主动型P2P蠕虫传播模型与遏制技术研究
|
摘要
点对点技术(Peer-to-Peer)从上世纪90年代末提出到现在,短短十来年时间得到了迅猛的发展,不久前Peer-to-Peer(P2P)流量已经超越WEB流量成为了互联网上最庞大的网络流量,P2P技术也从最初的单纯应用于文件共享扩展到实时语音视频点播、即时通信等各个领域。P2P技术的快速发展和P2P应用的日益增多,带来了一系列的安全问题。P2P蠕虫是一种利用P2P网络进行传播的蠕虫,与非P2P蠕虫相比,它的传播速度更快,更难以检测和遏制,P2P蠕虫已经对Internet造成了严重的安全威胁。在各类P2P蠕虫中,主动型P2P蠕虫的传播速度最快,对网络应用程序与网络设施的破坏能力也最强。
目前研究人员针对主动型P2P蠕虫的传播模型进行了初步的研究,提高了人们对P2P蠕虫的原理,危害性等方面的认识,同时也促进了对其检测和遏制技术的研究。但目前的该类蠕虫的传播模型在不同程度上都存在着将影响其传播的现实因素过度简化的问题,因此这些模型并不能准确描述主动型P2P蠕虫的网络行为和传播趋势。近年的研究显示,对主动型P2P蠕虫的检测和遏制大都沿用针对非P2P蠕虫的技术而没有根据该类蠕虫的特点提出一些有针对性的方法,因此,在误报率,漏报率和检测效率等方面都不理想。
本文对主动型的传播模型,主动型P2P蠕虫的遏制技术进行了研究,取得了以下三个方面的成果:
1.提出了四因素传播模型。本文提出了有四个因素可以明显影响主动型P2P蠕虫的传播,这个四个因素分别是:网络拓扑结构、普通用户和Internet服务提供者(ISPs)的遏制措施、网络结点配置的差异和攻防策略。本文根据这四个因素提出了一个离散时间传播模型(四因素模型)并将这四个因素和模型各个参数变化对主动型P2P蠕虫传播的影响进行了定量分析。实验表明,相比其他同类模型而言,四因素模型可以更好的描述该类蠕虫的网络行为和传播趋势。此外,本文指出增大网络结点配置的差异程度和重点保护关键结点可以有效的降低该类蠕虫的传播速度。
2.提出了基于自动身份认证的主动型P2P蠕虫遏制技术。本文指出通过对P2P通信参与者进行准确的身份认证可以很好的遏制蠕虫传播。该技术是一种独立于蠕虫检测结果的遏制技术,并能够实时的对所有的已知的,未知的主动型P2P蠕虫进行彻底的遏制,甚至完全阻断其传播。本文对该方法的原理,实现过程和特点进行了详细的分析,分析结果表明,基于自动身份认证的主动型P2P蠕虫遏制技术在实时性和准确性上优于其他遏制技术。
3.设计了三个安全协议实现了自动身份认证功能。本文对这三个安全协议进行了详细的描述并采用串空间模型对这三个协议的安全性进行了严格的论证,得出了这三个协议可以抵抗常见攻击的结论。
Peer-to-Peer (P2P) technique was proposed in the late nineties last century and it has achieved great development for about ten years. Not long ago, P2P traffic took the place of WEB traffic as the dominant network traffic in the Internet. P2P technique has been made use of in the field of real-time voice and video, instant messages etc but it was reckoned as only a useful vehicle for file sharing in early years. The emergence of a lot of new security problems can impute to the rapid development of the P2P technique and the increase of the P2P services. P2P worm is a kind of worm which can spread by P2P network and it becomes a severe threat to the Internet since P2P worms spread much faster and are more difficult to detect and constrain than un-P2P worms. Proactive P2P worm is a kind of P2P worms which spread fastest and devastate network services and infrastructure most seriously.
The propagation model of proactive P2P worm has been preliminarily learned and these researches prompt the common users’cognition of the principle and hazard of proactive P2P worm. But these models have a common shortcoming more or less: excessively simplify the practical factors which can impact worm propagation. As a result, these models are not competent to accurately simulate the behavior and propagation trend of the proactive P2P worm. Investigations in the late years show that the majority of the current detection and constraint techniques only aim at un-P2P worms, thus these techniques may not adapt to proactive P2P worms. Consequently, the current detection and constraint techniques do not satisfy the false positive and false negative demands. This paper researches the propagation model and constraint techniques of the proactive P2P worm. There are three major contributions of this paper as follows:
1. We propose a four factor proactive P2P worm propagation model. This paper indicates that there are four factors which can obviously impact the propagation of the proactive P2P worm: network topology, countermeasures taken by users and Internet Services Providers (ISPs), configuration diversity of network nodes and attack/defense strategies. Based on these four factors, we propose a discrete time model and emphasize the quantitative analysis of the impact to the proactive P2P worm propagation which is brought by the four factors and the change of any parameters of the model. Experiments demonstrate that our four factor model is better to simulate the behavior and propagation trend of the proactive P2P worm than the other models. Moreover, this paper indicates that there are two methods can slow down the proactive P2P worm efficiently: increase the configuration diversity of the network nodes and protect the critical nodes from compromising.
