, pp. 129-270 http://dx.doi.org/10.14257/ijsia.2015.9.4.24 ACO and SVM Seection Feature Weighting of Network Intrusion Detection Method Wang Xingzhu Furong Coege Hunan, University of Arts and Science, Hunan Changde, 415000, China Wangxzhu@sina.com Abstract Feature seection and cassifier design is the key to network intrusion detection. In order to improve network intrusion detection rate for feature seection probem, this paper proposed a network intrusion detection method (ACO-FS -SVM) combining ant coony agorithm to seect the features with a feature weighting SVM. First, the use of support vector machine cassification accuracy and feature subset dimension construct a comprehensive fitness weighting index. Then use the ant coony agorithm for goba optimization and mutipe search capabiities to achieve optima soutions feature subset search feature. And then seected the key feature of network data and cacuated information gain access to various features weights and heavy weights to buid support vector machine cassifier based on the characteristics of network attacks right. At ast, refine the fina design of the oca search methods to make the feature seection resuts without redundant features whie improve the convergence resistance, and verify the data set by KDD1999 effectiveness of the agorithm. The resuts show that ACO-FS-SVM can effectivey reduce the dimension of features, and have improved network intrusion detection accuracy and detection speed. Keywords: Feature Seection, Feature Weighting, Ant Coony Optimization Agorithm, Support Vector Machines, Network Intrusion Detection 1. Introduction In recent years, the Internet scae growing, couped with its open, non-executives and undefended, the compex network intrusions, the number of intrusions and the growing degree of harm, network intrusion detection has been the focus of network security defense research[1]. With the rapid deveopment of information technoogy, government departments, research institutions, enterprises, business organizations dependence of information system is growing, and threats facing information security is aso increasing. Traditiona information security technoogy has been unabe to meet the requirements of modern information security. Information security situation assessment (information Security Situation Awareness, ISSA) came into being. On the basis of the integration of information security eements in macroscopic rea-time assess the security situation of information, and it can estimate the deveopment trend [2]. Network intrusion detection is a pattern recognition cassification probems, incuding feature seection, cassifier seection and optimization modues. Network data is very compex, with a high dimensiona feature. The feature set contains some redundant features and useess features, which wi increase the mode training time and computationa compexity, and have a negative impact intrusion detection resuts[3]. To this end, before network intrusion detection modeing, it often used the feature seection agorithm to seect beneficia feature subset of test resuts, in order to reduce the feature dimension. There are main sequence search agorithm, based on principa component ISSN: 1738-9976 IJSIA Copyright c 2015 SERSC
anaysis, genetic agorithms, partice swarm optimization and other feature seection method [3,4]. In addition to the feature subset seection, network intrusion detection resuts are aso cosey reated to the cassifier and parameter. The current network intrusion detection mode is mainy Bayesian networks, neura networks and support vector machines and other non-inear cassification agorithm[5,6]. Because the network intrusion detection is a arge sampe cassification probem, SVM training is sow for arge sampe, not conducive to rea-time and onine network intrusion detection. Neura network does not require prior knowedge, it can be non-inear, unimited approximation for the system, especiay radia basis function RBF(Radia Basis Function). Neura network has the advantages of simpe structure, fast earning, etc., which have been in network intrusion detection widey used[7]. In practica appications, RBF neura network cassification performance is cosey reated to its parameters. In order to obtain optima performance network intrusion detection mode, you need to seect the most adapted RBF neura network parameters[8]. In some network intrusion detection mode currenty proposed, many of which are features subset and RBF neura network parameters separatey. The seection sequence is not uncertain. So it usuay adopts randomy determined way, which is difficut to obtain