1.Bacher, P., Holz, T., Kotter, M., and Wicherski, G., “Know Your Enemy: Tracking Botnets (using honeynets to learn more about bots),” 2008; http://www.honeynet.org/book/export/html/50.
2.Barbara, D., Couto, J., Jajodia, S., and Wu, N., “ADAM: a testbed for exploring the use of data mining in intrusion detection,” SIGMOD Record, vol. 30, no. 4, 2001, pp. 15-24.
3.Barford, P., Kline, J., Plonka, D., and Ron, A., “A signal analysis of network traffic anomalies,” Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, ACM, 2002, pp. 71-82.
4.Barford, P., and Plonka, D., “Characteristics of network traffic flow anomalies,” Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, ACM, 2001, pp. 69-73.
5.Chandola, V., Banerjee, A., and Kumar, V., “Anomaly detection: A survey,” ACM Computing Surveys, vol. 41, no. 3, 2009, pp. 1-58.
6.Cisco, “Introduction to Cisco IOS NetFlow - A Technical Overview,” http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555 /ps6601/prod_white_paper0900aecd80406232.html.
7.Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P., Kumar, V., Srivastava, J., and Dokas, P., “MINDS - Minnesota Intrusion Detection System,” Next Generation Data Mining, MIT Press, 2004.
8.Hotelling, H., “The Generalization of Student's Ratio,” The Annals of Mathematical Statistics, vol. 2, no. 3, 1931, pp. 360-378.
9.Hussain, A., Heidemann, J., and Papadopoulos, C., “A framework for classifying denial of service attacks,” Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, ACM, 2003, pp. 99-110.
10.Internet Corporation For Assigned Names and Numbers, “Factsheet Root server attack on 6 February 2007,” 2007; http://www.icann.org/en/announcements/announcement-08mar07.htm.
11.Jung, J., Krishnamurthy, B., and Rabinovich, M., “Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites,” Proceedings of the 11th international conference on World Wide Web, ACM, 2002, pp. 293-304.
12.Jung, J., Paxson, V., Berger, A.W., and Balakrishnan, H., “Fast portscan detection using sequential hypothesis testing,” Proceedings. 2004 IEEE Symposium on Security and Privacy, pp. 211-225.
13.Kienzle, D.M., and Elder, M.C., “Recent worms: a survey and trends,” Proceedings of the 2003 ACM workshop on Rapid Malcode, ACM, 2003, pp. 1-10.
14.Kruegel, C., Toth, T., and Kirda, E., “Service specific anomaly detection for network intrusion detection,” Proceedings of the 2002 ACM Symposium on Applied Computing, ACM, 2002, pp. 201-208.
15.Lakhina, A., Crovella, M., and Diot, C., “Characterization of network-wide anomalies in traffic flows,” Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, ACM, 2004, pp. 201-206.
16.Lazarevic, A., Ertz, L., Kumar, V., Ozgur, A., and Srivastava, J., “A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection,” Proceedings of the Third SIAM International Conference on Data Mining, 2003.
17.Lyon, G., Nmap network scanning: official Nmap project guide to network discovery and security scanning, Insecure.Com, LLC, 2008.
18.Miniwatts Marketing Group, “Internet World Stats,” http://www.internetworldstats.com/stats.htm.
19.Mirkovic, J., and Reiher, P., “A taxonomy of DDoS attack and DDoS defense mechanisms,” SIGCOMM Computer Communication Review, vol. 34, no. 2, 2004, pp. 39-53.
20.Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., and Weaver, N., “Inside the Slammer Worm,” IEEE Security and Privacy, vol. 1, no. 4, 2003, pp. 33-39.
21.Mukherjee, B., Heberlein, L.T., and Levitt, K.N., “Network intrusion detection,” IEEE Network, vol. 8, no. 3, 1994, pp. 26-41.
22.Needham, R.M., “Denial of service: an example,” Communications of the ACM, vol. 37, no. 11, 1994, pp. 42-46.
23.Nychis, G., Sekar, V., Andersen, D.G., Kim, H., and Zhang, H., “An empirical evaluation of entropy-based traffic anomaly detection,” Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, ACM, 2008, pp. 151-156.
24.Patcha, A., and Park, J.-M., “An overview of anomaly detection techniques: Existing solutions and latest technological trends,” Computer Networks, vol. 51, no. 12, 2007, pp. 3448-3470.
25.Peng, T., Leckie, C., and Ramamohanarao, K., “Survey of network-based defense mechanisms countering the DoS and DDoS problems,” ACM Computing Surveys, vol. 39, no. 1, 2007, pp. 3.
26.Peters, S., “14th Annual CSI Computer Crime,” 2009; http://gocsi.com/node/577.
27.Ramadas, M., Ostermann, S., and Tjaden, B., “Detecting Anomalous Network Traffic with Self-organizing Maps,” Recent Advances in Intrusion Detection, Springer, 2003, pp. 36-54.
28.Sanfilippo, S., “Hping,” http://www.hping.org/.
29.Sharma, S., Applied Multivariate Techniques, Wiley, 1995.
30.Shon, T., and Moon, J., “A hybrid machine learning approach to network anomaly detection,” Information Sciences: an International Journal, vol. 177, no. 18, 2007, pp. 3799-3821.
31.Staniford, S., Hoagland, J.A., and McAlerney, J.M., “Practical automated detection of stealthy portscans,” Journal of Computer Security, vol. 10, no. 1-2, 2002, pp. 105-136.
32.Tan, P.N., Steinbach, M., and Kumar, V., Introduction to Data Mining, Addison Wesley, 2005.
33.The Apache Software Foundation, “ab - Apache HTTP server benchmarking tool,” http://httpd.apache.org/docs/2.0/programs/ab.html.
34.Trend Micro, “Trend Micro 2008 Annual Threat Roundup and 2009 Forecast,” 2009; http://us.trendmicro.com/imperia/md/content/us/pdf/threats/securitylibrary /trend_micro_2009_annual_threat_roundup.pdf.
35.Valdes, A., and Skinner, K., “Adaptive, Model-Based Monitoring for Cyber Attack Detection,” Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, Springer-Verlag, 2000, pp. 80-92.
36.Weaver, N., Paxson, V., Staniford, S., and Cunningham, R., “A taxonomy of computer worms,” Proceedings of the 2003 ACM workshop on Rapid malcode, ACM, pp. 11-18.
37.Ye, N., Emran, Chen, Q., and Vilbert, S., “Multivariate statistical analysis of audit trails for host-based intrusion detection,” IEEE Transactions on Computers, vol. 51, no. 7, 2002, pp. 810-820.
38.Yeung, D.Y., and Ding, Y., “Host-based intrusion detection using dynamic and static behavioral models,” Pattern Recognition, vol. 36, no. 1, 2003, pp. 229-243.
39. 吳宗儒, “以網路探勘技術偵測隱藏惡意網站之研究,” 國立高雄大學資訊管 理學系碩士論文, 2009.