligence research, 1995, Volume 2, Issue 1, Pages: 263-286.
[77]. M. R. Sadjadi, S. A. Zekavat: Cloud classification using support vector machine [C]. In Processing of the 2000 IEEE Geoscience and Romote Sensing Syposium, Honolulu Hawaii, 2000, Volume 2, Pages: 669-671.
[78]. J.H. Holland: Adaptation in Natural and Artifical Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence [M]. The MIT Press/A Bradford Book, Cambridge, MA, 1992. 1st ed.: University of Michigan Press, Ann Arbor, MI, 1975.
[79]. Blas Payri: Knowledge base improvement through genetic algorithms [J]. Information Sciences, March 1999, Volume 114, Issues 1-4, Pages 63-79.
[80]. Victoria Booth: A genetic algorithm study on the influence of dendritic plateau potentials on bistable spiking in motoneurons [J]. Neurocomputing, June 1999, Volumes 26-27, Pages 69-78.
[81]. J.A. Lozano, P. Larra?aga: Applying genetic algorithms to search for the best hierarchical clustering of a dataset [J]. Pattern Recognition Letters, 20 September 1999, Volume 20, Issue 9, Pages 911-918.
[82]. Motohide Yoshimura, Shunichiro Oe: Evolutionary segmentation of texture image using genetic algorithms towards automatic decision of optimum number of segmentation areas [J]. Pattern Recognition, December 1999, Volume 32, Issue 12, Pages 2041-2054.
[83]. Hong Zhou, Waiman Cheung, Lawrence C. Leung: Minimizing weighted tardiness of job-shop scheduling using a hybrid genetic algorithm [J]. European Journal of Operational Research, 1 May 2009, Volume 194, Issue 3, Pages: 637-649.
[84]. P. Borisovsky, A. Dolgui, A. Eremeev: Genetic algorithms for a supply management problem: MIP-recombination vs greedy decoder [J]. European Journal of Operational Research, 16 June 2009, Volume 195, Issue 3, Pages 770-779.
[85]. Lin-Yu Tseng, Ya-Tai Lin: A hybrid genetic local search algorithm for the permutation flowshop scheduling problem [J]. European Journal of Operational Research, 1 October 2009, Volume 198, Issue 1, Pages: 84-92.
[86]. Bchira Ben Mabrouk, Hamadi Hasni, Zaher Mahjoub: On a parallel genetic–tabu search based algorithm for solving the graph colouring problem [J]. European Journal of Operational Research, 16 September 2009, Volume 197, Issue 3, Pages: 1192-1201.
[87]. Karthik Sourirajan, Leyla Ozsen, Reha Uzsoy:A genetic algorithm for a single product network design model with lead time and safety stock considerations [J]. European Journal of Operational Research, 1 September 2009, Volume 197, Issue 2, Pages: 599-608.
[88]. Yi Zhang, Xiaoping Li, Qian Wang: Hybrid genetic algorithm for permutation flowshop scheduling problems with total flowtime minimization [J]. European Journal of Operational Research, 1 August 2009, Volume 196, Issue 3, Pages: 869-876.
[89]. A. Georgieva, I. Jordanov: Global optimization based on novel heuristics, low-discrepancy sequences and genetic algorithms [J]. European Journal of Operational Research, 16 July 2009, Volume 196, Issue 2, Pages: 413-422.
[90]. ?hsan Kaya: A genetic algorithm approach to determine the sample size for control charts with variables and attributes [J]. Expert Systems with Applications, July 2009, Volume 36, Issue 5, Pages: 8719-8734.
[91]. Wei Song, Cheng Hua Li, Soon Cheol Park: Genetic algorithm for text clustering using ontology and evaluating the validity of various semantic similarity measures [J]. Expert Systems with Applications, July 2009, Volume 36, Issue 5, Pages: 9095-9104.
[92]. Tapas Kanungo, David M. Mount, Nathan S. Netanyahu, Christine D. Piako, Ruth Silverman,Angela Y. Wu: A local search approximation algorithm for k-means clustering [C]. Proceedings of the eighteenth annual symposium on Computational geometry, Barcelona, Spain, 2002, Pages: 10– 18.
[93]. PYi Lu, PShiyong Lu, PFarshad Fotouhi, PYouping Deng, Susan J. Brown: FGKA : a Fast Genetic K-means Clustering Algorithm [C]. Proceedings of the 2004 ACM symposium on Applied computing, Nicosia, Cyprus, 2004, Pages: 622– 623.
[94]. Marina Meila: The uniqueness of a good optimum for K-means [C]. Proceedings of the 23rd international conference on Machine learning, Pittsburgh, Pennsylvania, 2006, Pages: 625– 632.
[95]. Hae-Sang Park, Chi-Hyuck Jun: A simple and fast algorithm for K-medoids clustering [J]. Expert Systems with Applications, March 2009, Volume 36, Issue 2, Part 2, Pages 3336-3341.
[96]. A. J. Bagnall, G. J. Janacek: Clustering time series from ARMA models with clipped data [C]. Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data, WA, USA, 2004, Pages: 49– 58.
[97]. Yannis Kopsinis, Sergios Theodoridis: A novel cluster based MLSE equalizer for M-PAM signaling schemes [J]. Signal Processing, September 2003, Volume 83, Issue 9, Pages 1905-1918.
[98]. Ameer Ahmed Abbasi, Mohamed Younis: A survey on clustering algorithms for wireless sensor networks [J]. Computer Communications, 15 October 2007, Volume 30, Issues 14-15, Pages 2826-2841.
[99]. Elisa Bertino, Amani A. Saad, M.A. Ismail: Clustering techniques in object bases: A survey [J]. Data & Knowledge Engineering, May 1994, Volume 12, Issue 3, Pages: 255-275.
[100]. R.Ng, J.Han: Efficient and effective clustering method for spatial data mining [C]. Proceedings of the International Conference on Very Large Data Bases (VLDB’94), San Fransisco, Morgan, 1994, Pages: 144-155.
[101]. Chih-Ping Wei, Yen-Hsien Lee, Che-Ming Hsu: Empirical comparison of fast partitioning-based clustering algorithms for large data sets [J]. Expert Systems with Applications, May 2003, Volume 24, Issue 4, Pages: 351-363.
[102]. Sandra Duni Ek?io?lu: A primal–dual algorithm for the economic lot-sizing problem with multi-mode replenishment [J]. European Journal of Operational Research, 16 August 2009, Volume 197, Issue 1, Pages: 93-101.
[103]. Huang Zhe-xue: Extensions to the k-means algorithms for clustering large data sets with categorical values [J]. Data Mining and Knowledge Discovery, 1998, Volume:2, Issue:3, Pages:283-304.
[104]. Huang Zhang: Clustering large data sets with mixed numeric and categorical values [C]. Proceedings of The First Pacific-Asia Conference on Knowledge Discovery and Data Mining, Singapore, 1997, Pages: 21-34.
[105]. J.Dunn: A Fuzzy Relative of the ISO data Process and its Use in Detecting Compact Well-Separated Clusters [J]. Journal of Cybernetics, 1973, Volume3, Issue3, Pages: 32-57.
