网络安全态势评估与趋势感知的分析研究

详细信息    本馆镜像全文|  推荐本文 |  |   获取CNKI官网全文

英文题名：Analisys of Security Situational Awareness of Cyberspace 作者：萧海东 论文级别：博士 学科专业名称：通信与信息系统 中文关键词：网络安全 ; 层次分析 ; 态势 ; 神经网络 ; 模糊推理 ; 知识库 ; 网格 英文关键词：cyberspace security ; AHP ; situational awareness ; ANN ; FR ; knowledge base ; grid 学位年度：2007 导师：李建华 学科代码：081001 学位授予单位：上海交通大学 论文提交日期：2007-10-01

摘要

二十世纪末,“信息革命”引发了全球范围的深刻变革。随着电脑和互联网的广泛应用,使得网络安全问题逐渐开始显现的重要起来。当计算机通过Internet联接到一起时,信息安全的内涵也就发生了根本的变化。它不仅从一般性的防卫变成了一种普便的防范,而且还从一种专门的领域扩展到无处不在。为了从总体上认知网络安全的动态变化,同时也为了适应对网络安全研究更高的实际需求,网络安全态势研究逐渐成为了网络安全领域的研究热点之一。
     本文描述了网络安全态势评估体系模型,对于相应的评估方法做了研究:首先从态势数值计算方面分析了以AHP算法为代表的典型数值态势计算算法,这种算法最早是由美国运筹学家T.L.Satty提出的,是一种定性与定量分析相结合的多目标决策分析方法论。吸收利用了行为科学的特点,将决策者的经验判断给予量化,对于目标(因素)结构复杂而且缺乏必要的数据情况下,采用此方法较为实用,是系统科学中常用的一种系统分析方法,利用这种系统分析的工具,结合网络中的主机服务、主机、子网、全网等各个层次划分,科学地计算出态势评估体系中的各种权重,指数。这种算法的优势在于可以将安全态势信息从底层逐级汇聚上来,并在汇聚算法中将权重因素融入到安全态势值中,对应的安全态势评估体系明晰,符合BS7799态势评估体系的要求。
     随着研究问题复杂程度的不断提高,权重数学模型的计算量变得越来越大。尤其在大规模网络安全威胁爆发时,由于感染节点的高频度、大流量的集中扫描和探测,迅速导致各层网络设备的性能和有效带宽的急剧下降,成为复杂的网络环境的安全问题。这时,AHP算法在态势分析的实时性上就受到很大影响,同时,AHP算法无法解决全网未来态势的预测问题。为了进一步完善网络态势计算模型,我们引用了另外一个强大的工具:人工神经网络,来完善态势评估体系。由于人工神经网络模型具有高度的容错性、联想性和自组织、自学习能力,且对复杂系统具有强大的非线性映射和泛化功能,因此,我们将其应用在解决态势权重问题方面。这种方法的优势在于:首先,这种方法不需要任何数值算法来建立模型,它仅仅利用网络安全态势样本数据学习就可以建立输入和输出的黑箱关系,不需要像普通数学模型那样需要描述现实系统的数量关系和空间分布形式。其次,这种方法快捷方便,只要训练数据齐备,即使复杂的网络也能很快地分析,还可以根据初始条件的变化动态地输出结果。第三,这种方法固有的非线性数据结构和计算过程使得它非常适于处理非线性映射关系。第四,我们将安全态势数值信息分布存储,存储和处理合二为一、容错性好,在这种数据存贮结构下,错误的输入可被剔除或减小。不同于以往的数值计算方式,这种智能技术的引入使安全态势的分析更加贴近于人类智能,通过构建态势权重分析神经元,并通过简单神经元的广泛互连形成复杂的非线性态势评估系统,使之具备了更为优良的特性,使大规模网络态势的分布式并行处理和自适应学习成为可能,并在很大程度上提高了系统的鲁棒容错性。
     网络安全发展趋势感知主要是通过分析近期网络攻击数据,利用多种预测方法对系统未来可能发生的攻击概率进行预测。在文中,我们设计了一个适配过滤器来预测态势发展的趋势,并构造出相应的神经网络:当历史安全态势数据流经这个神经网络系统时,下一个安全态势值将被预测出来。事实上,态势值随着时间非线性的变化着:其趋势被拟合为网络态势状态函数,它可以从系统延时线分流处进入态势预测系统,较早和更早的两个态势数据则可以从延时线的后面直接引入。每次神经网络的适配器将做出权重相应的调整以使误差达到最小,误差将从模型右侧引出并作为权重调整激励。当误差趋于零时,预测数据将与实际数据相似,此模型也就达到了预测的目的。
     随着网络环境的进一步复杂化,尤其是在未来的大规模网络环境中,安全态势的研究内容也将考虑更多的因素。按照预先训练好的态势分析模型和网络安全信息的输入来动态地分析网络安全态势的变化,从而形成理解网络安全数据的一个抽象级。进一步说,通过基于模糊推理的态势预测,可以对未来可能的网络安全态势发展进行观测。而这些结果集可以形成一个新的层次的观测空间,同时也更进一步的丰富了趋势感知模型的训练集。下一代网络中,尤其在网格的应用中,安全态势的研究也是一个重要的发展方向。开展这方面的研究的目的在于建立网络态势感知系统,将为全网安全的决策人员了解网络态势,迅速作出反应提供决策支持和指挥控制。这里,我们具体针对网格安全技术做了探索。研究网格节点处的安全态势状况,均衡整个网格的计算负载,制定良好的分布式计算策略,对于提高整个网格系统的计算性能有着重要意义。作为下一代互联网的研究热点,这也是对网格安全研究提出的新要求。文中以网格为研究平台的支撑,并结合知识库对网格安全策略元数据映射作了具体分析,构建了知识空间和参数空间映射的柯西列,证明了安全策略知识空间中知识的唯一性。创建一个有标注的、数字化的、由标准安全体系保护的大型联合资源库,来支持网格实际中的各种应用,这些安全应用是网格安全未来开发的一部分。同时,也是态势扩展研究的重要研究方向。
"Information revolution" led the great changes at the end of 20th century. With widely use of computers and Internet, the securities of networks become more and more important. When all the computers connect together through the Internet, the meaning of information security has an essential change. Not only from normal protection to common defense, but also from special scope to anywhere now. Researches of networks security situation evaluation become a hot spot under these backgrounds, and higher-level requirement to networks security research is presented. In this paper, first, the common model of networks security situational awareness architecture is described, and studies the evaluation method relevantly: from security situation numeric computation, the AHP arithmetic is analysis, which is promoted