2. This paper is an attempt to constrain the proactive P2P worm by auto authentication technique. The main idea of this technique is that it is available to baffle worm propagation by accurately authenticating P2P communication participants. This technique is independent of worm detection results and it is able to thoroughly constrain all known and unknown proactive P2P worms in real time so much as to cut off worm propagation in the extreme. This paper dwells on the analysis of the principle, progress and properties of this technique. The analysis shows that our auto authentication technique is better than the other techniques for its real time feature and accuracy.
3. We design three secure protocols to implement the auto authentication technique. This paper elaborates on these three protocols and proves the security of the three protocols strictly based on the Strand Space model. As a result, we conclude that these three protocols are able to resist common attacks.
目前研究人员针对主动型P2P蠕虫的传播模型进行了初步的研究,提高了人们对P2P蠕虫的原理,危害性等方面的认识,同时也促进了对其检测和遏制技术的研究。但目前的该类蠕虫的传播模型在不同程度上都存在着将影响其传播的现实因素过度简化的问题,因此这些模型并不能准确描述主动型P2P蠕虫的网络行为和传播趋势。近年的研究显示,对主动型P2P蠕虫的检测和遏制大都沿用针对非P2P蠕虫的技术而没有根据该类蠕虫的特点提出一些有针对性的方法,因此,在误报率,漏报率和检测效率等方面都不理想。
本文对主动型的传播模型,主动型P2P蠕虫的遏制技术进行了研究,取得了以下三个方面的成果:
1.提出了四因素传播模型。本文提出了有四个因素可以明显影响主动型P2P蠕虫的传播,这个四个因素分别是:网络拓扑结构、普通用户和Internet服务提供者(ISPs)的遏制措施、网络结点配置的差异和攻防策略。本文根据这四个因素提出了一个离散时间传播模型(四因素模型)并将这四个因素和模型各个参数变化对主动型P2P蠕虫传播的影响进行了定量分析。实验表明,相比其他同类模型而言,四因素模型可以更好的描述该类蠕虫的网络行为和传播趋势。此外,本文指出增大网络结点配置的差异程度和重点保护关键结点可以有效的降低该类蠕虫的传播速度。
2.提出了基于自动身份认证的主动型P2P蠕虫遏制技术。本文指出通过对P2P通信参与者进行准确的身份认证可以很好的遏制蠕虫传播。该技术是一种独立于蠕虫检测结果的遏制技术,并能够实时的对所有的已知的,未知的主动型P2P蠕虫进行彻底的遏制,甚至完全阻断其传播。本文对该方法的原理,实现过程和特点进行了详细的分析,分析结果表明,基于自动身份认证的主动型P2P蠕虫遏制技术在实时性和准确性上优于其他遏制技术。
3.设计了三个安全协议实现了自动身份认证功能。本文对这三个安全协议进行了详细的描述并采用串空间模型对这三个协议的安全性进行了严格的论证,得出了这三个协议可以抵抗常见攻击的结论。
Peer-to-Peer (P2P) technique was proposed in the late nineties last century and it has achieved great development for about ten years. Not long ago, P2P traffic took the place of WEB traffic as the dominant network traffic in the Internet. P2P technique has been made use of in the field of real-time voice and video, instant messages etc but it was reckoned as only a useful vehicle for file sharing in early years. The emergence of a lot of new security problems can impute to the rapid development of the P2P technique and the increase of the P2P services. P2P worm is a kind of worm which can spread by P2P network and it becomes a severe threat to the Internet since P2P worms spread much faster and are more difficult to detect and constrain than un-P2P worms. Proactive P2P worm is a kind of P2P worms which spread fastest and devastate network services and infrastructure most seriously.
The propagation model of proactive P2P worm has been preliminarily learned and these researches prompt the common users’cognition of the principle and hazard of proactive P2P worm. But these models have a common shortcoming more or less: excessively simplify the practical factors which can impact worm propagation. As a result, these models are not competent to accurately simulate the behavior and propagation trend of the proactive P2P worm. Investigations in the late years show that the majority of the current detection and constraint techniques only aim at un-P2P worms, thus these techniques may not adapt to proactive P2P worms. Consequently, the current detection and constraint techniques do not satisfy the false positive and false negative demands. This paper researches the propagation model and constraint techniques of the proactive P2P worm. There are three major contributions of this paper as follows:
1. We propose a four factor proactive P2P worm propagation model. This paper indicates that there are four factors which can obviously impact the propagation of the proactive P2P worm: network topology, countermeasures taken by users and Internet Services Providers (ISPs), configuration diversity of network nodes and attack/defense strategies. Based on these four factors, we propose a discrete time model and emphasize the quantitative analysis of the impact to the proactive P2P worm propagation which is brought by the four factors and the change of any parameters of the model. Experiments demonstrate that our four factor model is better to simulate the behavior and propagation trend of the proactive P2P worm than the other models. Moreover, this paper indicates that there are two methods can slow down the proactive P2P worm efficiently: increase the configuration diversity of the network nodes and protect the critical nodes from compromising.