[106]. J.Bezdek, R.Hathaway: Recent Convergence Results for the Fuzzy c-Means Clustering Algorithms [J]. Journal of Classification, 1988, Volume:5, Issue: 2, Pages:237-247.
[107]. Raghu Krishnapuram, James M.Keller: A Possibilistic Approach to Clustering [J] IEEE Transactions on Fuzzy Systems, 1993, Volume1, Issue 2, Pages: 98-109.
[108]. Raghu Krishnapuram, James M.Keller: The Possibilistic c-Means Algorithm: Insights and Recommendations [J]. IEEE Transactions on Fuzzy Systems, 1996, Volume 4, Issue3, Pages: 385-393.
[109]. Rajech N. Dave, Raghu Krishnapuram: Robust Clustering Methods: A Unified View [J]. IEEE Transactions on Fuzzy Systems, 1997, Volume 5, Issue2, Pages: 270-293.
[110]. T.Zhang, R.Ramakrishnan, M.Livny: BIRCH:An efficient data clustering method for very large databases[J]. ACM SIGMOD Record, June 1996, Volume25, Issue 2, Pages: 103-114.
[111]. Guillermo R. Labadie, Guillermina L. Estiú, Raquel M. Cravero, Manuel Gonzalez Sierra: Decomposition mechanism of Birch alkylation products ofα-tetralones [J]. Journal of Molecular Structure: THEOCHEM, 18 September 2003, Volume 635, Issues 1-3, Pages: 173-182.
[112]. J P Syst. Builder: Approaching expert systems [J]. Knowledge-Based Systems, December 1989, Volume 2, Issue 4, Page: 260.
[113]. D.K. Tasoulis, M.N. Vrahatis: Unsupervised clustering on dynamic databases [J]. Pattern Recognition Letters, 1 October 2005, Volume 26, Issue 13, Pages: 2116-2127.
[114]. Eden W.M. Ma, Tommy W. S. Chow: A new shifting grid clustering algorithm [J]. Pattern Recognition, March 2004, Volume 37, Issue 3, Pages: 503-514.
[115]. Manoranjan Dash, Huan Liu, Peter Scheuermann, Kian Lee Tan: Fast hierarchical clustering and its validation [J]. Data & Knowledge Engineering, January 2003, Volume 44, Issue 1, Pages: 109-138.
[116]. S. Guha, R. Rastogi, K. Shim: CURE: An efficient clustering algorithm for large databases [J]. Proceedings of the 1998 ACM SIGMOD international conference on Management of data, New York, NY, USA, 1998, Pages: 73-84.
[117]. Chung-Chian Hsu, Chin-Long Chen, Yu-Wei Su: Hierarchical clustering of mixed data based on distance hierarchy [J]. Information Sciences, 15 October 2007, Volume 177, Issue 20, Pages: 4474-4492.
[118]. Sudipto Guha, Rajeev Rastogi, Kyuseok Shim: Rock: A robust clustering algorithm for categorical attributes [J]. Information Systems, July 2000, Volume 25, Issue 5, Pages: 345-366.
[119]. S. Guha, R. Rastogi, K.Shim.Rock: A robust clustering algorithm for categorical attributes [J]. Proceedings of the 15th International Conference on Data Engineering, Washington, DC, USA,1999, Pages: 512-521.
[120]. Cheng-Fa Tsai, Chun-Wei Tsai, Han-Chang Wu, Tzer Yang: ACODF: a novel data clustering approach for data mining in large databases [J]. Journal of Systems and Software, September 2004, Volume 73, Issue 1, Pages: 133-145.
[121]. Jinwook Seo, Ben Shneiderman: Interactively Exploring Hierarchical Clustering Results [M]. The Craft of Information Visualization, 2003, Pages 334-340.
[122]. G.cKarypis,cE.-H.cHan, V. Kumar: CHAMELEON:A Hierarchical Clustering Algorithm Using Dynamic Modeling [J]. IEEE Trans. on Computer, 1999, Volume 32, Issue8, Pages: 68-75.
[123]. Derya Birant, Alp Kut: ST-DBSCAN: An algorithm for clustering spatial–temporal data [J]. Data & Knowledge Engineering, January 2007, Volume 60, Issue 1, Pages: 208-221.
[124]. Massimo Coppola, Marco Vanneschi: High-performance data mining with skeleton-based structured parallel programming [J]. Parallel Computing, May 2002, Volume 28, Issue 5, Pages: 793-813.
[125]. M. Ester, H.-P. Kriegel, J. Sander, X. Xu; A density-based algorithm for discovering clusters in large spatial databases [C]. Proc. of the 2nd Int'l Conf. on Knowledge Discovery and Data Mining (KDD'96), Portlands, 1996, Pages: 226-231.
[126]. Toshiaki Suhara: Diffractive and Defractive Micro-optics [M]. Comprehensive Microsystems, 2008, Chapter 3.02, Pages: 65-99.
[127]. Gleb V. Nosovskiy, Dongquan Liu, Olga Sourina: Automatic clustering and boundary detection algorithm based on adaptive influence function [J]. Pattern Recognition, September 2008, Volume 41, Issue 9, Pages: 2757-2776.
[128]. Sergios Theodoridis, Konstantinos Koutroumbas: Clustering Algorithms I: Sequential Algorithms [M]. Pattern Recognition (Third Edition), 2006, Pages: 517-540.
[129]. M. Ankerst: OPTICS: Ordering Points to Identify Clustering Structure [J]. Proceedings of the ACM SIGMOD Conference on Management of Data, Philadelphia, 1999, Pages: 49-60.
[130]. Joachim Gudmundsson, Marc van Kreveld, Giri Narasimhan: Region-restricted clustering for geographic data mining [J]. Computational Geometry, April 2009, Volume 42, Issue 3, Pages: 231-240.
[131]. Noha A. Yousri, Mohamed S. Kamel, Mohamed A. Ismail: A distance-relatedness dynamic model for clustering high dimensional data of arbitrary shapes and densities [J]. Pattern Recognition, July 2009, Volume 42, Issue 7, Pages: 1193-1209.
[132]. Lian Duan, Lida Xu, Feng Guo, Jun Lee, Baopin Yan: A local-density based spatial clustering algorithm with noise [J]. Information Systems, November 2007, Volume 32, Issue 7, Pages: 978-986.
[133]. A. Hinneburg, D. Keim: An efficient approach to clustering large multimedia database with noise [J]. Proceedings of the 4th ACM SIGKDD on Knowledge Discovery and Data Mining,NY, 1998, Pages: 58-65.
[134]. Robert Moskovitch, Yuval Elovici, Lior Rokach: Detection of unknown computer worms based on behavioral classification of the host [J]. Computational Statistics & Data Analysis, 15 May 2008, Volume 52, Issue 9, Pages: 4544-4566.
[135]. Andrew Hay, Daniel Cid Creator of OSSEC, Rory Bary, Stephen Northcutt: Rootkit Detection Using Host-based IDS [M]. OSSEC Host-Based Intrusion Detection Guide, 2008, Pages: 275-280.