by T.L.Satty, an operational researcher of American. It is methodology of multi-targets decision-making with unite of determine the nature analysis and quantitative analysis. This arithmetic absorbs the specialty of behavioral sciences, measure the judgment of experience of decision-making, it is a practical arithmetic under the circumstances of target complex configuration and lack the essential data. It is one of powerful method in system science analyzing, and usually is used as a mathematic tool. Using this powerful tool, and considering the level division of the network services, host, subnet, cyberspace, several of weights, values of security situational awareness architecture can be calculated. The advantage of this arithmetic is that can gather the networks security situational information from under stratum level by level, and weight factor is considered in situation value computing in this arithmetic, this security situation evaluation architecture is very perspicuity, and tally with the requirement of BS7799.
     As the research problems become more and more complex, the computing of this math model become even more difficult, when cosmically networks security threats burst out, the pefermance of networks equipments and bandwidth toboggan for the highly frequency scanning and detecting on the infect nodes, the security problems occurs in this more complex networks environment. Performance of real time analyzing of situational awareness is greatly effected too; other disadvantage such as AHP cannot give a solution of situational alert in the future. In order to make this computing model better, a powerful tool is introduced, it is Artificial Neural Network- ANN. For the reason of highly error tolerance, association, auto organize, auto study ability of ANN, and its powerful nonlinear mapping function to complex system, it can be applied to solve the problem of cyberspace security situation weight computing. The predominance as follows: first of all, it doesn’t need any numeric arithmetic to set up the model, only sample data is used, the black box relationship of input and output will be constructed, and doesn’t need to describe the numeric relationship and dimension distribution of real system. Secondly, this method is very swift in construction when the training data is available. The result can output dynamically. Thirdly, its inherent nonlinear data structure and computing process give it ability to process the nonlinear mapping relationship. Finally, the security situation values can be store distributed, combine the store and processing together, error tolerate ability is good in the data store structure, the error can be diminished. not like the numberic computing as before, the introduction of this intelligent technology make the analysis of security situational awareness be more apt to human intelligence, to design the situational weight analysis nerve cell, and form more complicated nonlinear situational evaluation system with nerve cells. this system has adventages, especially in distributed parallel processing and self adapt learning of cosmically cyberspace security situational awareness, this system also improves robustness and tolerance of situational awareness system to a great extent.
