11,Bishop M. A model of security monitoring. In: Proceedings of the 5th Annual Computer Security Applications Conference. 1989. 46~52. http://seclab.cs. ucdavis.edu/papers.html
22,Staniford-Chen S, Cheung S, Crawford R et al. GrIDS: a graph based intru sion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference, Vol 1. National Institute of Standards a nd Technology, 1996. 361~370
33,Hochberg J, Jackson K, Stallings C et al. NADIR: an automated system for detecting network intrusion and misuse. Computers and Security, 1993,12(3):235~2 48
44,White G B, Fisch E A, Pooch U W. Cooperating security managers: a peer-based intrusion detection system. IEEE Network, 1996,10(1):20~23
55,Forrest S, Hofmeyr S A, Somayaji A. Computer immunology. Communications of th e ACM, 1997,40(10):88~96
66,Hunteman W. Automated information system alarm system. In: Proceedings of the 20th National Information Systems Security Conference. National Institute of Standards and Technology, 1997
77,Porras P A, Neumann P G. EMERALD: event monitoring enabling responses to anom alous live disturbances. In: Proceedings of the 20th National Information System s Security Conference. National Institute of Standards and Technology, 1997