[1] Michael B, Heath D B, Paul P. An undergraduate rootkit research project: How available? how Hard? how dangerous? //Information Security Curriculum Development Conference’07. Kennesaw, Georgia, USA: ACM, 2007.

[2] Tan X B, Xi H S. Hidden semi-Markov model for anomaly detection
[J]. Applied Mathematics and Computation, 2008, 205(2): 562-567.

[3] Wang W,Guan X H,Zhang X L, et al. Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data
[J]. Computers & Security, 2006, 25: 539-550.

[4] Sean P, Matt B, Sidney K, et al. Analysis of computer intrusions using sequences of function calls
[J]. IEEE Transactions on Dependable and Secure Computing, 2007, 4(2): 137-150.

[5] Tan X B, Wang W P, Xi H S, et al. Anomaly detection based on hidden markov model
[J]. Mini-Micro Systems, 2004, 25(8):1546-1549(in Chinese). 谭小彬, 王卫平, 奚宏生, 等. 基于隐马尔可夫模型的异常检测
[J]. 小型微型计算机系统, 2004, 25(8):1546-1549.

[6] Yu Z W, Jeffrey J P T, Thomas W. An automatically tuning intrusion detection system
[J]. IEEE Transactions on Systems, Man, and Cybernetics—Part B:Cybernetics, 2007, 37(2): 373-384.

[7] Intel 64 and IA-32 architectures software developer’s manual, volume 3B: system programming guide, part 2
[M]. 2008: 3-38.

[8] AMD64 architecture programmer’s manual, volume 2: system programming
[M]. 2007: 327-341.

[9] Yao J T, Zhang M. A fast tree pattern matching algorithm for XML query //Proceedings of the IEEE/WIC/ACM International Conference on Web Intelligence. Beijing: WIC, 2004: 235-241.

[10] Yang R, Panos K, Anthony K H T. Similarity evaluation on tree-structured data //Proceedings of the ACM SIGMOD International Conference on Management of Data. Baltimore, Maryland: ACM, 2005: 754-765.

[11] Philip B. A survey on tree edit distance and related problems . Theoretical Computer Science, 2005, 337(1-3): 217-239.