     The trend apperceiving of cyberspace security situational awareness is mainly based on analysis of networks attack data, in this paper, an adapting filter is designed to predict the trend of situational awareness, accordingly, the NN is constructed: when security history data passes the model, the next value will be predicted. In fact, the security situational value changed nonlinearly when time lapses. Its trend is described as networks situational function P(t), it enters the model at time delay input, the earlier two situational data can be input into the model directly from delay input. The adaptor changes weights to make the error minimal, and error output used to drive the weight adjusting. When error goes 0, the prediction is done, this is the purpose.
     When the cyberspace become more and more complex, especially in the future cyberspace, more factors should be conceded in situational awareness research content. The variation of cyberspace awareness is dynamically analyzed with pre-trained situational awareness model and network security information which is input. And abstracted level of cyberspace situational awareness meaning is formed. And through the situational awareness prediction based on fuzz reason, the trend of future security situation will be observed. All the result set will form a new observation space, and can make the training set of prediction model richer. In the next generation networks, especially in the grid computing application, research of the cyberspace security situational awareness is an important new direction. The purpose is set up the security situational awareness system, and help decision-maker to comprehend the networks security situation, and support them in decision-making and stage-managing. As a hot spot in NGN, the requirement of grid security analysis is even higher. In this paper, a common grid security model introduced, policy metadata mapping of grid security analysis is based on knowledge database. Describe of security information metadata is very important to grid security, encrypt etc. Any grid infrastructure must combine all the resource under protect of grid security architecture, and create a digital, tagged resource database to support the several of grid application. These security applications are some parts of the grid development. Also are hot spots in later research of cyberspace security situational awareness.

引文

[1] Potter, Bruce. Software and network security. Network Security[J],2004,10:p4-5.
    [2] Matsuura, K Ebato, K. University-industry collaboration networks in the information security field in Japan: Problems and a particular success, Proceedings of IEEE IEMC 2004, p:839-844.
    [3] Bass T. Intrusion systems and multisensor data fusion: Creating cyberspace situational awareness. Communications of the ACM, 2000,43(4)p:99-105.
    [4] Mendez, Hector; Zamai, Eric; Descotes-Genon, Bernard, A methodology to synthesize monitoring laws by using quality, security, ecology, and productivity criteria, Quality Engineering, v 17, n 4, October, 2005, p:663-668.
    [5] Felton, Bob,Cyber security breaches threaten, smarter factories and processes emerge, consulting business booms, and engineering talent base shrinks,Civil Engineering/Siviele Ingenieurswese, v 14, n 1, January, 2006, p:26-28.
    [6] 王慧强,赖积保,朱亮,梁颖,网络态势感知系统研究综述,计算机科学[J],2006,Vol(133) p:5-7.
    [7] 陈秀真, 郑庆华, 管晓宏, 林晨光,层次化网络安全威胁态势量化评估方法,软件学报, vol 17(4) p:885-887.
    [8] Feng DG, Zhang Y, Zhang YQ. Survey of information security risk assessment. Journal of China Institute of Communications, 2004,25(7)p:10-18.
    [9] Guo YJ. Theory and Method of Comprehensive Evaluation. [M] Beijing: Science Press, 2002.
    [10] Y.T. Zhuang, Y. Yang, F. Wu, and Y.H. Pan,Manifold Learning Based Cross-media Retrieval: A Solution to Media Object Complementary Nature, The Journal of VLSI Signal Processing,February 03, 2007.
    [11] Xiao Haidong, Li Jianhua, Semantic Grid Security Solutions Based on Knowledge Base,Advanced International Conference on Telecommunications, Proceeding of IEEEComputer Society.Jan 2006 p:1105-1107.