[136]. Mohsen A. Jafari, Jiachen Liu, Davood Golmohammadi: Network flow formulation of optimal perimeter sensory coverage problem [J]. European Journal of Operational Research, 16 August 2009, Volume 197, Issue 1, Pages: 77-83.
[137]. P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, E. Vázquez: Anomaly-based network intrusion detection: Techniques, systems and challenges [J]. Computers & Security, February-March 2009, Volume 28, Issues 1-2, Pages: 18-28.
[138]. Haidar Safa, Mohamad Chouman, Hassan Artail, Marcel Karam: A collaborative defense mechanism against SYN flooding attacks in IP networks [J]. Journal of Network and Computer Applications, November 2008, Volume 31, Issue 4, Pages: 509-534.
[139]. Ajith Abraham, Ravi Jain, Johnson Thomas, Sang Yong Han: D-SCIDS: Distributed soft computing intrusion detection system [J]. Journal of Network and Computer Applications, January 2007, Volume 30, Issue 1, Pages: 81-98.
[140]. Hassan Artail, Haidar Safa, Malek Sraj, Iyad Kuwatly, Zaid Al-Masri: A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks [J]. Computers & Security, June 2006, Volume 25, Issue 4, Pages: 274-288.
[141]. Muninder P. Kailay, Peter Jarratt: RAMeX: a prototype expert system for computer security risk analysis and management [J]. Computers & Security, 1995, Volume 14, Issue 5, Pages: 449-463.
[142]. Theuns Verwoerd, Ray Hunt,Intrusion detection techniques and approaches [J]. Computer Communications, 15 September 2002, Volume 25, Issue 15, Pages: 1356-1365.
[143]. Jyh-Win Huang, Ting-Wei Hou: A controllable and accountable state-oriented Card-Aided Firewall [J]. Computer Standards & Interfaces, January 2009, Volume 31, Issue 1, Pages: 66-76.
[144]. Bojan Babic, Nenad Nesic, Zoran Miljkovic:A review of automated feature recognition with rule-based pattern recognition [J]. Computers in Industry, April 2008, Volume 59, Issue 4, Pages: 321-337.
[145]. Xiao-Bai Li: A scalable decision tree system and its application in pattern recognition and intrusion detection [J]. Decision Support Systems, November 2005, Volume 41, Issue 1, Pages: 112-130.
[146]. M. Dusi, M. Crotti, F. Gringoli, L. Salgarelli: Tunnel Hunter: Detecting application-layertunnels with statistical fingerprinting [J]. Computer Networks, 16 January 2009, Volume 53, Issue 1, Pages: 81-97.
[147]. Oliver Stehling, Alex D. Sheftel, Roland Lill: Chapter 12 twelve Controlled Expression of Iron-Sulfur Cluster Assembly Components for Respiratory Chain Complexes in Mammalian Cells [J]. Methods in Enzymology, 2009, Volume 456, Pages: 209-231.
[148]. Taeshik Shon, Jongsub Moon: A hybrid machine learning approach to network anomaly detection [J]. Information Sciences, 15 September 2007, Volume 177, Issue 18, Pages: 3799-3821.
[149]. Eric Bloedorn, Inderjeet Mani: Using NLP for machine learning of user profiles [J]. Intelligent Data Analysis, 1998, Volume 2, Issues 1-4, Pages: 3-18.
[150]. Reza Sadoddin, Ali A. Ghorbani: An incremental frequent structure mining framework for real-time alert correlation [J]. Computers & Security, May-June 2009, Volume 28, Issues 3-4, Pages: 153-173.
[151]. K.C. Tan, E.J. Teoh, Q. Yu, K.C. Goh: A hybrid evolutionary algorithm for attribute selection in data mining [J]. Expert Systems with Applications, May 2009, Volume 36, Issue 4, Pages: 8616-8630.
[152]. Guangli Nie, Lingling Zhang, Ying Liu, Xiuyu Zheng, Yong Shi: Decision analysis of data mining project based on Bayesian risk [J]. Expert Systems with Applications, April 2009, Volume 36, Issue 3, Part 1, Pages: 4589-4594.
[153]. F. Masseglia, P. Poncelet, M. Teisseire: Efficient mining of sequential patterns with time constraints: Reducing the combinations [J]. Expert Systems with Applications, March 2009, Volume 36, Issue 2, Part 2, Pages: 2677-2690.
[154]. Kumar: G-tree: a new data structure for organizing multidimensional data [J]. IEEE Trans. Knowledge Data Eng, 1994, Volume: 6, Issue:2, Pages:341–347.
[155]. Kaufman, L., Rousseeuw: Finding Groups in Data: An Introduction to Cluster Analysis [M]. John Wiley & Sons, 1990.
[156]. Ester, Kriegel, Xu.: Knowledge discovery in largespatial databases: focusing techniques for efficient class identification [C]. In: Proc. the Fourth Int’l Symp. on Large Spatial Databases, 1995, Pages: 67-82.
[157]. Jim Z.C. Lai, Yi-Ching Laiw: Improvement of the k-means clustering filtering algorithm [J]. Pattern Recognition, 2008, volume41, issue 12, Pages: 3677-3681.
[158]. Yung-Cheng Ma, Tien-Fu Chen, Chung-Ping Chung: Branch-and-bound task allocation with task clustering-based pruning [J]. Journal of Parallel and Distributed Computing, 2004, volume 61, issue 11, Pages: 1223-1240.
[159]. Kalle Burbeck, Simmin Nadjim-Tehrani. Adaptive real-time anomaly detection with incremental clustering [J]. Information Security Technical Report, 2007, Volume 12, Issue 1, Pages: 56-67.
[2]. D.E Denning: An Intrusion Detection Model [J]. IEEE Transaction on Software Engineering, 1987, Vol. SE-13, No.2, Page(s): 222-232.
[3]. Rebecca Cathey, Ling Ma, Nazli Goharian, David Grossman: Misuse detection for information retrieval systems [C]. Proceedings of the twelfth international conference on Information and knowledge management, LA USA, 2003, Page(s): 183– 190.
[4]. PLing Ma, PNazli Goharian: Query length impact on misuse detection in information retrieval systems [C]. Proceedings of the 2005 ACM symposium on Applied computing, Santa Fe, New Mexico, 2005, Page(s): 1070– 1075.
[5]. PMaheshkumar Sabhnani, PGursel Serpen: Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set [J]. Intelligent Data Analysis, 2004, Volume 8, Issue 4, Page(s): 403-415.
[6]. Slobodan Petrovic, Sverre Bakke: Improving the Efficiency of Misuse Detection by Means of the q-gram Distance [C], Proceedings of the 2008 The Fourth International Conference on Information Assurance and Security, DC USA, 2008, Page(s): 205– 208.
[7]. Terrence OConnor, Douglas Reeves: Bluetooth Network-Based Misuse Detection [C]. Proceedings of the 2008 Annual Computer Security Applications Conference, DC USA, 2008, Page(s): 377– 391.
[8]. Lingyun Yang, Chuang Liu, Jennifer M. Schopf, Ian Foster: Anomaly detection and diagnosis in grid environments [C]. Proceedings of the 2007 ACM/IEEE conference on High Performance Networking and Computing, NY USA, 2007, Page(s):1– 9.
