[1] Moore D, Voelker G, Savage S. Inferring Internet denial of service activity [A]. In: Proceedings of the 10th USENIX Security Symposium [C]. Washington DC, 2001. 9-22.
[2] Lemon J. Resisting SYN flooding DoS attacks with a SYN cache [A].In: Proceedings of USENIX BSDCon’2002 [C]. San Francisco, 2002.89-97.
[3] Bernstein D J. SYN cookies [EB/OL]. http: //cr.yp.to/syncookies.html. 2000/2003-07-08.
[4] Check Point Software Technologies Ltd. SynDefender[EB/OL]. http: //www.checkpoint.com/products/protect/firewall-1.html. 2002/2003-07-08.
[5] Netscreen Technologies Ltd. Firewall appliance[EB/OL]. http: //www.netscreen.com/. 2002/2003-07-08.
[6] Schuba C L, Krsul I V, Kuhn M G, et al. Analysis of a denial of service attack on TCP[A]. In: Proceedings of IEEE Symposium on Security and Privacy [C]. Los Alamitos: IEEE Computer Society Press, 1997. 208-223.
[7] Roesch M. Snort-lightweight intrusion detection for networks[A]. In: Proceedings of the 13th Conference on Systems Administration(LISA’ 99)[C]. Seattle, Washington, 1999. 229-238.
[8] Staniford S, Hoagland J, McAlerney J. Practical automated detection of stealthy portscans [A]. In: ACM Computer and Communications Security IDS Workshop[C]. Athers, Greece, 2000. 1-7.
[9] Feldmann A. Characteristics of TCP connection arrivals[A]. In: Park K, Willinger W, eds. Self-Similar Network Trac and Performance Evluation [C]. John Wiley and Sons, 2000. 367-399.
[10] Caceres R, Danzig P B, Jamin S, et al. Characteristics of wide area TCP/IP conversations[A]. In: Proceedings of ACM SIGCOMM’91 [C]. Zurich, Switzerland, 1991. 101-112.
[11] Paxson V, Floyd S. Wide area traffic: the failure of poisson modeling [J]. IEEE/ACM Transactions on Networking, 1995, 3(3)226-244.
[12] Cleveland W S, Lin D, Sun D. IP packet generation: statistical models for start times on connection-rate superposition[A]. In: Proceedings of ACM SIGMETRICS [C]. California, 2000. 166-177.
[13] Bowerman B L, O’Connell R T. Forecasting and time series: an applied approach. 3rd ed.[M]. Thomson, 2003.
[14] Lincoln Laboratory, Massachusetts Institute of Technology. DARPA intrusion detection evaluation [EB/OL]. http: //www.ll.mit.edu/IST/ideval/index.html. 2001/2003-07-08.
[15] Stevens R W. TCP/IP Illustrated Volume: The protocols [M]. New York: Addison-Wesley, 1994.178-179.