    [12] BS7799-1:1999 信息安全管理实施细则 BSI,1999.
    [13] Xiao Haidong, Li Jianhua, Arithmetic of Security Data Fusion under High Performance Computing Environment, Proceeding of WSEAS ,sept 2005.
    [14] Jie Tian, Jie Chen, Lihua Dou,Yuhe Zhang,The research of test and evaluation for multisensor data fusion systems,Proceedings of Intelligent Control and Automation, vol.3 June 2002, p:2104-2108.
    [15] R. Rithey and P. Ammann. Using model checking to analyze network vulnerabilities. In Proceedings of 2000 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos USA, May 2000, p:156-165.
    [16] Chenglin Wen, Chuanbo Wen,The multiscale sequential filter with multisensor data fusion,Systems and Control in Aerospace and Astronautics, 2006. ISSCAA 2006.
    [17] O. Sheyner, J. Haines, S. Jha, et al. Automated generation and analysis of attack graphs. In Proceedings of 2002 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Berkeley California USA, May 2002, p:273-284.
    [18] Porras P, Fong M, Valdes A. A mission-impact-based approach to INFOSEC alarm correlation. In: Proc. of the 15th Int'l Symp. on Recent Advances in Intrusion Detection. Zurich, 2002. p:95-114.
    [19] Lawrence DStone. Bayesian Multiple Target Tracking[M].Artech House,1999.
    [20] L Philip.Bogler. Shafer-Dempster Reasoning with applicaton to multisensor target identification system [J].IEEE Trans on System Man and Cybemetic,1987:SMC-17(6)p:968-977.
    [21] R. Ritchey, B. O'Berry, S. Noel. Representing TCP/IP connectivity for topological analysis of network security. In Proceedings of 18th Annual Computer Security Applications Conference, IEEE Computer Society Press, San Diego California USA, Dec 2002, p:25-31.
    [22] 刘怀国,吴陈,d-s 证据理论在多传感器融合中的应用[J]华东船舶工业学报,2001:6,p:20-24.
    [23] Hariri S, Qu GZ, Dharmagadda T, et al. Impact analysis of faults and attacks in large-scale networks. IEEE Security & Privacy, 2003,1(5):p49-54.
    [24] Blyth A. Footprinting for intrusion detection and threat assessment, Information Security Technical Report, 1999,4(3):p43-53.
    [25] S. Jajodia, S. Noel, B. O'Berry. Topological Analysis of Network Attack Vulnerability. In: "Managing Cyber Threats: Issues, Approaches and Challenges", Springer Publisher, 2005.
    [26] Fredrik Valeur, Real-Time Intrusion Detection Alert Correlation. PHD Dissertation, 2006.
    [27] Jian Cao,Chunjie Yang, Yan Yang,A study on the TFN-based AHP model for the evaluation of missile systems performance ,Systems and Control in Aerospace and Astronautics, 2006. ISSCAA 2006. Jan. 2006 p15-17.
    [28] Mustafa, M.A., Al-Bahar, J.F.,Project risk assessment using the analytic hierarchy process ,Engineering Management, IEEE Transactions on,Volume 38, Issue 1, Feb. 1991 p:46 – 52.
    [29] Matsuda, S.,A neural network model for the decision-making process based on AHP,Neural Networks, 2005. IJCNN '05. Proceedings. 2005 IEEE International Joint Conference on vol. 2, July-4 Aug. 2005 Page(s):821 – 826.
    [30] Parthiban, P., Ganesh, K., Narayanan, S., Dhanalakshmi, R.,Preferences based decision-making model (PDM) for faculty course assignment problem , Proceedings. 2004 IEEE International,Volume 3, 18-21 Oct. 2004 Page(s):1338 – 1341.
    [31] Greiner, M.A., Fowler, J.W., Shunk, D.L., Carlyle, W.M., McNutt, R.T.,A hybrid approach using the analytic hierarchy process and integer programming to screen weapon systems projects,Engineering Management, IEEE Transactions on V50(2), May 2003 P:192 – 203.
    [32] Bass T. Intrusion systems and multisensor data fusion: Creating cyberspace situational awareness. Communications of the ACM, 2000,43(4):99-105.