[9]. Debin Gao, Michael K. Reiter, Dawn Song: Gray-box extraction of execution graphs for anomaly detection [C]. Proceedings of the 11th ACM conference on Computer and communications security, Washington DC, USA, 2004, Page(s):318– 329.
[10]. George K. Baah, Alexander Gray, PMary Jean Harrold: On-line anomaly detection of deployed software : a statistical machine learning approach [C]. Proceedings of the 3rd international workshop on Software quality assurance, NY USA, 2006, Page(s): 70– 77.
[11]. Lih-Chyau Wuu, Chi-Hsiang Hung, Sout-Fong Chen:Building intrusion detection pattern miner for snort network intrusion detection system [J]. Journal of System and Software, 2007, Volume 30, Issue16, Page(s): 3203-3213.
[12]. PAbhishek Mitra, Walid Najjar, Laxmi Bhuyan: Compiling PCRE to FPGA for accelerating SNORT IDS [C]. Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems, Florida, USA, 2007, Page(s): 127– 136.
[13]. V. Jacobson, C. Leres and S. McCanne: Libcap [EB/OL]. Lawrence Berkeley National Laboratory, http://www-nrg.ee.lbl.gov/, 1994.
[14]. M. M. Sebring, E. Shellhouse, M. E. Hanna: Expert systems in intrusion detections: a case study [C]. In Proceedings of the 11th National Computer Security Conference, Marland, 1998, Page(s): 74-81.
[15]. Wenke Lee, Salvatore J. Stolfo: A framework for constructing features and models for intrusion detection systems[J]. ACM Transactions on Information and System Security (TISSEC), Volume 3, Issue 4, Page(s): 227– 261.
[16]. Debra, Anderson. Thane Frivold. Alfonso Valdes: Next-generation Intrusion Detection Expert System (NIDES) A Summary [R]. Computer Science Laboratory, SRI-CSL-95-07, 1995.
[17]. Mikko T. Siponen, Harri Oinas-Kukkonen: A review of information security issues and respective research contributions [J]. ACM SIGMIS Database, 2007, Volume 38, Issue 1, Page(s): 60– 80.
[18]. Douglas Herbert, Vinaitheerthan Sundaram, Yung-Hsiang Lu, PSaurabh Bagchi. PZhiyuan Li: Adaptive correctness monitoring for wireless sensor networks using hierarchical distributed run-time invariant checking [J]. ACM Transactions on Autonomous and Adaptive Systems (TAAS), 2007, Volume 2, Issue 3, Page(s): 8-20.
[19]. Chinyang Henry Tseng, Shiau-Huey Wang, Karl Levitt: DRETA: distributed routing evidence tracing and authentication intrusion detection model for MANET [C]. Proceedings of the 2nd ACM symposium on Information, computer and communications security, Singapore, 2007, Page(s): 395– 397.
[20]. Jiantao Kong, Karsten Schwan, Min Lee, Mustaque Ahamad: Protectit: trusted distributed services operating on sensitive data. ACM SIGOPS Operating Systems Review, 2008, Volume 42, Issue 4: 137– 147.
[21]. Scott A. Wallace, S-assess: a library for behavioral self-assessment [C]. Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems, Netherlands, 2005, Page(s): 256– 263.
[22]. K .llgun: USTAT: a real-time intrusion detection system for UNIX [C]. In Proc. of the 1993 IEEE Symposium on Security and Privacy, Oakland, California, 1993, Page(s): 16-28.
[23]. S. Kumar: Classification and detection of computer intrusion [D]. West Lafayette: Purdue University,. 1995.
[24]. S. Kumar and E. H. Spafford: An application of pattern matching in intrusion detection[R]. West Lafayette: Departmenyt of Computer Sciences, Purde University, 1994.
[25]. J. Habra, B. L. Charlier, A. Mounji: ASAX: Software architecture and rule-based language ofr universal audit trail analysis[C]. Computer Security-Proceedings of ESORICS 1992, Toulouse, France, 1992, Volume: 648, Page (s): 435-450.
[26]. J. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff: architecture for intrusion detection using autonomous agents[R]. West Lafayette: Deptartment of Computer Sciences, Purde University, 1998.
[27]. J. Hochberg, K. Jackson, C. Stalings: NADIR: an automated system for detecting network intrusion and misuse [J]. Computer Security, 1993, Volume: 12, Issue: 3, Page(s): 235-248.
[28]. S. E. Smaha: Haystack: an intrusion detection system[C]. In Proceedings of the IEEE 4th Aerospace Computer Security Applications Conference, FL USA, 1998: 553-569.
[29]. L. Lankewicz and M.Benard: A Nonparametric Pattern Recognition Approach to Intrusion Detection[R]. Tulane: Tulane University Department of Computer Science, October 1990.
[30]. H. S. Vaccaro and G. E. Liepins: Detection of anomalous computer session activity[C]. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, Oakland, California, 1989, Page (s): 280-289.
[31]. Teng, H. S., Chen, K., Lu, S. C: Security audit trail analysis using inductively generated predictive rules[C]. In Proceedings of the 6th Conference on Artificial Intelligence Applications, LA USA, 1990, Page (s): 24-29.
[32]. T. Heberlein, G. Dias, K. Levitt: A network security monitor[C]. In Proc. of the 1990 IEEE Symposium on Research in Security and Privacy, CA USA, 1990, Page (s):296-304.
[33]. Levente Buttyan, Jean-Pierre Hubaux: Report on a working session on security in wireless ad hoc networks [J]. ACM SIGMOBILE Mobile Computing and Communications Review, 2003, Volume 7, Issue 1, Page(s): 74-94.
[34]. Qunwei Zheng, Xiaoyan Hong, Sibabrata Ray: Recent advances in mobility modeling for mobile ad hoc network research [C]. Proceedings of the 42nd annual Southeast regional conference, Alabama, 2004, Page(s): 70-75.
[35]. Joao B. D. Cabrera, Lundy Lewis, Raman K. Mehra: Detection and classification of intrusions and faults using sequences of system calls [J]. ACM SIGMOD Record, 2001, Volume 30, Issue 4, Page(s): 25-34.
[36]. Haoyu Song, John W. Lockwood: Efficient packet classification for network intrusion detection using FPGA [C]. Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays, California, USA, 2005, Page(s): 238– 245.
[37]. Karthik Lakshminarayanan, Anand Rangarajan, Srinivasan Venkatachary: Algorithms for advanced packet classification with ternary CAMs [J]. ACM SIGCOMM Computer Communication Review, 2005, Volume 35, Issue 4, Page(s): 193-204.
[38]. Nigel Williams, Sebastian Zander, Grenville Armitage: A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification [J]. ACM SIGCOMM Computer Communication Review, 2006, Volume 36, Issue 5, Page(s): 5-16.
[39]. PFabrizio Angiulli, PGianluigi Greco, PLuigi Palopoli: Outlier detection by logic programming [J]. ACM Transactions on Computational Logic, 2007, Volume 9, Issue 1, Page(s): 7-13.