the optima feature subset simutaneousy and RBF neura network parameters. To get the best effect of network intrusion detection, feature seection and RBF neura network parameters shoud be carried out simutaneousy. When the network intrusion modeing, feature seection and cassifier design are critica, which wi directy affect the network intrusion detection performance[9]. Since the origina network intrusion signature contains a number of redundant features and test resuts from the "reactive" noise characteristics. If they are directy input to the cassifier to earn, they have a negative impact on the rate of the attack detection, and the detection efficiency is reduced. So the need to choose the network intrusion detection resuts strongy reated key features to reduce the feature dimension [10]. Network Intrusion cassifier design is another important eement in addition to outside of feature seection. Cassifier wi affect the fina detection accuracy and computationa compexity. There are currenty used widey fisher inear discriminant (FLD), support vector machine (SVM) and neura network cassifiers[11-13]. SVM is a machine earning agorithm based on statistica earning theory and structura risk minimization principe. According to the imited sampe information in the mode, it can find the best compromise between compexity and earning abiity to gain better generaization abiity. Through mapping can sove earning probems of high-dimensiona space, with good generaization abiity to overcome oca minimum, the curse of dimensionaity and other issues. It becomes the major network detection agorithm[14-15]. The traditiona SVM agorithm assumes that a network intrusion feature have the same importance. But if the network data contains weak correation with intrusion detection and even reated features, it wi affect the network intrusion cassifier to some extent on the promotion abiity, resuting in ow precision study[16]. Feature weighting according to the different importance of the features, each feature gives a number [0,1] to indicate the importance of the feature, the more important features of the greater weight was given [17]. In order to increase network intrusion detection effect, the first ant coony optimization agorithm (ACO) to seect features. And then we use the information gain agorithm to cacuate the feature weight. Finay, a feature seection and weighted support vector machines (FS-SVM) network intrusion detection methods (ACO-FS-SVM) is proposed, which is on KDD CUP 99 data set to test the merits of the agorithm. The resuts show that, compared to other intrusion detection method, network intrusion detection rate and efficiency of ACO-FS-SVM has improved significanty. 260 Copyright c 2015 SERSC
2. ACO-FS-SVM Network Intrusion Detection Fow ACO-FS-SVM agorithm use wrapper feature to seect mode. It uses the automatic optimization capabiity ACO to goba search in the feature space, gets a different combination of features. According to the resuts of SVM cassification to determine the features of the combination of cassification performance, and constanty update the seected feature sets, unti the search resuts to obtain the best cassification feature combination. First extract the characteristics of network status information, and then send into the ACO-FS-SVM cassification feature seection modue to seect the best feature set for network intrusion detection. ACO-FS-SVM intrusion detection network fow mode is shown in Figure 1. Train set Data preprocessing Feature seection Ant coony agorithm feature seection Support vector machine Optima feature subset NO YES Test set Data preprocessing Network intrusion detection mode Intrusion Norma Figure 1. The Working Fow of ACO-FS-SVM Network Intrusion Detection Mode 3. ACO-FS-SVM Network Intrusion Detection Method Ant Coony Optimization (ACO) is a coective inteigence agorithms, simuated ants foraging information exchange and mutua cooperation, with positive feedback, goba search abiity and distributed computing, etc. The time of the proposed agorithm is athough ate, but deveoped rapidy. It has been widey used in soving the TSP, job-shop scheduing, network route(qos), knapsack and other aspects. And the simuation resuts show that ant coony agorithm has good resuts[18,19]. In network intrusion detection feature seection, the need for network intrusion detection features to be accessed as a pace of ants, which wi be converted feature optimization probem into a path search probem. A. The Fitness Function Estabishment Network intrusion feature seection incude two aspects: 1seect features subset to make the network attack detection accuracy rate higher. 2the feature dimension as far as Copyright c 2015 SERSC 261