    [33] Chen, Xiuzhen Zheng, Qinghua; Guan, Xiaohong; Lin, Chenguang,Study on evaluation for security situation of networked systems, Hsi-An Chiao Tung Ta Hsueh/Journal of Xi'an Jiaotong University, v 38, n 4, April, 2004, p 404-408.
    [34] Mustafa, M.A., Al-Bahar, J.F.,Project risk assessment using the analytic hierarchy process,Engineering Management, IEEE Transactions on Volume 38, Issue 1, Feb. 1991 p:46-52.
    [35] Gass, S.I. , Rapcsak T. ,Singular value decomposition in AHP, European Journal of Operational Research, v 154, n 3, May 1, 2004, p:573-584.
    [36] Spyropoulou, E., Levin, T., Irvine, C.,Calculating costs for quality of security service ,Proceeding of ACSAC '00. 16th Annual Conference,11-15 Dec. 2000 p:334 – 336.
    [37] Cukier, M., Berthier, R., Panjwani, S., Tan, S.,A Statistical Analysis of Attack Data to Separate Attacks,DSN 2006. International Conference on 25-28 June 2006 p:383 – 387.
    [38] Kevin Fu, M. Frans Kaashoek, and David Mazieres.Fast and Secure Distributed Read-Only File System,[J] Computer Systems.2000,p:17-21.
    [39]Xue, Qi , Ganz, Aura Runtime security composition for sensor networks , IEEE Vehicular Technology Conference, v 58, n 5, 2004, p: 2976-2980.
    [40]Balyan, Avneesh , Loganathan, Karthic, Sripathi, Sridhar ,Security architecture for IP-based multi-service networks,[J] Bell Labs Technical Journal, v 11, n 1, Spring, 2006, p:59-65.
    [41] Cangussu, Joao W. , Cooper, Kendra C., Wong, Eric W. Multi criteria selection of components using the analytic hierarchy process, LNCS,v 4063 , CBSE 2006, Proceedings, 2006, p:67-71.
    [42] Anon, Will high-tech IDs really provide security?, Scientific American, v 286, n 3, March, 2002, p:18.
    [43]Subramanya, S.R., Lakshminarasimhan, N.,Computer viruses[J],Potentials IEEE Volume 20, Issue 4, Oct-Nov 2001 p:16 – 19.
    [44] Xiao Haidong, Li Jianhua, Analysis of Security Situation of Networks based on Knowledge base,WSEAS TRANSACTIONS on ELECTRONICS,Issue 1, Volume 3, January 2006,p:34-40.
    [45] Tim Bass. Multisensor data fusion for next generation distributed intrusion detection systems [A] . 1999 IRIS National Sympo2 sium on Sensor and Data Fusion , Laurel , USA , 1999.
    [46] Hunter, J.M., Matlack, T., Schweer, K.G.,Applications of networking capabilities to assist in situational awareness,Systems and Information Engineering Design Symposium, 2004. Proceedings of the 2004 IEEE 16 Apr 2004 p:25 – 32.
    [47] Y. Z. Zhang, X. C. Yun, B. X. Fang and T. Zhang, A Mining Method for Computer Vulnerability Correlation, International Journal of Innovative Computing, Information and Control, Vol.1, No.1, 2005, p: 43-51.
    [48] Galen A.,Network security managers' preferences for the Snort IDS and GUI add-ons Grimes, [J] Network Security, v 2005, n 4, April, 2005, p:19-20.
    [49] Liu, Huailiang, Wang, Dong, Xu, Guohua, Study on assessment of Intranet security with Fuzzy-AHP method ,Jisuanji Gongcheng/Computer Engineering, v 28, n 1, January, 2002, p:50.
    [50] Zhou, J., Vigna, G.,Detecting attacks that exploit application-logic errors through application-level auditing ,Computer Security Applications Conference, 2004. 20th Annual 6-10 Dec. 2004 p:168 – 178.
    [51] F.Cuppen,A.Miege.Alert Correlation in a Cooperative Intrusion Detection Framework.[J] IEEE Symp.on Security and Privacy,2002.