[40]. Kenji Yamanishi, Jun-Ichi Takeuchi, Graham Williams, Peter Milne: On-line unsupervisedoutlier detection using finite mixtures with discounting learning algorithms [C]. Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining, Massachusetts, United States, 2000, Page(s): 320– 324.
[41]. Ying Liu, Alan P. Sprague, Elliot Lefkowtz: Network flow for outlier detection [C]. Proceedings of the 42nd annual Southeast regional conference, Alabama, 2004, Page(s): 402– 103.
[42]. Yucel Saygin, Vassilos S. Verykios, Chris Cliffton: Using unknowns to prevent discovery of association rules [J]. ACM SIGMOD Record, Special section on data mining for intrusion detection and threat analysis, 2001, Volume 30, Issue 4, Page(s): 45-54.
[43]. Yucel Saygin, Vassilos S. Verykios, Chris Cliffton: Using unknowns to prevent discovery of association rules [J]. ACM SIGMOD Record, Special section on data mining for intrusion detection and threat analysis, 2001, Volume 30, Issue 4, Page(s): 45-54.
[44]. V. N. Vapnik, S. Golowich, A. Smola: Support Vector method for function approximation regression and signal processing [C]. Advances in Neural Information Processing Systems 9, Cmbridge, 1997, Page(s): 281-287.
[45]. Akiko Takedaa, Takafumi Kanamorib: A robust approach based on conditional value-at-risk measure to statistical learning problems [J]. European Journal of Operational Research, 2009, Volume 198, Issue 1, Pages: 287-296.
[46]. Stefan Lessmann, Ming-Chien Sung, Johnnie E.V. Johnson: Identifying winners of competitive events: A SVM-based classification model for horserace prediction [J]. European Journal of Operational Research, 2009, Volume 196, Issue 2, Pages: 569-577.
[47]. Pawan Lingras, Cory Butz: Rough set based 1-v-1 and 1-v-r approaches to support vector machine multi-classification [J]. Information Sciences, 2007, Volume 177, Issue 18, Pages: 3782-3798.
[48]. V. Zorkadis, D.A. Karras, M. Panayotou: Efficient information theoretic strategies for classifier combination, feature extraction and performance evaluation in improving false positives and false negatives for spam e-mail filtering [J]. Neural Networks, 2005, Volume 18, Issues 5-6, Pages: 799-807.
[49]. Roung-Shiunn Wu, Wen-Hsin Chung: Ensemble one-class support vector machines for content-based image retrieval [J]. Expert Systems with Applications, 2009, Volume 36, Issue 3, Pages: 4451-4459.
[50]. Kemal Pola, Salih Güne?: A novel hybrid intelligent method based on C4.5 decision tree classifier and one-against-all approach for multi-class classification problems [J]. Expert Systems with Applications, 2009, Volume 36, Issue 2, Pages: 1587-1592.
[51]. Piotr Juszczak, David M.J. Tax, El?bieta Pe?kalska, Robert P.W. Duin: Minimum spanning tree based one-class classifier [J]. Neurocomputing, 2009, Volume 72, Issues 7-9, Pages: 1859-1869.
[52]. Pei-Yi Hao: Fuzzy one-class support vector machines [J]. Fuzzy Sets and Systems, Volume 159, Issue 18, 16 September 2008, Pages: 2317-2336.
[53]. Manuele Bicego, Mario A.T. Figueiredo: Soft clustering using weighted one-class support vector machines [J]. Pattern Recognition, Volume 42, Issue 1, January 2009, Pages: 27-32.
[54]. Kwang-Kyu Seo: An application of one-class support vector machines in content-based image retrieval [J]. Expert Systems with Applications, Volume 33, Issue 2, August 2007, Pages: 491-498.
[55]. Babak Mohammadzadeh Asl, Seyed Kamaledin Setarehdan, Maryam Mohebbi: Support vector machine-based arrhythmia classification using reduced features of heart rate variability signal [J]. Artificial Intelligence in Medicine, Volume 44, Issue 1, September 2008, Pages: 51-64.
[56]. M. Arun Kumar, M. Gopal: Least squares twin support vector machines for pattern classification [J]. Expert Systems with Applications, Volume 36, Issue 4, May 2009, Pages: 7535-7543.
[57]. Ahmet Baylar, Davut Hanbay, Murat Batan: Application of least square support vector machines in the prediction of aeration performance of plunging overfall jets from weirs [J]. Expert Systems with Applications, Volume 36, Issue 4, May 2009, Pages: 8368-8374.
[58]. Davut Hanbay, Ahmet Baylar, Murat Batan: Prediction of aeration efficiency on stepped cascades by using least square support vector machines [J]. Expert Systems with Applications, Volume 36, Issue 3, Part 1, April 2009, Pages: 4248-4252.
[59]. Wen Wen, Zhifeng Hao, Xiaowei Yang: A heuristic weight-setting strategy and iteratively updating algorithm for weighted least-squares support vector regression [J]. Neurocomputing, Volume 71, Issues 16-18, October 2008, Pages: 3096-3103.
[60]. Jooyong Shim, Insuk Sohn, Sujong Kim, Jae Won Lee, Paul E. Green, Changha Hwang: Selecting marker genes for cancer classification using supervised weighted kernel clustering and the support vector machine [J]. Computational Statistics & Data Analysis, 15 March 2009, Volume 53, Issue 5, Pages: 1736-1742.
[61]. Wen Wen, Zhifeng Hao, Xiaowei Yang: A heuristic weight-setting strategy and iteratively updating algorithm for weighted least-squares support vector regression [J]. Neurocomputing, October 2008, Volume 71, Issues 16-18, Pages: 3096-3103.
[62]. Jinfu Liu, Qinghua Hu, Daren Yu: A weighted rough set based method developed for class imbalance learning [J]. Information Sciences, 15 February 2008, Volume 178, Issue 4, Pages: 1235-1256.
[63]. Wen Yu, Xiaoou Li: Online fuzzy modeling with structure and parameter learning [J]. Expert Systems with Applications, Volume 36, Issue 4, May 2009, Pages: 7484-7492.
[64]. H. G. Chew, D. J. Crisp, R. E. bogner: Target Detection in Radar Imagery using Support Vector Machines with Training Size Biasing [C]. In Proc. Of the Sixth InternationalConference on Control, Automation, Robotics and Vision, Singapore. 2000: 1867-1874.
[65]. H. G. Chew, D. J. Crisp, R. E. bogner: Dual nu-Support Vector Machine with Error Rate and Training Size Biasing [C]. In Proc. Of 26 International Conference on Acousitics Speed and Signal Processing, USA, 2001, Pages: 1269-1272.
[66]. C. Domeniconi, D. Gunopulos: Incremental support vector machine construction [C]. Proceedings of IEEE international conference on data mining, USA, 2001, Pages: 589-592.
[67]. F.Glenn, O. L. Mangasarian: Incremental support vector machine classification [R]. Data Mining Institute Technical Report, 2001.
[68]. E. Osuna, R. Freund, F. Girosi: Training support vector machines: an application to face detection [C]. In proceedings of CVPR 1997, NY USA, 1997, Pages: 130-136.
