[1] Karen Scarfone, Peter Mell. Guide to Intrusion Detection and Prevention Systems (IDPS) [EB/OL]. (2007-02) [2014-06].http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf. [2] Andy Cuff Intrusion Detection Terminology [EB/OL]. (2010-02) [2014-06] www.securityfocus.com/infocus/1728 [3] Al-Shae E S, Hamed H H. Firewall Policy Advisor for anomaly discovery and rule editing[C]// IFIP/IEEE Eighth International Symposium on Integrated Network Management. USA: IEEE, 2003 (5): 17-30. [4] E Al-Shaer, H Hamed.Discovery of policy anomalies in distributed firewalls[C]// IEEE INFOCOM. USA: IEEE, 2004(4): 2605-2616. [5] Al-Shaer E, Hamed H, Boutaba R, et al. Conflict classification and analysis of distributed firewall policies[J]. IEEE Journal on Selected Areas in Communications (S0733-8716), 2005, 23(10): 2069-2084. [6] Hu H, Ahn G J, Kulkarni K.FAME: a firewall anomaly management environment[C]// Proceedings of the 3rd ACM workshop on Assurable and usable security configuration. USA: ACM, 2010: 17-26. [7] Hu H, Ahn G J, Kulkarni K.Detecting and resolving firewall policy anomalies[J]. IEEE Transactions on Dependable and Secure Computing (S1545-5971), 2012, 9(3): 318-331. [8] Hamed H, Al-Shaer E, Marrero W. Modeling and verification of IPSec and VPN security policies [C]// 13th IEEE International Conference on Network Protocols. USA: IEEE, 2005 (11). [9] Hamed H, Al-Shaer E.Taxonomy of conflicts in network security policies[J]. Communications Magazine (S0163-6804), 2006, 44(3): 134-141. [10] S Ferraresi, S Pesic, L Trazza, et al. Automatic Conflict Analysis and Resolution of Traffic Filtering Policy for Firewall and Security Gateway[C]// IEEE International Conference on Communications. USA: IEEE, 2007: 1304-1310. [11] Gobjuka H, Ahmat K A.Fast and scalable method for resolving anomalies in firewall policies[C]// 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). USA: IEEE. 2011: 828-833. [12] Stakhanova N, L Yao, A A Ghorbani. Classification and Discovery of Rule Misconfigurations in Intrusion Detection and Response Devices[C]// Privacy, Security, Trust and the Management of e-Business, 2009. USA: IEEE. 2009: 29-37. [13] J Alfaro, N Boulahia-Cuppens, F Cuppens.Complete analysis of configuration rules to guarantee reliable network security policies[J]. International Journal of Information Security (S1615-5262), 2008, 7(2): 103-122. [14] A Westerinen, J Schnizlein, J Strassner, et al. Terminology for Policy-Based Management [EB/OL]. (2001-11) [2014-07] http://www.rfc-editor.org/rfc/rfc3198.txt [15] J Lind-Nielsen. The buddy obdd package [Z/OL]. http://www.bddportal.org/buddy.html.2005. [16] 古天龙, 徐周波. 有序二叉决策图及应用 [M]. 北京: 科学出版社, 2000: 30-45. |