1Denning DE.An intrusion detection model.IEEE Trans on Software Engineering, 1987, 13(2):222-232.
2Lee W, Stolfo S J, Chan P K, et al.Real-time data mining-based intrusion detection Proc of DARPA Information survivability Conference 2001.
3Kemmerer R A, Vigna G. Intrusion detection: a brief history and overview Computer, 2002, 35(4):27-30.
4Guan Xiaohong, Wang Wei, Zhang Xiangliang. Fast intrusion detection based on a non-negative matrix factorization model.Journal of Network and Computer Applications, 32, 2009: 31-44.
5Lee DD,Seung HS.Learning the parts of objects with nonnegative matrix factorization. Nature 1999, 401:788-791.
6Lee DD,Seung HS.Algorithms for nonnegative matrix factorization.Advances in neural information processing systems 13.Cambridge, MA: MIT Press, 2000.
8W.Richard Stevens.Advanced Programming in the UNIX Environment.Addison-Wesley, 1993.
二级参考文献9
1D E Denning. An intrusion detection model. IEEE Trans on Software Engineering, 1987, 13(2): 222~232
2N Ye. A Markov chain model of temporal behavior for anomal detection. The 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, West Point, NY, 2000
3S Jha, K Tan, R Maxion. Markov chains, classifiers, and intrusion detection A. Computer Security Foundations Workshop, the 14th IEEE, Cape Breton, Novia Scotia, Canada, 2001
4E Eskin, L Wenke, S J Stolfo. Modeling system calls for intrusion detection with dynamic window sizes. DARPA Information Survivability Conf & Exposition Ⅱ, Anaheim, California, 2001
5C Warrender, S Forrest, B Pearlmutter. Detecting intrusion using system calls: Alternative data models. In: Proc of the 1999 IEEE Symposium on Security and Privacy. Oakland, California: IEEE Computer Society, 1999. 133~145
6Y Qiao, X W Xin, Y Bin et al. Anomaly intrusion detection method based on HMM. Electronics Letters, 2002, 38(13): 663~664
7L R Rabiner. A tutorial on hidden Markov models and selected applications in speech recognition. Proceedings of the IEEE, 1989, 77(2): 257~286
8T F Lunt, A Tamaru, F Gilham, et al. IDES: A progress report. In: Proc of Annual Computer Security Applications Conf. Tuscon, Arizona: IEEE Computer Society Press, 1990. 273~285
9S Forrest, S A Hofmeyr, A Somayaji et al. A sense of self for Unix processes. In: Proc of the 1996 IEEE Symp on Security and Privacy. Orkland California: IEEE Computer Society Press, 1996. 120~128
2Riley R, Jiang X, Xu D. Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing[C]//Recent Advances in Intrusion Detection. Springer Berlin Heidelberg, 2008: 1-20.
3Lange J R, Dinda P. Symcall: Symbiotic virtualization through vmm- to-guest upcaUs[C]//ACM SIGPLAN Notices. ACM, 2011, 46(7): 193- 204.
4Sharif M I, Lee W, Cui W, et al. Secure in-vm monitoring using hardware virtualization[C]//Proceedings of the 16th ACM conference on Computer and communications security. ACM, 2009: 477-487.
5Jiang J, Jia x, Feng D, et al. HyperCrop: a hypervisor-based countermeasure for return oriented programming[M]. Information and Communications Security. Springer Berlin Heidelberg, 2011.360-373.
6Barham P, Dragovic B, Fraser K, et al. Xen and the art of virtualization[J]. ACM SIGOPS Operating Systems Review, 2003, 37(5): 164-177.
7Garfinkel T. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools[C]//NDSS. 2003, 3: 163-176.
8Xu M, Wu L, Qi S, et al. A similarity metric method of obfuscated malware using function-call graph[J]. Journal of Computer Virology and Hacking Techniques, 2013, 9(1): 35-47.
9Shang S, Zheng N, Xu J, et al. Detecting malware variants via function-call graph similarity[C]//Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on. IEEE, 2010: 113- 120.
10Graham S L, Kessler P B, Mckusick M K. Gprof: A call graph execution profiler[J]. ACM Sigplan Notices, 1982, 17(6): 120-126.