[69]. T. Joachimes: Transductive inference for text classification using support vector machines [C]. In proceeding of the 16th international conference on machine learning, Kaufmanm, 1999, Pages: 148-159.
[70]. P. Laskov: Feasible direction decomposition algorithm for training support vector machines [J]. Machine Learning, 2002, Volume 46, Issue 1, Pages: 315-349.
[71]. C. W. Hsu, C. J. Lin: A comparison of methods for muti-class support vector machines [J]. IEEE Transactions on Neural Networks, 2002, Volume 13(2002), Pages: 415-425.
[72]. C. J. Lin: On the convergence of the decomposition method for support vector machines [J]. IEEE Transaction on Neural Network, 2001, Volume 12, Pages: 1288-1298.
[73]. N. E. Ayat, M. Cheriet, L. Remaki: KMOD-a new support vector machine kernel with moderate decreasing for pattern recognition, application to digital image recognition [C]. In proceeding of sixth international cofernece on document analysis and recognition, Seattle, USE, 2001, Pages: 1215-1211.
[74]. O. Chaplle, V. Vapnik, O. Bousquet: Choosing multiple parameters for support vector machines [J]. Machine learning, 2002, Volume 46, Issue 1-3, Pages: 131-159.
[75]. D. J. Sebald, J. A. Bucklew: support vector machines and the multiple hypothesis test problem [J]. IEEE Transaction Signal Processing, 2001, Volume 49, Issue 11, Pages: 2865-2872.
[76]. T. G. Dietterich, G. Bakiri: Solving multi-class learning problem via error-correcting output codes [J]. Journal of artificial intelligence research, 1995, Volume 2, Issue 1, Pages: 263-286.
[77]. M. R. Sadjadi, S. A. Zekavat: Cloud classification using support vector machine [C]. In Processing of the 2000 IEEE Geoscience and Romote Sensing Syposium, Honolulu Hawaii, 2000, Volume 2, Pages: 669-671.
[78]. J.H. Holland: Adaptation in Natural and Artifical Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence [M]. The MIT Press/A Bradford Book, Cambridge, MA, 1992. 1st ed.: University of Michigan Press, Ann Arbor, MI, 1975.
[79]. Blas Payri: Knowledge base improvement through genetic algorithms [J]. Information Sciences, March 1999, Volume 114, Issues 1-4, Pages 63-79.
[80]. Victoria Booth: A genetic algorithm study on the influence of dendritic plateau potentials on bistable spiking in motoneurons [J]. Neurocomputing, June 1999, Volumes 26-27, Pages 69-78.
[81]. J.A. Lozano, P. Larra?aga: Applying genetic algorithms to search for the best hierarchical clustering of a dataset [J]. Pattern Recognition Letters, 20 September 1999, Volume 20, Issue 9, Pages 911-918.
[82]. Motohide Yoshimura, Shunichiro Oe: Evolutionary segmentation of texture image using genetic algorithms towards automatic decision of optimum number of segmentation areas [J]. Pattern Recognition, December 1999, Volume 32, Issue 12, Pages 2041-2054.
[83]. Hong Zhou, Waiman Cheung, Lawrence C. Leung: Minimizing weighted tardiness of job-shop scheduling using a hybrid genetic algorithm [J]. European Journal of Operational Research, 1 May 2009, Volume 194, Issue 3, Pages: 637-649.
[84]. P. Borisovsky, A. Dolgui, A. Eremeev: Genetic algorithms for a supply management problem: MIP-recombination vs greedy decoder [J]. European Journal of Operational Research, 16 June 2009, Volume 195, Issue 3, Pages 770-779.
[85]. Lin-Yu Tseng, Ya-Tai Lin: A hybrid genetic local search algorithm for the permutation flowshop scheduling problem [J]. European Journal of Operational Research, 1 October 2009, Volume 198, Issue 1, Pages: 84-92.
[86]. Bchira Ben Mabrouk, Hamadi Hasni, Zaher Mahjoub: On a parallel genetic–tabu search based algorithm for solving the graph colouring problem [J]. European Journal of Operational Research, 16 September 2009, Volume 197, Issue 3, Pages: 1192-1201.
[87]. Karthik Sourirajan, Leyla Ozsen, Reha Uzsoy:A genetic algorithm for a single product network design model with lead time and safety stock considerations [J]. European Journal of Operational Research, 1 September 2009, Volume 197, Issue 2, Pages: 599-608.
[88]. Yi Zhang, Xiaoping Li, Qian Wang: Hybrid genetic algorithm for permutation flowshop scheduling problems with total flowtime minimization [J]. European Journal of Operational Research, 1 August 2009, Volume 196, Issue 3, Pages: 869-876.
[89]. A. Georgieva, I. Jordanov: Global optimization based on novel heuristics, low-discrepancy sequences and genetic algorithms [J]. European Journal of Operational Research, 16 July 2009, Volume 196, Issue 2, Pages: 413-422.
[90]. ?hsan Kaya: A genetic algorithm approach to determine the sample size for control charts with variables and attributes [J]. Expert Systems with Applications, July 2009, Volume 36, Issue 5, Pages: 8719-8734.
[91]. Wei Song, Cheng Hua Li, Soon Cheol Park: Genetic algorithm for text clustering using ontology and evaluating the validity of various semantic similarity measures [J]. Expert Systems with Applications, July 2009, Volume 36, Issue 5, Pages: 9095-9104.
[92]. Tapas Kanungo, David M. Mount, Nathan S. Netanyahu, Christine D. Piako, Ruth Silverman,Angela Y. Wu: A local search approximation algorithm for k-means clustering [C]. Proceedings of the eighteenth annual symposium on Computational geometry, Barcelona, Spain, 2002, Pages: 10– 18.
[93]. PYi Lu, PShiyong Lu, PFarshad Fotouhi, PYouping Deng, Susan J. Brown: FGKA : a Fast Genetic K-means Clustering Algorithm [C]. Proceedings of the 2004 ACM symposium on Applied computing, Nicosia, Cyprus, 2004, Pages: 622– 623.
[94]. Marina Meila: The uniqueness of a good optimum for K-means [C]. Proceedings of the 23rd international conference on Machine learning, Pittsburgh, Pennsylvania, 2006, Pages: 625– 632.
[95]. Hae-Sang Park, Chi-Hyuck Jun: A simple and fast algorithm for K-medoids clustering [J]. Expert Systems with Applications, March 2009, Volume 36, Issue 2, Part 2, Pages 3336-3341.
[96]. A. J. Bagnall, G. J. Janacek: Clustering time series from ARMA models with clipped data [C]. Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data, WA, USA, 2004, Pages: 49– 58.
[97]. Yannis Kopsinis, Sergios Theodoridis: A novel cluster based MLSE equalizer for M-PAM signaling schemes [J]. Signal Processing, September 2003, Volume 83, Issue 9, Pages 1905-1918.
[98]. Ameer Ahmed Abbasi, Mohamed Younis: A survey on clustering algorithms for wireless sensor networks [J]. Computer Communications, 15 October 2007, Volume 30, Issues 14-15, Pages 2826-2841.