possibe smaest. But in fact a contradiction between the two. In order to make the baance, this research of fitness function is defined as: d f ( s) Perror (1 ) (1) D Where, d is the dimension of feature seection subset s. D is the dimension of candidate feature set. Perror is cassification error rate. λ is the weighting coefficient of cassification error rate. The computationa formua of weighting coefficient λ is 100 (2) 100 Dx where, x presents the percentage of network intrusion detection reduced error rate when features increase one dimension(x%). B. Feature weighting SVM Use feature weighting kerne function constructed SVM, we ca feature weighting SVM. Weighting function is weighted for one feature. The kerne function kp is defined as T T k ( x, x ) k( x P, x P) (3) p i j i j P is caed feature weighting matrix, where Pii=ωi(1<i<n) means the weighting of ith feature. Generay speaking, ωi is not a equa. If an ωi=0, represents the kth feature has nothing to do with the output of the cassifier. T T xi P x jp k p ( xi, x j ) exp( ) 2 (4) T T (( xi x j ) PP ( xi x j )) exp( ) 2 Feature weighting support vector machine(fs-svm) agorithm is described as foows. 1 min T C i, b, 2 i1 (5) st.. T y ( ( x ) b) 1 i i i i 0, i1,2,, where, C>0 is a penaty parameter. FS-SVM can be described as a quadratic programming probem. In the case of ony the minimum required points, we can use the Lagrange mutipier method for soving minimum ωi: 1 T L(, i, b, i ) Ci 2 i1 (6) i1 T ( y ( ( x ) b) 1 ) i i i i where, i is agrange mutipiers. Partia derivative, b, respectivey, and make them equa 0. L i yi( xi ) 0 i0 L iyi 0 (7) b i0 L Csi i 0 i 2 262 Copyright c 2015 SERSC
Put formua(13) into formua(12), get the dua probem of formua(11): 1 min y y K( Px, Px ) a 2 st.. i1 i j i j i j j i1 j1 j1 y 0;0 C; i 1,2,, i i i Sove the dua probem to get optima decision function i1 (8) f ( x) sgn( i yik( Pxi, Px j ) b) (9) Network intrusion cassification FW-SVM agorithm is as foows: Step1: Coect network data training sampe set {(x1,y1),,(xi,yi)}, xi=(x1i,x2i,,xdi) is a d-dimensiona vector, yi (+1,-1), i=(1,,) Step2: Seect high-impact features by ACO. Step3: Cacuate weight vaue w of each feature method based on the information gain method, and construct its feature vector β=diag(β1,β2,,βn)t. Step4: Seect the appropriate penaty parameter C> 0, according to formua (14) constructed and soved quadratic programming optimization probem, obtain the optima soution for α=(α1,,α)t. Step5: αj(0<αj<c) is a component of the α. (xi,xj) is its corresponding sampe points. Cacuated b, construct optima cassification Hyperpane(ω x)+b=0, get network intrusion cassification decision function: f(x)=sgn((ω x)+b. C. Determination of ants state transition probabiity Feature is the nodes that each ant must go through. Each compete a cyce, an ant traverse a features. Each feature has a probabiity of seection, each of the ants through a feature node according to the seected characteristics of the probabiity to determine whether features are seected. Ants use feature seection probabiity, the greater the probabiity of seection feature, the greater the ikeihood of being seected. The probabiity of ants from feature i to j is: ij ( t) ij ( t), k j s tabu k p () t ( t) ( t) (10) ij is is 0 otherwise where, ij is inspiring factor determined by the intrusion detection accuracy. The arger is, the greater the ants move to feature j. () t is the pheromone from feature i to ij feature j at t time. Tabuk is the tabu ist of ant k. In the state transition probabiity, α represents the weighting of pheromone, and β represents the weighting of inspiration factor. According to reference [11], α in this study is a constant, β is determined by the formua (11). n 0 1 (11) Nmax Where, n is iterations. β 0 is the initia vaue of inspiration factor weighting. N max is the maximum iteration. ij Copyright c 2015 SERSC 263
