2[2]Honeynet Know Your Enemy: Statistics http://roject.honeynet. org/papers/stats/23 July, 2001.
3[3]Heberlein, L.T.,G.Dias,K. Levitt,B.Mukherjee,J.Wood, and D.Wolber,network security moniter,Proc.,1990 Symposium on Research in Security and Privacy,pp.296-304,Oakland,CA,May 1990.
4[4]Stantiford-Chen S.,S.Cheung,R,Crawford,M.Dilger,J.Frank,J.Hoagland,K.Levitt,C.Wee,R.Yip,D.Zerkle,rIDS-A Graph-Based Intrusion Detection System for Large Networks The 19th National Informaion Systems Security Conference.
5[1]Fyodor.The Art of Scanning[EB/OL].Phrack 51 www. phrack. com
6[2]CERT Advisory CA-96.21: TCP SYN Flooding and IP Spoofing Attacks. 24 September 1996.
7[3]Phrack .Port Scanning without the SYN flag / Uriel Maimon. Phrack 49-15.
8[4]Stuart Staniford, Jams A. Hoagland ,et al. Practical Automated.
9[1]Lee Wenke, Stolfo S J, Mok K W. A Data Mining Framework for Building Intrusion Detection Models. Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999: 120-132
10[2]Basu R, Cunninghuam R H, Webster S E, et al. Detecting Low-profile Probes and Novel Denial-of-Service Attacks. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, 2001-06