[99]. Elisa Bertino, Amani A. Saad, M.A. Ismail: Clustering techniques in object bases: A survey [J]. Data & Knowledge Engineering, May 1994, Volume 12, Issue 3, Pages: 255-275.
[100]. R.Ng, J.Han: Efficient and effective clustering method for spatial data mining [C]. Proceedings of the International Conference on Very Large Data Bases (VLDB’94), San Fransisco, Morgan, 1994, Pages: 144-155.
[101]. Chih-Ping Wei, Yen-Hsien Lee, Che-Ming Hsu: Empirical comparison of fast partitioning-based clustering algorithms for large data sets [J]. Expert Systems with Applications, May 2003, Volume 24, Issue 4, Pages: 351-363.
[102]. Sandra Duni Ek?io?lu: A primal–dual algorithm for the economic lot-sizing problem with multi-mode replenishment [J]. European Journal of Operational Research, 16 August 2009, Volume 197, Issue 1, Pages: 93-101.
[103]. Huang Zhe-xue: Extensions to the k-means algorithms for clustering large data sets with categorical values [J]. Data Mining and Knowledge Discovery, 1998, Volume:2, Issue:3, Pages:283-304.
[104]. Huang Zhang: Clustering large data sets with mixed numeric and categorical values [C]. Proceedings of The First Pacific-Asia Conference on Knowledge Discovery and Data Mining, Singapore, 1997, Pages: 21-34.
[105]. J.Dunn: A Fuzzy Relative of the ISO data Process and its Use in Detecting Compact Well-Separated Clusters [J]. Journal of Cybernetics, 1973, Volume3, Issue3, Pages: 32-57.
[106]. J.Bezdek, R.Hathaway: Recent Convergence Results for the Fuzzy c-Means Clustering Algorithms [J]. Journal of Classification, 1988, Volume:5, Issue: 2, Pages:237-247.
[107]. Raghu Krishnapuram, James M.Keller: A Possibilistic Approach to Clustering [J] IEEE Transactions on Fuzzy Systems, 1993, Volume1, Issue 2, Pages: 98-109.
[108]. Raghu Krishnapuram, James M.Keller: The Possibilistic c-Means Algorithm: Insights and Recommendations [J]. IEEE Transactions on Fuzzy Systems, 1996, Volume 4, Issue3, Pages: 385-393.
[109]. Rajech N. Dave, Raghu Krishnapuram: Robust Clustering Methods: A Unified View [J]. IEEE Transactions on Fuzzy Systems, 1997, Volume 5, Issue2, Pages: 270-293.
[110]. T.Zhang, R.Ramakrishnan, M.Livny: BIRCH:An efficient data clustering method for very large databases[J]. ACM SIGMOD Record, June 1996, Volume25, Issue 2, Pages: 103-114.
[111]. Guillermo R. Labadie, Guillermina L. Estiú, Raquel M. Cravero, Manuel Gonzalez Sierra: Decomposition mechanism of Birch alkylation products ofα-tetralones [J]. Journal of Molecular Structure: THEOCHEM, 18 September 2003, Volume 635, Issues 1-3, Pages: 173-182.
[112]. J P Syst. Builder: Approaching expert systems [J]. Knowledge-Based Systems, December 1989, Volume 2, Issue 4, Page: 260.
[113]. D.K. Tasoulis, M.N. Vrahatis: Unsupervised clustering on dynamic databases [J]. Pattern Recognition Letters, 1 October 2005, Volume 26, Issue 13, Pages: 2116-2127.
[114]. Eden W.M. Ma, Tommy W. S. Chow: A new shifting grid clustering algorithm [J]. Pattern Recognition, March 2004, Volume 37, Issue 3, Pages: 503-514.
[115]. Manoranjan Dash, Huan Liu, Peter Scheuermann, Kian Lee Tan: Fast hierarchical clustering and its validation [J]. Data & Knowledge Engineering, January 2003, Volume 44, Issue 1, Pages: 109-138.
[116]. S. Guha, R. Rastogi, K. Shim: CURE: An efficient clustering algorithm for large databases [J]. Proceedings of the 1998 ACM SIGMOD international conference on Management of data, New York, NY, USA, 1998, Pages: 73-84.
[117]. Chung-Chian Hsu, Chin-Long Chen, Yu-Wei Su: Hierarchical clustering of mixed data based on distance hierarchy [J]. Information Sciences, 15 October 2007, Volume 177, Issue 20, Pages: 4474-4492.
[118]. Sudipto Guha, Rajeev Rastogi, Kyuseok Shim: Rock: A robust clustering algorithm for categorical attributes [J]. Information Systems, July 2000, Volume 25, Issue 5, Pages: 345-366.
[119]. S. Guha, R. Rastogi, K.Shim.Rock: A robust clustering algorithm for categorical attributes [J]. Proceedings of the 15th International Conference on Data Engineering, Washington, DC, USA,1999, Pages: 512-521.
[120]. Cheng-Fa Tsai, Chun-Wei Tsai, Han-Chang Wu, Tzer Yang: ACODF: a novel data clustering approach for data mining in large databases [J]. Journal of Systems and Software, September 2004, Volume 73, Issue 1, Pages: 133-145.
[121]. Jinwook Seo, Ben Shneiderman: Interactively Exploring Hierarchical Clustering Results [M]. The Craft of Information Visualization, 2003, Pages 334-340.
[122]. G.cKarypis,cE.-H.cHan, V. Kumar: CHAMELEON:A Hierarchical Clustering Algorithm Using Dynamic Modeling [J]. IEEE Trans. on Computer, 1999, Volume 32, Issue8, Pages: 68-75.
[123]. Derya Birant, Alp Kut: ST-DBSCAN: An algorithm for clustering spatial–temporal data [J]. Data & Knowledge Engineering, January 2007, Volume 60, Issue 1, Pages: 208-221.
[124]. Massimo Coppola, Marco Vanneschi: High-performance data mining with skeleton-based structured parallel programming [J]. Parallel Computing, May 2002, Volume 28, Issue 5, Pages: 793-813.
[125]. M. Ester, H.-P. Kriegel, J. Sander, X. Xu; A density-based algorithm for discovering clusters in large spatial databases [C]. Proc. of the 2nd Int'l Conf. on Knowledge Discovery and Data Mining (KDD'96), Portlands, 1996, Pages: 226-231.
[126]. Toshiaki Suhara: Diffractive and Defractive Micro-optics [M]. Comprehensive Microsystems, 2008, Chapter 3.02, Pages: 65-99.
[127]. Gleb V. Nosovskiy, Dongquan Liu, Olga Sourina: Automatic clustering and boundary detection algorithm based on adaptive influence function [J]. Pattern Recognition, September 2008, Volume 41, Issue 9, Pages: 2757-2776.
[128]. Sergios Theodoridis, Konstantinos Koutroumbas: Clustering Algorithms I: Sequential Algorithms [M]. Pattern Recognition (Third Edition), 2006, Pages: 517-540.
[129]. M. Ankerst: OPTICS: Ordering Points to Identify Clustering Structure [J]. Proceedings of the ACM SIGMOD Conference on Management of Data, Philadelphia, 1999, Pages: 49-60.