    [52] D’Ambrosio B, Takikawa M, Upper D, Fitzgerald J, Mahoney S. Security situation assessment and response evaluation. In: DARPA Information Survivability Conf. & Exposition II. Anaheirn, 2001. p:387-394.
    [53] Tim Bass. Multisensor data fusion for next generation distributed intrusion detection systems [A] . 1999 IRIS National Sympo2 sium on Sensor and Data Fusion , Laurel ,USA ,1999.
    [54] http://edu.chinaz.com/Get/Security/Defence/058121008002096168.asp.
    [55] Antsaklis, P.J.,Neural networks for control systems, Neural Networks, IEEE Transactions on V1(2) June 1990, p:242 – 244.
    [56] LiQi-An, Wang Shu-Qing,Fast algorithm for adaptive generalized predictive control based on BP neural networks,Proceedings of 2004 International Conference on Machine Learning and Cybernetics, v 2, 2004, p 738-743.
    [57] E E Azzouz, A KNandi. Algorithms for Automatic Modulation Recognition of Communication Signals [J].IEEE Trans on Communication, 1998, 46: p431-436.
    [58] Matsuda, S.,Theoretical limitations of a Hopfield network for crossbar switching,[J]Neural Networks, IEEE Transactions on V12(3), May 2001 p:456–460.
    [59] Matlab 的神经网络工具箱实用指南 http://hi.baidu.com/changsheng/blog/item/ 07e42f2e415ff f504fc226f9.html.
    [60] 温 浩,赵国庆, 基于 MATLAB 神经网络工具箱的线性神经网络实现 电子科技 2005 年第 1 期.
    [61] Senyard, A., Kazmierczak, E., Sterling, L.,Software engineering methods for neural networks, Software Engineering Conference, 2003. Tenth Asia-Pacific 2003 Page(s):468 – 472.
    [62] 丛爽,面向工具箱的神经网络理论与应用[M],合肥:中国科学技术大学出版社.
    [63] Liu Tongming, Data Mining Techniques and Its Application, National Defense Industry Press,2001, p:194-218.
    [64] Haidong Xiao, Jianhua Li,Analysis of Grid Security Authorization Police Based on Knowledge Mining WSEAS Transactions on Computer p:1105-1107.
    [65] Mukherjee,.,Heberlein,L.,and Levitt,K.,Network intrusion Detection, IEEE NetworkMagazine, Vol.8.No.3,May/June 1994, p:26-41.
    [66] Endsley M R. Toward A Theory of Situation Awareness in Dynamic Systems [J]. Human Factors, 1995, 37(1)p:32–64.
    [67] Dominguez, C. Can SA be defined Situation Awareness: Papers and Annotated Bibliography [R]. Wright-Patterson Airforce Base, OH: Air Force Systems Command. p:5-10.
    [68] D.li,K.Wong,Y.h.Hu, Detection,classification,and tracking of targets, IEEE Singal Processing Magazinge, ,March 2002, p:17-29.
    [69] Hosmer, H. Visualizing Risks: Icons for Information Attack Scenarios. National Information System Security Conference, (2000).
    [70] 飞思科技, 神经网络理论和 matlab 7 实现. 电子工业出版社 p:258-259.
    [71] Chen, C.L.P., Lu, Y., FUZZ:a fuzzy-based concept formation system that integrates human categorization and numerical clustering, [J]Systems, Man and Cybernetics, Part B, IEEE Transactions on, V27(1), Feb. 1997 p:79 – 94.
    [72] Bhatnagar, S., Ganguly, S., Izmailov, R.,Impact of Network-Awareness on Profile Migration, Proceedings of 22nd International Conference on 03-07 April 2006 p:26 – 26.
    [73] W.H. Hsu, and S.F. Chang, Generative, discriminative, and ensemble learning on multi-modal perceptual fusion toward news video story segmentation, IEEE International Conference on Multimedia and Expo, Taipei, Taiwan, 2005.
    [74] K. Thompson and P. Langley, Concept formation in structured domains in Concept Formation: Knowledge and Experience in Unsupervised Learning, D. H. Fisher, M. J. Pazzani, and P. Langley, Eds. San Mateo, CA: Morgan Kaufmann, 1991, p:127–161.
    [75] S. J. Hanson and M. Bauer, Conceptual clustering, categorization and polymorphy, Mach. Learn., vol. 3, 1989, p: 343–352.
    [76] Hayashi, H., Qiangfu Zhao, A comparative study on GA based and BP based induction of neural network trees, Systems, Man and Cybernetics, IEEE International Conference on V1,10-12 Oct. 2005 p:822-826.
    [77] Heberiein L T,Dias G V. A Network Security Monitor, IEEE Proceedings of the Symposium on Security and Privacy,1990, p:297-302.
    [78] Xiao Haidong, Li Jianhua, Arithmetic of Security Data Fusion under High Performance Computing Environment, Proceeding of WSEAS.2006.1,p:1101-1107.
    [79] Xiao Haidong, Li Jianhua Analysis and Research of Grid,Security Based on Knowledge Base [M] .Guangzhou:CIHW, 2004. p:177-179.
    [80] D'Amico, A., Kocka, M., Information assurance visualizations for specific stages of situational awareness and intended uses: lessons learned Visualization for Computer Security, 2005. (VizSEC 05). IEEE Workshop on 26 Oct. 2005 p:110-112.
    [81] 王士同,模糊系统、模糊神经网络及应用程序设计[M], 上海科学技术文献出版社,1998,p:202-226.
    [82] L.M.Fu.Rule Generration from Neural Networks.IEEE Trans on Systems,Man,and Cybernetics ,v24,1994,p:20-22.
    [83] Kwong R H,Johnston E W. A variable step size LMS algorithm[J]. IEEE Trans. On Signal Processing.1992,40(7)p:1633-1636.
    [84] Won, Y.K., Park, R.-H., Park, J.H., Lee, B.-U.,Variable LMS algorithms using the time constant concept ,[J]Consumer Electronics, IEEE Transactions on V40(3) Aug 1994 p:655 – 661.
    [85] S. Jha, O. Sheyner, and J. Wing, Two formal analyses of attack graphs, in Proceedings of the 15th IEEE Computer Security Foundations Workshop (CSFW'02), June 2002. p: 49-63.
    [86] Nong Ye, Mingming Xu,Information fusion for intrusion detection Information Fusion, 2000. Proceedings of the Third International Conference on V2, July 2000 p:17-20.
    [87] Kettani, D., Roy, J.A qualitative spatial model for information fusion and situation analysis, Information Fusion,Proceedings of the Third International Conference on v1, July 2000 p:16 -21.
    [88] Endsley, M.R., Hansman, R.J., Farley, T.C.,Shared situation awareness in the flight deck-ATC system,[J]Aerospace and Electronic Systems Magazine, IEEE V14(8) Aug. 1999,p:25 – 27.
    [89] Xiao, Jun ; Gao, Hai-Xia; Ge, Shao-Yun; Wang, Yi-Ping; Deng, Hua; Zhang, Ying ,Evaluation method and case study of urban medium voltage distribution network,[J]Power System Technology, v 29, n 20, Oct 20, 2005, p:77-81.
    [90] Guang-Bin Huang, Saratchandran, P., Sundararajan, N.,A generalized growing and pruning RBF (GGAP-RBF) neural network for function approximation,[J]Neural Networks, IEEE Transactions on V16(1), Jan. 2005,p::57 – 61.
    [91] Gao Daqi, Yang Genxing,Adaptive RBF neural networks for pattern classifications, IJCNN '02. Proceedings of the 2002 International Joint Conference on V1, May 2002 ,p:846 – 851.
    [92] Nazmul K M, Toshiomi Y, Sheyla L R, et al. Global and local neural network models in biotechnology: application to different cultivation processes [J]. J Ferment Bioeng, 1997, 83(1):1-11.
    [93] Noel. S. Jajodia. S, "Managing attack graph. complexity through visual hierarchical aggregation",. Proceedings of the 2004 ACM Workshop on. Visualization and Data Mining for Computer Security,. Washington, 2004, p: 109-118.
    [94] Z.Uykan,C.Guzelis,E.Celebi, Analysis of Input-output Clustering for Determining Centers of RBFNN, IEEE Trans on Neural Networks, 2000 V11(4), p:852-857.
    [95] G.A. Calvert (2001), Cross modal processing in the human brain: insights from functional neuroimaging studies, Cerebral Cortex, 11(12): 1110-1123.
    [96] R.P.N. Rao, B. A. Olshausen, and M.S. Lewicki, Probabilistic Models of the Brain: Perception and Neural Function, USA: MIT Press, 2002.
    [97] T.Elloft,R.J.P Defigueiredo, A New Neural Networks For Cluster Detection and Labeling,[J]IEEE Trans on Neural Networks,1998 V9(5),p:1022-1030.
    [98] B. Lu, M. Ito.Task Decomposition and Module Combination Based on ClassRelations: s Modular Neural Network for Pattern Classification,[J]IEEE Trans. on Neural Networks, 1999.Vol. IO:5,p:1244-1246.
    [99] Y. Lu, N. Sundarajan, Performance Evaluation of a Sequential Minimal Radial Basis Function (RBF) Network Learning Algorithm,[J]IEEE Transactions on Neural Networks, 1998.Vol. 9:2, p: 308-315.
    [100] Urs, Strey, Alfred,Experimental study on the precision requirements of RBF, RPROP and BPTT training, Vollmer, IEE Conference Publication, v 1, n 470, 1999, p: 239-240.
    [101] C. M. Bishop,Neural Networks for Pattern Recognition,London: Oxford University Press,1995.
    [102] 王旭东,邵惠鹤,RBF 神经网络理论及其在控制中的应用[J],信息与控制,1997,26(4)p:272—284.
    [103] M. Bianchini,P. Frasconi and M. Gori,Learning without local minimain radial basis function networks,IEEE Trans. On Neural Networks,6(3)1995,p:749-756.
    [104] Geer, DavidMalicious bots threaten network security,[J] Computer, v38, n1, January, 2005, p: 18-20.
    [105] C.G.M. Snoek, M. Worring, and A.W.M. Smeulders, Early versus Late Fusion in Semantic Video Analysis, ACM Multimedia, Singapore, November 2005.
    [106] Jun Xu,Wooyong Lee,Sustaining availability of Web services under distributed denial of service attacks,[J]Computers, IEEE Transactions on V52(2), Feb. 2003 p:195 – 208.
    [107] Yang Xiang, Zhongwen Li,An Analytical Model for DDoS Attacks and Defense, Computing in the Global Information Technology, 2006. Proceeding of ICCGI 2006.p:66 – 66.
    [108] D.A. Lambent. Assessing Situation. Proceedings of International Conference on IDC 99, 1999, p:503-508.
    [109] Jun Xu, Wooyong Lee,Sustaining availability of Web services under distributeddenial of service attacks, Computers, IEEE Transactions on V52(2), Feb. 2003 p:195-200.
    [110] Xia Z, Zhang S, A kind of network security behavior model based on game theory, Parallel and Proceedings of the Fourth International Conference on Distributed Computing, Applications and Technologies, 2003, pp:950-954.
    [111] Rowan, Lannon,Security in a Web services world,Network Security, v 2005, n 6, June, 2005, p:7-10.
    [112] Felix J. Garcia, Perez, Gregorio Martinez, Skarmeta, Antonio F. Gomez, A semantically-rich management system based on CIM for the OGSA security services Clemente, LNAI, v 3528, AWIC 2005, p:473-474.
    [113] Amnuaykanjanasin, Pichet , Nupairoj, Natawut. The BPEL orchestrating framework for secured grid services, Proceedings of ITCC 2005 v 1, p:348-349.
    [114] Naqvi, Syed , Riguidel, Michel,Threat model for grid security services, LNCS, v3470, 2005, p:1053-1054.
    [115] Xiao Haidong, Li Jianhua, Knowledge base based Analysis of Security Situational Awareness, published on Proceeding of IEEE Computer Society, ICN/ICONS/MCL'06, 2006, p:162-171.
    [116] J.C. Huang, Z. Liu, and Y. Wang, Joint video scene segmentation and classification based on hidden markov model, IEEE International Conference on Multimedia and Expo, New York, 2000, pp:1551-1554.
    [117]Cochennec, J.-Y.Activities on next-generation networks under Global Information Infrastructure in ITU-T, Communications Magazine[J], IEEE V40(7), July 2002 Page(s):98 – 101.