D. Loca Refine the Search Process After k sub-set of ants important feature search, has got k important feature. In order to prevent some features of the network intrusion detection irreevant or redundant features retained in the feature subset, search for the optima feature uj in k feature to meet: F( S ) min S, i (12) where U is for any feature subset ui, denote Si=Sm ui {fn}. E. Update Pheromone in Path Ant coony agorithm is mainy done through information feedback mechanism. The pheromone update mechanism has two kinds: oca information and goba information. The goba information can speed up the search agorithm, to increase the goba optima feature probabiity. So each competed a search, each round of search path information concentration needs to be updated on every road, specific for k ij ( n1) ij ( n1) ij k k Q (13) ij Fs ( k ) Where, n is iterations. ρ is pheromones residua factor. k is the number of ants. F(s k ) is thefitness vaue. Q is the growth concentration of pheromone. From pheromone update rue can know that, the smaer the fitness function of features subset, the higher the pheromone concentration is. Then it wi attract more ants to the path search. To strengthen the impact of the optima path, for pheromone increase additiona incentive, namey: * Q ij ij (14) Fs ( ) where, F(s opt ) is the fitness function for optima feature subset in this round. The impact of ρ on the convergence of ant coony optimization agorithm is very obvious. The greater ρ is, the convergence is sow. but it is not easy to fa into oca optimum. ρ is smaer, the agorithm converges fast but easy to fa into oca optimum. In this study, based on references [8], ρ vaue is set to: n 0 1 (15) 3 Nmax where, ρ 0 is the initia vaue of information residua factor. F. The ants Search Termination Condition Under norma circumstances it is difficut to determine the dimensions of optima feature subset. The study of ants search termination conditions is 3 consecutive increasing features, F(s) does not happen too much change, said the current round of search termination. 4. Simuation Test A. Data Sources The experimenta data seected KDD CUP 99 data sets, and the data sets of data contained 41-dimensiona features, 34 numeric fieds and seven symboic fied. 41-dimensiona features can be divided into four parts: the basic features of TCP j i i opt 264 Copyright c 2015 SERSC
connections (1 ~ 9 No. features), content features of TC connections(10 to 22 No. features), network traffic statistics feature based on time(23 to 31 No. features), network traffic statistics feature based on host (32 to 41 No. features). The data set divided into four types of intrusions: Probe (scanning and detection), DoS (denia of service attack), U2R (unauthorized access to oca super user) and R2L (unauthorized remote access), see Tabe 1. In P4 dua-core 2.8G CPU, 1G RAM, Windows XP operating system for the simuation environment, using VC ++ 6.0 agorithm Tabe 1. The 41 Data Features of Network Connection Basic features Connections content features Network traffic statistics feature based on time Network traffic statistics feature based on host 1. duration C 10. hot C 23. count C 32. dst_host_count C 2. protoco_type D 11. num_faied_ogins C 24. serror_rate C 33. dst_host_srv_count C 3.service D 12. ogged_in D 25. rerror_rate C 34. dst_host_same_srv_rate C 4. src_bytes 13. num_compromised 26. same_srv_rate C 35. dst_host_diff_srv_rate C C 5. dst_bytes C 14. root_she D 27. diff_srv_rate C 36. dst_host_same_src_port_rate C 6. fagd 15. su_attempted D 28. srv_count C 37. dst_host_srv_diff_host_rate C 7. and D 16. num_root C 29. srv_serror_rate C 38. dst_host_serror_rate C 8. 17. num_fie_creations 30. srv_rerror_rate C 39. dst_host_srv_serror_rate C wrong_fragment C C 9. urgent C 18. num_shes C 31. srv_diff_host_rate C 40. dst_host_rerror_rate C 19. num_access_fies C 41. dst_host_srv_rerror_rate C 20. num_outbound_cmds C 21. is_hot_ogin D 22. is_guest_ogin D A. Resuts and Anaysis Performance comparison before and after feature seection (1) Because the origina data set is too arge, a sma portion of this was chosen as the experimenta data of the data set. The training set of randomy seected 5000 and 1000 test set, and they are normaized characteristics, reduced into [0, 1] range. (2) The training set is input to the SVM for training and test sets for testing. Feature seection before the intrusion detection resuts are obtained. (3) The training set is input to the SVM. Use ACO agorithm combining SVM feature to seect. Optima features as shown in Tabe 2. (4) According to the resuts of the step (3) feature seection for screening training set and testing set (5) The step (4) obtained the training set put into the SVM for training and test sets for testing, intrusion detection resut obtained after the feature seection. (6) Comparison the detection resut and the running time of step (2) and step (5). Copyright c 2015 SERSC 265
Tabe 2. ACO Feature Seection intrusion type feature subset probe 2,4,9,21,29,32,33,34,35 Dos 2,3,7,9,16,20,27,32,37,40 U2R 2,4,9,20,31,21,29,32,33,34,35 R2L 1,2,3,4,6,7,9,11,16,20,21,23,27 Norma 2,3,4,7,8,9,10,15,16,21,22,23, 25 Using 5 experiments to take the average of the test resuts. It can obtain intrusion detection rates before and after feature seection are shown in Tabe 3, the running time shown in Tabe 4. As apparent from Tabe 3, the average rate of intrusion detection after feature seection network increased by 3.10%. The resuts show, feature seection can be more accuratey depicts the network status change information, eiminated redundant and useess information. Intrusion detection performance of feature seection improved significanty. Tabe 3. Comparative the Average Rate of a Intrusion Detection before and after Feature Seection (%) Intrusion type Origina features After seection features Increasing vaue probe 89.76 93.27 3.51 Dos 92.71 95.49 2.78 U2R 87.8 92.53 4.73 R2L 87.48 90.85 3.37 Norma 92.12 93.25 1.13 Average vaue 89.97 93.07 3.10 From Tabe 4, the feature seection greaty reduced run-time network intrusion detection mode. It indicates that the network through ACO feature seection can be achieved by a number of key features, which eiminate unwanted features, reduce the number of SVM input dimension and computing time, speed up the detection speed. Network feature seection to meet rea-time requirements can be more network intrusion detection. Tabe 4. Comparison Running Time (ms) before and after Feature Seection Intrusion type Origina features After seection feature Reduction vaues Probe 32.00 23.88 8.12 DoS 23.51 17.99 5.52 U2R 7.78 4.99 2.79 R2L 5.27 3.84 1.43 Norma 10.55 6.89 3.66 266 Copyright c 2015 SERSC
权 值 权 值 权 值 权 值 Internationa Journa of Security and Its Appications Network intrusion performance comparison before and after feature weighting Firsty, use information gain method to cacuate the weight of each feature, the resuts shown in Figure 3. And then dea with the weight of the feature and buid weighted support vector machine cassifier network intrusion, get test resuts are shown in Tabe 5. 1 0.9 0.8 0.7 Weight 0.6 0.5 0.4 0.3 0.2 0.1 0 2 4 9 21 29 32 33 34 35 特 征 编 号 The feature seria number (a) The Probe feature subset weight distribution 1 0.8 Weight 0.6 0.4 0.2 0 2 3 7 9 16 20 27 32 37 40 特 征 编 号 The feature seria number (b) The DoS feature subset weight distribution 1 0.8 Weight 0.6 0.4 0.2 0 2 4 9 20 31 21 29 32 33 34 35 特 征 编 号 The feature seria number (c) The U2R feature subset weight distribution 1.00 0.80 Weight 0.60 0.40 0.20 0.00 1 2 3 4 6 7 9 11 16 20 21 23 27 特 征 编 号 The feature seria number (d) The R2L feature subset weight distribution Copyright c 2015 SERSC 267
权 值 Internationa Journa of Security and Its Appications 1.00 0.80 Weight 0.60 0.40 0.20 0.00 2 3 4 7 8 9 10 15 16 21 22 23 25 The feature 特 seria 征 编 号 number (e) The Norma feature subset weight distribution Figure 2. A Kinds of Invasion of the Feature Subset of Weight Distribution From Tabe 5, under the same experimenta conditions, the network intrusion detection methods ACO-FS-SVM, both in terms of time efficiency or network intrusion detection rates are higher than the origina SVM method. Intrusion detection reached for Norma of 99.13%, which was mainy due to the increased vaue of the cassification affect more significant characteristic quantities. The origina in the network data sampes near the cassification surface is miscassified been corrected, and the origina cassified correct network data sampe basicay did not happen change. Therefore, by the weighting network intrusion of a kinds of intrusion detection accuracy have varying degrees increase. Tabe 5. The Intrusion Detection Rate(%) Comparison before and after Weighting invasion type Before weighting (ACO- SVM) after weighting (ACO-FS-SVM) increasing vaue probe 93.27 98.46 5.19 Dos 95.49 97.09 1.6 U2R 92.53 98.68 6.15 R2L 90.85 98.56 7.71 Norma 93.25 99.13 5.88 average vaue 93.07 98.38 5.30 Because support vector (SV) can fuy characterize the training dataset, the division of the set of SV equivaent to the division of the entire training data set. In order to further iustrate the effectiveness and advantages of ACO-FS-SVM, further comparative anaysis of support vector set before and after the feature weighting, the resuts shown in Figure 3. 268 Copyright c 2015 SERSC
1000 800 915 855 600 578 加 权 前 加 权 后 400 200 255 200 120 0 The number of support vector Wrong points sampe number 支 持 向 量 数 BSV 错 分 样 本 数 Figure 3. Support Vector Set Comparison before and after Feature Weighted Figure 3 shows that after weighting, the tota number of support vectors dropped from 915 to 578. It indicates that ACO-FS-SVM generaization is better, border support vector (bounded support vector, BSV) number dropped from 855 to 255, decreased by70.17%. Wrong points sampe aso decined dramaticay. The resut showed that before weighting, the data sampes at the network boundary hyperpane are many. By weighting processing, significanty reducing the data sampes in the cassification of these networks poygon boundaries. It indicates that ACO -FS-SVM on feature weighted, can increase network intrusion detection. 5. Concusion For today's compex network robustness evauation mode ony consider the robustness of the network topoogy and the defect of oca effect of the faied node, so this paper proposes compex network function evauation agorithm based on node efficiency. The agorithm overa consider the goba infuence of node faiure, and use the efficiency of the node on network to define the oad of each node, Limit oad and faiure mode, with the rate of striking the utimate faiure nodes on network to measure the functionaity of the network, the resut of robustness experiment proofs: the agorithm is suitabe for assessing the robustness of arge-scae and sma-word network function, the compexity of agorithm time is O (n2). Acknowedgements This work was supported by.hunan Province Natura Science Foundation Project No. 14JJ2124. References [1] Andrew R,Peters G P, Lennox J. Approximation and regiona aggregation in muti-regiona input-output anaysis for nationa carbon footprint accounting. Economic Systems Research, 2009, 21 (3): 311-335. [2] Boyd J P,Fitzgerad W J,Mahutga M C,Smith D A. Computing continuous core/periphery structures for socia reations data with MINRES/SVD, Socia Networks, 2010, 32 (2): 125-137. [3] Dietzenbacher E. More on Mutipiers. Journa of Regiona Science, 2005, 45 (2): 421-426, [4] Houb H W,Schnab H. Quaitative input-output anaysis and structura information. Economic Modeing, 2012, 2(1): 67-73. [5] Houb H W? Tappeiner G. A genera quaitative technique for the comparison of economic structures. Quaity & Quantity, 2010, 22 (3): 293-310. Copyright c 2015 SERSC 269
[6] Kranich J. Aggomeration, vertica speciaization, and the strength of industria inkages. Papers in Regiona Science, 2011, 90 (1): 159-178. [7] Muhammad J. Mirza, Nadeem Anjum. Association of Moving Objects Across Visua Sensor Networks. Journa of Mutimedia, Vo 7, No 1 (2012) pp. 2-8 [8] Phakpoom T. Custering and Industria Deveopment: Evidence from Thaiand. Nagoya University, 2011. [9] Kwak S J,Yoo S H,Chang J I. The roe of the maritime industry in the Korean nationa economy: an input-output anaysis. Marine Poicy, 2011, 29(4): 371-383. [10] Labaj M. Quaitative input-output anaysis and nationa innovation system in Sovakia. Internationa Journa of Transitions and Innovation Systems, 2011, 1 (2): 105-116. [11] Lahr M L,Mesnard L D. Biproportiona Techniques in Input-Output Anaysis: Tabe Updating and Structura Anaysis. Economic Systems Research, 2009, 16 (2): 115-134. [12] Lee S,Yooka S H,Kimb Y. Centraity measure of compex networks using biased random waks. The European Physica Journa, 2010, 68 (2): 277-281. [13] Midmore P,Munday M,Roberts A. Assessing industry inkages using regiona input-output tabes. Regiona Studies, 2006, 40 (3): 329-343. [14] Muniz A S G,Raya A M,Carvaja C R. Core periphery vaued modes in input-output fied: A scope from network theory. Regiona Science, 2011, 90 (1): 111-121. [15] OosterhavenJ, Cardenoso F E. A new method to estimate input-output tabes by means of structura ags,tested on Spanish regions. Papers in Regiona Science, 2011, 90 (4): 829-844. [16] Roepke H,Adams D,Wiseman R. A new approach to the identification of industria compexes using input-output data. Journa of Regiona Science, 2000, 14 (1): 15-29 [17] S. Li, Y. Geng, J. He, K. Pahavan,Anaysis of Three-dimensiona Maximum Likeihood Agorithm for Capsue Endoscopy Locaization, 2012 5th Internationa Conference on Biomedica Engineering and Informatics (BMEI), Chongqing, China Oct. 2012 (page 721-725) [18] Y. Geng, J. He, H. Deng and K. Pahavan, Modeing the Effect of Human Body on TOA Ranging for Indoor Human Tracking with Wrist Mounted Sensor, 16th Internationa Symposium on Wireess Persona Mutimedia Communications (WPMC), Atantic City, NJ, Jun. 2013. [19] San C J R,Biezma M V. The mining industry in the European Union: Anaysis of inter-industry inkages using input-output anaysis. Resources Poicy, 2006, 31(1):1-6. [20] Sanchez C J, Duarte R. Production Chains and Linkage Indicators. Economic Systems Research, 2003, 15 (4): 481-494. Authors Wang Xingzhu, mae, was born in 1974, in Hunan province. He is an associate professor in Furong Coege Hunan, University of Arts and Science. His Main research area is network security. 270 Copyright c 2015 SERSC