[130]. Joachim Gudmundsson, Marc van Kreveld, Giri Narasimhan: Region-restricted clustering for geographic data mining [J]. Computational Geometry, April 2009, Volume 42, Issue 3, Pages: 231-240.
[131]. Noha A. Yousri, Mohamed S. Kamel, Mohamed A. Ismail: A distance-relatedness dynamic model for clustering high dimensional data of arbitrary shapes and densities [J]. Pattern Recognition, July 2009, Volume 42, Issue 7, Pages: 1193-1209.
[132]. Lian Duan, Lida Xu, Feng Guo, Jun Lee, Baopin Yan: A local-density based spatial clustering algorithm with noise [J]. Information Systems, November 2007, Volume 32, Issue 7, Pages: 978-986.
[133]. A. Hinneburg, D. Keim: An efficient approach to clustering large multimedia database with noise [J]. Proceedings of the 4th ACM SIGKDD on Knowledge Discovery and Data Mining,NY, 1998, Pages: 58-65.
[134]. Robert Moskovitch, Yuval Elovici, Lior Rokach: Detection of unknown computer worms based on behavioral classification of the host [J]. Computational Statistics & Data Analysis, 15 May 2008, Volume 52, Issue 9, Pages: 4544-4566.
[135]. Andrew Hay, Daniel Cid Creator of OSSEC, Rory Bary, Stephen Northcutt: Rootkit Detection Using Host-based IDS [M]. OSSEC Host-Based Intrusion Detection Guide, 2008, Pages: 275-280.
[136]. Mohsen A. Jafari, Jiachen Liu, Davood Golmohammadi: Network flow formulation of optimal perimeter sensory coverage problem [J]. European Journal of Operational Research, 16 August 2009, Volume 197, Issue 1, Pages: 77-83.
[137]. P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, E. Vázquez: Anomaly-based network intrusion detection: Techniques, systems and challenges [J]. Computers & Security, February-March 2009, Volume 28, Issues 1-2, Pages: 18-28.
[138]. Haidar Safa, Mohamad Chouman, Hassan Artail, Marcel Karam: A collaborative defense mechanism against SYN flooding attacks in IP networks [J]. Journal of Network and Computer Applications, November 2008, Volume 31, Issue 4, Pages: 509-534.
[139]. Ajith Abraham, Ravi Jain, Johnson Thomas, Sang Yong Han: D-SCIDS: Distributed soft computing intrusion detection system [J]. Journal of Network and Computer Applications, January 2007, Volume 30, Issue 1, Pages: 81-98.
[140]. Hassan Artail, Haidar Safa, Malek Sraj, Iyad Kuwatly, Zaid Al-Masri: A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks [J]. Computers & Security, June 2006, Volume 25, Issue 4, Pages: 274-288.
[141]. Muninder P. Kailay, Peter Jarratt: RAMeX: a prototype expert system for computer security risk analysis and management [J]. Computers & Security, 1995, Volume 14, Issue 5, Pages: 449-463.
[142]. Theuns Verwoerd, Ray Hunt,Intrusion detection techniques and approaches [J]. Computer Communications, 15 September 2002, Volume 25, Issue 15, Pages: 1356-1365.
[143]. Jyh-Win Huang, Ting-Wei Hou: A controllable and accountable state-oriented Card-Aided Firewall [J]. Computer Standards & Interfaces, January 2009, Volume 31, Issue 1, Pages: 66-76.
[144]. Bojan Babic, Nenad Nesic, Zoran Miljkovic:A review of automated feature recognition with rule-based pattern recognition [J]. Computers in Industry, April 2008, Volume 59, Issue 4, Pages: 321-337.
[145]. Xiao-Bai Li: A scalable decision tree system and its application in pattern recognition and intrusion detection [J]. Decision Support Systems, November 2005, Volume 41, Issue 1, Pages: 112-130.
[146]. M. Dusi, M. Crotti, F. Gringoli, L. Salgarelli: Tunnel Hunter: Detecting application-layertunnels with statistical fingerprinting [J]. Computer Networks, 16 January 2009, Volume 53, Issue 1, Pages: 81-97.
[147]. Oliver Stehling, Alex D. Sheftel, Roland Lill: Chapter 12 twelve Controlled Expression of Iron-Sulfur Cluster Assembly Components for Respiratory Chain Complexes in Mammalian Cells [J]. Methods in Enzymology, 2009, Volume 456, Pages: 209-231.
[148]. Taeshik Shon, Jongsub Moon: A hybrid machine learning approach to network anomaly detection [J]. Information Sciences, 15 September 2007, Volume 177, Issue 18, Pages: 3799-3821.
[149]. Eric Bloedorn, Inderjeet Mani: Using NLP for machine learning of user profiles [J]. Intelligent Data Analysis, 1998, Volume 2, Issues 1-4, Pages: 3-18.
[150]. Reza Sadoddin, Ali A. Ghorbani: An incremental frequent structure mining framework for real-time alert correlation [J]. Computers & Security, May-June 2009, Volume 28, Issues 3-4, Pages: 153-173.
[151]. K.C. Tan, E.J. Teoh, Q. Yu, K.C. Goh: A hybrid evolutionary algorithm for attribute selection in data mining [J]. Expert Systems with Applications, May 2009, Volume 36, Issue 4, Pages: 8616-8630.
[152]. Guangli Nie, Lingling Zhang, Ying Liu, Xiuyu Zheng, Yong Shi: Decision analysis of data mining project based on Bayesian risk [J]. Expert Systems with Applications, April 2009, Volume 36, Issue 3, Part 1, Pages: 4589-4594.
[153]. F. Masseglia, P. Poncelet, M. Teisseire: Efficient mining of sequential patterns with time constraints: Reducing the combinations [J]. Expert Systems with Applications, March 2009, Volume 36, Issue 2, Part 2, Pages: 2677-2690.
[154]. Kumar: G-tree: a new data structure for organizing multidimensional data [J]. IEEE Trans. Knowledge Data Eng, 1994, Volume: 6, Issue:2, Pages:341–347.
[155]. Kaufman, L., Rousseeuw: Finding Groups in Data: An Introduction to Cluster Analysis [M]. John Wiley & Sons, 1990.
[156]. Ester, Kriegel, Xu.: Knowledge discovery in largespatial databases: focusing techniques for efficient class identification [C]. In: Proc. the Fourth Int’l Symp. on Large Spatial Databases, 1995, Pages: 67-82.
[157]. Jim Z.C. Lai, Yi-Ching Laiw: Improvement of the k-means clustering filtering algorithm [J]. Pattern Recognition, 2008, volume41, issue 12, Pages: 3677-3681.
[158]. Yung-Cheng Ma, Tien-Fu Chen, Chung-Ping Chung: Branch-and-bound task allocation with task clustering-based pruning [J]. Journal of Parallel and Distributed Computing, 2004, volume 61, issue 11, Pages: 1223-1240.
[159]. Kalle Burbeck, Simmin Nadjim-Tehrani. Adaptive real-time anomaly detection with incremental clustering [J]. Information Security Technical Report, 2007, Volume 12, Issue 1, Pages: 56-67.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |