1[1]GREEN J,MARCHETTE D,NORTHCUTT S.Analysis Techniques for Detecting Coordinated Attacks and Probes [ EB/OL].http:∥www.blacksheepnetworks.com/security/info/misc/coord.html,2004.
2[2]ECKMANN ST,VIGNA G,KEMMERER PA.Statl:An attack language for state-based intrusion detection[ A].Proceedings of the ACM Working on Intrusion Detection[ C].2000.
3[3]PENG N.Abstraction-based Intrusion Detection in Distributed Environments[D].George Mason University,2001.
4[4]BRO PV.A system for detecting network intruders in real-time [A].Proceedings of the 7th Usenix Security Symposium[ C].1998.
5S R Snapp, S E Smaha, D M Teal et al. The DIDS (distributed intrusion detection system) prototype. In: USENIX Association.Proc of the Summer 1992 USENIX Conf. Berkeley, CA, USA:USENIX Association, 1992. 227--233.
6S Staniford-Chen, S Cheung, R Crawford et al. GrlDS---A graph based intrusion detection system for large networks. The 19th National Information Systems Security Conference (NISSC),Baltimore, MD, USA, 1996. 1:361-370.
7J S Balasubramaniyan, J O Garcia-Fernandez, D Lsaeoff et al.Architecture for intrusion detection using autonomous agents.COAST Laboratory, Purdue University, COAST Tech Rep: 98-05, 1998. http://www. cerias. purdue.edu/homes/aafid/docs/tr9805, pdf.
8P A Porras, P G Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. The 20th National Information Systems Security Conf(NISSC), Baltimore,MD, USA, 1997.353-365.
9J Pickel, R Danyliw. Enabling automated detection of security events that affect multiple administrative domains.Information Networking Institute, Carnegie Mellon University, Pittsburgh,PA, USA, 2000. http://www. incident.org/thesis/bookl. html.
10C Krugel, T Toth. Distributed pattern detection for intrusion detection. The Network and Distributed System Security Symposium Conf, San Diego, CA, USA, 2002.