2. This paper is an attempt to constrain the proactive P2P worm by auto authentication technique. The main idea of this technique is that it is available to baffle worm propagation by accurately authenticating P2P communication participants. This technique is independent of worm detection results and it is able to thoroughly constrain all known and unknown proactive P2P worms in real time so much as to cut off worm propagation in the extreme. This paper dwells on the analysis of the principle, progress and properties of this technique. The analysis shows that our auto authentication technique is better than the other techniques for its real time feature and accuracy.
3. We design three secure protocols to implement the auto authentication technique. This paper elaborates on these three protocols and proves the security of the three protocols strictly based on the Strand Space model. As a result, we conclude that these three protocols are able to resist common attacks.
引文
[1] Basher Naimul, Mahanti, Aniket, Mahanti Anirban, Williamson Carey, Arlitt Martin. A comparative analysis of web and Peer-to-Peer traffic. In Proceeding of the 17th International Conference on World Wide Web 2008, WWW'08, p 287-296.
[2] I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for Internet applications. In Proc. ACM SIGCOMM, pages 149–160, 2001.
[3] S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker.A scalable content-addressable network. In Proceedings of ACM SIGCOMM, pages 161–172, San Diego, CA, USA, August 2001.
[4] A. Rowstron and P. Druschel. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In Proc. IFIP/ACM Middleware 2001, Heidelberg, Germany, Nov. 2001.
[5] B. Y. Zhao, L. Huang, S. C. Rhea, J. Stribling, A. D. Joseph, and J. D. Kubiatowicz. Tapestry: A global-scale overlay for rapid service deployment. IEEE Journal on Selected Areas in Communications (J-SAC), 22(1):41–53, January 2004.
[6] Engle, M. and Khan, J. I.,“Vulnerabilities of P2P Systems and a Critical look at Their Solutions,”Technical Report, 2006.
[7] Wen Wei-Ping, Qing Si-Han, Jiang Jian-Chun, Wang Ye-Jun. Research and development of internet worms. Ruan Jian Xue Bao/Journal of Software, v 15, n 8, p 1208-1219, August 2004.
[8] N. Khiat, Y. Charlinet, N. Agoulmine, The emerging threat of peer-to-peer worms, in: Proceedings of IEEE/Ist Workshop on Monitoring, Attack Detection and Mitigation, Tuebingen, Germany, September 2006.
[9] CHEN G L, GRAY R S. Simulating non-scanning worms on peer-to-peer networks. In Proceedings of the 1st international conference on Scalable information systems, Hong Kong, ACM Press, 2006.
[10] J. C. Frauenthal. Mathematical Modeling in Epidemiology. Springer-Verlag, New York, 1980.
[11] Zou CC, Gong W, Towsley D. On the performance of Internet worm scanning strategies. Technical Report, TR-03-CSE-07, Electrical and Computer Engineering Department, University of Massachusetts, 2003.
[12] W. Yu, C. Boyer, S. Chellappan and D. Xuan, "Peer-to-Peer System based Active Worm Attacks: Modeling and Analysis," In Proceedings of 2005 IEEE International Conference on Volume 1, 16-20 May 2005 Page(s):295 - 300 Vol. 1.
[13] Wang Y, Wang CX. Modeling the effects of timing parameters on virus propagation. In: Staniford S, ed. Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2003). Washington, 2003.
[14] Feng Chaosheng, Qin Zhiguang, Cuthbet Laurence, Tokarchuk Laurissa. Propagation model of active worms in P2P networks. In Proceedings of the 9th International Conference for Young Computer Scientists, ICYCS 2008, p 1908-1912.
[15] C. C. Zou, W. Gong, and D.Towsley, "Code Red Worm Propagation Modeling and Analysis", In Proceedings of 9-th ACM Conference on Computer and Communication Security (CCS), Washington DC, November 2002.
[16]李德全.拒绝服务攻击.电子工业出版社, 2007.
[17] Pastor-Satorras Romualdo, Vespignani Alessandro. Immunization of complex networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, v 65, n 3, p 036104/1-036104/8, March 2002.
[18] Pastor-Satorras Romualdo, Vespignani Alessandro. Epidemic dynamics in finite size scale-free networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, v 65, n 3, p 035108/1-035108/4, March 2002.
[19] Volchenkov D, Volchenkova L., Blanchard Ph. Epidemic spreading in a variety of scale free networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, v 66, n 4, p 046137/1-046137/9, October 2002.
[20] Pastor-Satorras Romualdo, Vespignani Alessandro. Epidemic spreading in scale-free networks. Physical Review Letters, v 86, n 14, p 3200-3203, April 2, 2001.
[21] Newman M.E.J. Spread of epidemic disease on networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, v 66, n 1, p 016128/1-016128/11, July 2002.
[22] Xiaofeng Nie, Yuewu Wang, Jiwu Jing, Qi Liu. Understanding the impact of overlaytopologies on Peer-to-Peer worm propagation. In Proceedings of International Conference on Computer Science and Software Engineering, CSSE 2008, v 3, p 863-867.
[23] Strogatz S H, Exploring complex Networks, Nature, 2001, pp.268-276.
[24] Albert R, and Barabási A L, Statistical Mechanics of Complex Networks. Rev. Mod. Phys, 2002, pp. 47-97.
[25] Mcllwraith Douglas, Paquier Micael, Kotsovinos Evangelos. di-jest: Autonomic neighbour management for worm resilience in p2p systems. In Proceedings of the 2008 IEEE International Symposium on A World of Wireless,Mobile and Multimedia Networks, WoWMoM2008, p4594898.
[26] Zhou Ying, Wu Zhong-Fu, Wang Hao, Zhong Jiang, Feng Yong. Zhu Zheng-Zhou. Breaking monocultures in P2P networks for worm prevention. In Proceedings of the 2006 International Conference on Machine Learning and Cybernetics, ICMLC 2006, p 2793-2798.
[27] PeerSim P2P Simulator, http://peersim.sourceforge.net/.
[28] T. Bu and D. Towsley,“On distinguishing between Internet power law topology generators,”Proc. IEEE Conf. Computer Communications (INFOCOM 02), IEEE Press, Jun. 2002, pp. 638-647, doi:10.1109/INFCOM.2002.1019309.
[29] Yu, Wei; Chellappan, Sriram; Wang, Xun; Xuan, Dong. Peer-to-peer system-based active worm attacks: Modeling, analysis and defense. Computer Communications, v 31, n 17, p 4005-4017, November 20, 2008.
[30] Zhang Yejiang, Li Zhitang, Hu Zhengbing, Huang Qingfeng, Lu Chuiwei. Evolutionary proactive P2P worm: Propagation modeling and simulation. In Proceedings - 2nd International Conference on Genetic and Evolutionary Computing, WGEC 2008, p 261-264.
[31] S. Staniford, V. Paxson and N. Weaver,“How to Own the Internet in Your Spare Time,”in Proceedings of USENIX Security, 2002.
[32] R. Cohen, K. Erez, D. ben-Avraham, and S. Havlin,“Resilience of the Internet to random breakdowns,”Physical Review Letters, 2000, 85(21): 4626-4628.
[33] R. Albert, H. Jeong, and A.-L. Barabdsi, "Error and Attack Tolerance of Complex Networks," Nature, vol. 406, 2000.
[34] Costa, M., Crowcroft, J., Castro, M., and Rowstron, A. Can we contain Internetworms? In HotNets (Nov. 2004).
[35] M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, and P. Barham. Vigilante: End-to-End Containment of Internet Worms. In Proceedings of ACM Symposium on Operating System Principles (SOSP), 2005.
[36] L. Zhou, L. Zhang, F. McSherry, N. Immorlica, M. Costa and S. Chien, "A First Look at Peer-to-Peer Worms: Threats and Defenses," In Proceedings of Peer-to-Peer Systems IV, 4th International Workshop (IPTPS), pages 24-35, February 2005.
[37] D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet quarantine: Requirements for containing self-propagating code. In Proceedings of IEEE INFOCOM 2003, San Francisco, CA, April 2003.
[38] H.-A. Kim and B. Karp. Autograph: toward automated, distributed worm signature detection. In Proceedings of the 13th USENIX Security Symposium, August 2004.
[39] J. Newsome, B. Karp, and D. Song. Polygraph: Automatically generating signatures for polymorphicworms. In IEEE Security and Privacy Symposium, 2005.
[40] Zhichun Li, Manan Sanghi, Yan Chen, Ming-Yang Kao and Brian Chavez. Hamsa: Fast Signature Generation for Zeroday Polymorphic Worms with Provable Attack Resilience.In Proc. of the IEEE Symposium on Security and Privacy,Oakland, CA, May 2006.
[41] L. Cavallaro, A. Lanzi, L. Mayer, and M. Monga. LISABETH: Automated content-based signature generator for zero-day polymorphic worms. In SESS'08: Proceedings of the 4th International Workshop on Software Engineering for Secure Systems, Leipzig, Germany, May 2008.
[42] Perdisci, R. et al., Misleading Worm Signature Generators Using Deliberate Noise Injection, Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006.
[43] James Newsome, Brad Karp, and Dawn Song. Paragraph: Thwarting signature learning by training aliciously. In Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006), September 2006.
[44] Simon P. Chung and Aloysius K. Mok. Allergy attack against automatic signature generation. In Recent Advances in Intrusion Detection (RAID), pages 61-80, 2006.
[45] V. Yegneswaran, J. T. Giffin, P. Barford, and S. Jha. An architecture for generating semantics-aware signatures. In Proceedings of 14th USENIX Security Symposium, Maryland, Aug 2005.
[46] N. Weaver, S. Staniford and V. Paxson. Very Fast Containment of Scanning Worms. In Proceedings of USENIX Security Symposium, January 2004.
[47] Sekar Vyas, Yinglian Xie, Reiter Michael K., Hui Zhang. A multi-resolution approach for worm detection and containment. In Proceedings of the International Conference on Dependable Systems and Networks, v 2006, p 189-198.
[48] Wong Cynthia, Wang Chenxi, Song Dawn, Bielski Stan, Ganger Gregory R. Dynamic quarantine of Internet worms. In Proceedings of the International Conference on Dependable Systems and Networks, p 73-82, 2004.
[49] Williamson, Matthew M. and Williamson, Matthew M. Design, implementation and test of an email virus throttle. In Proceedings of ACSAC Security Conference, Las Vegas, 2003.
[50] Wei Yu, Sriram Chellappan, Xun Wang, and D. Xuan, On Defending Peer-to-Peer System-based Active Worm Attacks, in Proc. of IEEE Global Telecommunications Conference (Globecom), November 2005.
[51] Liao Mingtao, Zhang Deyun, Hou Lin.“A Novel Approach for Early Detection of Worm Based on Failed Connection Flow Dissimilarity”. Computer Engineering,August 2006.
[52] Stuart E. Schechter, Jaeyeon Jung, and Arthur W. Berger.“Fast Detection of Scanning Worm Infections”.
[53] Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan. Fastportscan detection using sequential hypothesis testing. In Proceedings of the IEEE.Symposium on Security and Privacy, May 9–12, 2004.
[54] Robert Moskovitch, Nir Nissim, Dima Stopel, Clint Feher, Roman Englert, and Yuval Elovici. Improving the Detection of Unknown Computer Worms Activity Using Active Learning. J. Hertzberg, M. Beetz, and R. Englert (Eds.): KI 2007, LNAI 4667, pp. 489–493, 2007.
[55] A. Pasupulati, J. Coit, K. Levitt. S. F. Wu, etc.“Buttercup: On Network-based Detection of Polymorphic Buffer Overflow Vulnerabilities”, Network Operations and Management Symposium, 2004.
[56] Ke Wang, Salvatore J. Stolfo.“Anomalous Payload-based Network Intrusion Detection”. In Symposium on Recent Advances in Intrusion Detection, Sophia Antipolis.", In RAID, Sept 2004.
[57] Like Zhang, Gregory B. White.“An Approach to Detect Executable Content for Anomaly Based Network Intrusion Detection”. Parallel and Distributed Processing Symposium, 2007. IPDPS, 2007 - doi.ieeecomputersociety.org.
[58] Ke Wang Janak J. Parekh Salvatore J. Stolfo.“Anagram: A Content Anomaly Detector Resistant to Mimicry Attack”. In Proceedings of the 9th Symposium on Recent Advances in Intrusion Detection (RAID), September 2006.
[59] Ki Hun Lee, Yuna Kim, Sung Je Hong, and Jong Kim.“PolyI-D: Polymorphic Worm Detection Based on Instruction Distribution”. WISA 2006, Jeju Island, Korea, August 28-30, 2006.
[60] Ikkyun Kim, Koohong Kang, YangSeo Choi1, etc.“A Practical Approach for Detecting Executable Codes in Network Traffic”. LECTURE NOTES IN COMPUTER SCIENCE, 2007– Springer.
[61] Thomas Toth and Christopher Kruegel.“Accurate Buffer Overflow Detection via Abstract Payload Execution.”RAID International Symposium on Recent Advances in Intrusion Detection 2002.
[62] Periklis Akritidis, Evangelos P. Markatos, Michalis Polychronakis, K. Anagnostakis.“STRIDE: Polymorphic Sled Detection through Instruction Sequence Analysis”. 20th IFIP International Information Security Conference, 2005 - ics.forth.gr.
[63] Ramkumar Chinchani and Eric van den Berg.“A Fast Static Analysis Approach To Detect Exploit Code Inside Network Flows”. Proceedings of Recent Advances In Intrusion Detection, 2005.
[64] Michalis Polychronakis, Kostas G. Anagnostakis, and Evangelos P. Markatos.“Network-Level Polymorphic Shellcode Detection Using Emulation”. In Journal in Computer Virology, vol. 2, no. 4, pp. 257-274, February 2007.
[65] Michalis Polychronakis1, Kostas G. Anagnostakis2, and Evangelos P. Markatos.“Emulation-based Detection of Non-self-contained Polymorphic Shellcode”. In Proceedings of the 10th International Symposium on RAID, September 2007.
[66] Del Grosso C, Antoniol G., Merlo E., Galinier P. Detecting buffer overflow via automatic test input data generation. Computers and Operations Research, v 35, n 10, p 3125-3143, October 2008.
[67] Kuperman Benjamin A, Brodley Carla E., Ozdoganoglu Hilmi, Vljaykumar T.N., Jalote Ankit. Detection and prevention of stack buffer overflow attacks.Communications of the ACM, v 48, n 11, p 51-56, 2005.
[68]腾玲莹.串空间方法分析安全协议.电子科技大学硕士学位论文, 2006年.
[69] Qing SH. Cryptography and Computer Network Security. Beijing: Tsinghua University Press, 2001, 127~147.
[70] Qing SH. Formal analysis of authentication protocols. Journal of Software, 1996, 7 (Supplement):107~114.
[71] Qing SH. Twenty Years Development of Security Protocols Research. Journal of Software, 2003, Vol.14, No.10.
[72] R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12), Dec. 1978.
[73] G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proceeedings of TACAS, volume 1055 of Lecture Notes in Computer Science, pages 147–166. Springer Verlag, 1996.
[74] Dolev D, Yao A. On the security of public key protocols. IEEE Transactions on Information Theory, 1983, 29(2):198~208.
[75] Millen J. The Interrogator model. In Proceedings of the 1995 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1995.251-260.
[76] Meadows C. Applying Formal Methods to the Analysis of a Key Management Protocol. Journal of Computer Securtiy, 1992, 1:5-53.
[77] Longley D and Rigby S. An Automatic Search for Security Flaws in Key Management Schemes. Computers and Security, 1992, 11(1):75-90.
[78] Burrows M, Abadi M, Needham R. A logic of authentication. In Proceedings of the Royal Society of London A, 1989, Vol. 426: 233-271.
[79] Li Gong, Roger Needham and Raphael Yahalom. Reasoning about Belief in Cryptographic Protocols. In Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy, p 234-248.
[80] Martin Abadi and Mark Tuttle. A Semantics for a Logic of Authentication. In Proceedings of the Tenth ACM Symposium on Principles of Distributed Computing, p 201-206.
[81] Paul C. van Oorschot. Extending Cryptographic Logics of Belief to Key Agreement Protocols (Extended Abstract). In Proceedings of the first ACM Conference on Computer and Communications Security. P 232-243.
[82] Syverson P F, van Oorschot P C. On Unified Some Cryptographic Protocol Logics. In Proceeding of the 1994. IEEE Computer Society Press, 1994.
[83] Kailar R. Accountability in Electronic Commerce Protocols. IEEE Trans on Software Engineering, 1996, 22 (5):313-328.
[84] Lowe G. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In proceedings of TACAS. Springer-Verlag, 1996, vol.1055: 147-166.
[85] Mitchell J C, Mitchell M, and Stern U. Automated analysis of cryptographic protocols using murφ. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1997.
[86] Paulson L C. Proving properties of security protocols by induction. Proceedings of the IEEE Computer Security Foundations Workshop X.IEEE Computer Society Press, 1997.70-83.
[87] chneider S, Verifying authentication protocols with CSP. Proceedings of the IEEE Computer Security Foundations Workshop X. lEEE Computer Society Press, 1997.3-17.
[88] Meadows C.A Model of Computation for the NRL Protocol Analyzer. In Proceeding of the 7th Computer Security Foundations Workshop. IEEE Computer Society Press, 1994.
[89] Woo T Y C, Lam S S. Authentication for Distributed Systems. IEEE Computer, 1992, 25(1):39-52.
[90] Thayer FJ, Herzog JC, Guttman JD. Strand spaces: Why is a security protocol correct? In: Proceedings of the 1998 IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1998. 160~171.
[91] Thayer FJ, Herzog JC, Guttman JD. Strand spaces: Proving security protocols correct. Journal of Computer Security, 1999, 7(2-3): 191~230.
[92] Thayer FJ, Herzog JC, Guttman JD. Strand spaces: Honest ideals on strand spaces. In: Proceedings of the 1998 IEEE Computer Security Foundations Workshop. Los Alamitos: IEEE Computer Society Press, 1998. 66~77.
[93] G. Lowe. Casper: A compiler for the analysis of security protocols. In 10th Computer Security Foundations Workshop Proceedings, pages 18–30. IEEE Computer Society Press, 1997.
[94] W. Marrero, E. Clarke, and S. Jha. A model checker for authentication protocols. InC. Meadows and H. Orman, editors, Proceedings of the DIMACS Workshop on Design and Verification of Security Protocols. DIMACS, Rutgers University, September 1997.
[95] L. C. Paulson. Proving properties of security protocols by induction. In 10th IEEE Computer Security Foundations Workshop, pages 70–83. IEEE Computer Society Press, 1997.
[96] G. Lowe. A heirarchy of authentication specifications. In 10th Computer Security Foundations Workshop Proceedings, pages 31–43. IEEE Computer Society Press, 1997.
[97] Xiao-song Zhang, Ting Chen, Jiong Zheng, and Hua Li. Active Worm Propagation Modeling in Unstructured P2P Networks. On Proceedings of the 2nd International Symposium Computer Science and Computational Technology 2009, pp. 035-038.
[98] Xiao-song Zhang, Ting Chen, Jiong Zheng, and Hua Li. Proactive Worm Propagation Modeling and Analysis in Unstructured P2P Networks. Journal of Zhejiang University-SCIENCE C (Computers & Electronics), 2010 11(2): 119-129.
[99] Zhang Xiaosong, Chen Ting, Chen Dapeng and Liu Zhi. SISG: self-immune automated signature generation for polymorphic worms. The International Journal for Computation and Mathematics in Electroinc Engineering, 2010 29(2): 445-567.
[100] Chen Ting, Zhang Xiaosong and Liu Zhi. A Hybrid Detection Approach for Zero-day Polymorphic Shellcodes. On Proceedings of 2009 International Conference on E-Business and Information System Security, Vol 1, p 45-50.
[2] I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A scalable peer-to-peer lookup service for Internet applications. In Proc. ACM SIGCOMM, pages 149–160, 2001.
[3] S. Ratnasamy, P. Francis, M. Handley, R. Karp, and S. Shenker.A scalable content-addressable network. In Proceedings of ACM SIGCOMM, pages 161–172, San Diego, CA, USA, August 2001.
[4] A. Rowstron and P. Druschel. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In Proc. IFIP/ACM Middleware 2001, Heidelberg, Germany, Nov. 2001.
[5] B. Y. Zhao, L. Huang, S. C. Rhea, J. Stribling, A. D. Joseph, and J. D. Kubiatowicz. Tapestry: A global-scale overlay for rapid service deployment. IEEE Journal on Selected Areas in Communications (J-SAC), 22(1):41–53, January 2004.
[6] Engle, M. and Khan, J. I.,“Vulnerabilities of P2P Systems and a Critical look at Their Solutions,”Technical Report, 2006.
[7] Wen Wei-Ping, Qing Si-Han, Jiang Jian-Chun, Wang Ye-Jun. Research and development of internet worms. Ruan Jian Xue Bao/Journal of Software, v 15, n 8, p 1208-1219, August 2004.
[8] N. Khiat, Y. Charlinet, N. Agoulmine, The emerging threat of peer-to-peer worms, in: Proceedings of IEEE/Ist Workshop on Monitoring, Attack Detection and Mitigation, Tuebingen, Germany, September 2006.
[9] CHEN G L, GRAY R S. Simulating non-scanning worms on peer-to-peer networks. In Proceedings of the 1st international conference on Scalable information systems, Hong Kong, ACM Press, 2006.
[10] J. C. Frauenthal. Mathematical Modeling in Epidemiology. Springer-Verlag, New York, 1980.
[11] Zou CC, Gong W, Towsley D. On the performance of Internet worm scanning strategies. Technical Report, TR-03-CSE-07, Electrical and Computer Engineering Department, University of Massachusetts, 2003.
[12] W. Yu, C. Boyer, S. Chellappan and D. Xuan, "Peer-to-Peer System based Active Worm Attacks: Modeling and Analysis," In Proceedings of 2005 IEEE International Conference on Volume 1, 16-20 May 2005 Page(s):295 - 300 Vol. 1.
[13] Wang Y, Wang CX. Modeling the effects of timing parameters on virus propagation. In: Staniford S, ed. Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2003). Washington, 2003.
[14] Feng Chaosheng, Qin Zhiguang, Cuthbet Laurence, Tokarchuk Laurissa. Propagation model of active worms in P2P networks. In Proceedings of the 9th International Conference for Young Computer Scientists, ICYCS 2008, p 1908-1912.
[15] C. C. Zou, W. Gong, and D.Towsley, "Code Red Worm Propagation Modeling and Analysis", In Proceedings of 9-th ACM Conference on Computer and Communication Security (CCS), Washington DC, November 2002.
[16]李德全.拒绝服务攻击.电子工业出版社, 2007.
[17] Pastor-Satorras Romualdo, Vespignani Alessandro. Immunization of complex networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, v 65, n 3, p 036104/1-036104/8, March 2002.
[18] Pastor-Satorras Romualdo, Vespignani Alessandro. Epidemic dynamics in finite size scale-free networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, v 65, n 3, p 035108/1-035108/4, March 2002.
[19] Volchenkov D, Volchenkova L., Blanchard Ph. Epidemic spreading in a variety of scale free networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, v 66, n 4, p 046137/1-046137/9, October 2002.
[20] Pastor-Satorras Romualdo, Vespignani Alessandro. Epidemic spreading in scale-free networks. Physical Review Letters, v 86, n 14, p 3200-3203, April 2, 2001.
[21] Newman M.E.J. Spread of epidemic disease on networks. Physical Review E - Statistical, Nonlinear, and Soft Matter Physics, v 66, n 1, p 016128/1-016128/11, July 2002.
[22] Xiaofeng Nie, Yuewu Wang, Jiwu Jing, Qi Liu. Understanding the impact of overlaytopologies on Peer-to-Peer worm propagation. In Proceedings of International Conference on Computer Science and Software Engineering, CSSE 2008, v 3, p 863-867.
[23] Strogatz S H, Exploring complex Networks, Nature, 2001, pp.268-276.
[24] Albert R, and Barabási A L, Statistical Mechanics of Complex Networks. Rev. Mod. Phys, 2002, pp. 47-97.
[25] Mcllwraith Douglas, Paquier Micael, Kotsovinos Evangelos. di-jest: Autonomic neighbour management for worm resilience in p2p systems. In Proceedings of the 2008 IEEE International Symposium on A World of Wireless,Mobile and Multimedia Networks, WoWMoM2008, p4594898.
[26] Zhou Ying, Wu Zhong-Fu, Wang Hao, Zhong Jiang, Feng Yong. Zhu Zheng-Zhou. Breaking monocultures in P2P networks for worm prevention. In Proceedings of the 2006 International Conference on Machine Learning and Cybernetics, ICMLC 2006, p 2793-2798.
[27] PeerSim P2P Simulator, http://peersim.sourceforge.net/.
[28] T. Bu and D. Towsley,“On distinguishing between Internet power law topology generators,”Proc. IEEE Conf. Computer Communications (INFOCOM 02), IEEE Press, Jun. 2002, pp. 638-647, doi:10.1109/INFCOM.2002.1019309.
[29] Yu, Wei; Chellappan, Sriram; Wang, Xun; Xuan, Dong. Peer-to-peer system-based active worm attacks: Modeling, analysis and defense. Computer Communications, v 31, n 17, p 4005-4017, November 20, 2008.
[30] Zhang Yejiang, Li Zhitang, Hu Zhengbing, Huang Qingfeng, Lu Chuiwei. Evolutionary proactive P2P worm: Propagation modeling and simulation. In Proceedings - 2nd International Conference on Genetic and Evolutionary Computing, WGEC 2008, p 261-264.
[31] S. Staniford, V. Paxson and N. Weaver,“How to Own the Internet in Your Spare Time,”in Proceedings of USENIX Security, 2002.
[32] R. Cohen, K. Erez, D. ben-Avraham, and S. Havlin,“Resilience of the Internet to random breakdowns,”Physical Review Letters, 2000, 85(21): 4626-4628.
[33] R. Albert, H. Jeong, and A.-L. Barabdsi, "Error and Attack Tolerance of Complex Networks," Nature, vol. 406, 2000.
[34] Costa, M., Crowcroft, J., Castro, M., and Rowstron, A. Can we contain Internetworms? In HotNets (Nov. 2004).
[35] M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, and P. Barham. Vigilante: End-to-End Containment of Internet Worms. In Proceedings of ACM Symposium on Operating System Principles (SOSP), 2005.
[36] L. Zhou, L. Zhang, F. McSherry, N. Immorlica, M. Costa and S. Chien, "A First Look at Peer-to-Peer Worms: Threats and Defenses," In Proceedings of Peer-to-Peer Systems IV, 4th International Workshop (IPTPS), pages 24-35, February 2005.
[37] D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet quarantine: Requirements for containing self-propagating code. In Proceedings of IEEE INFOCOM 2003, San Francisco, CA, April 2003.
[38] H.-A. Kim and B. Karp. Autograph: toward automated, distributed worm signature detection. In Proceedings of the 13th USENIX Security Symposium, August 2004.
[39] J. Newsome, B. Karp, and D. Song. Polygraph: Automatically generating signatures for polymorphicworms. In IEEE Security and Privacy Symposium, 2005.
[40] Zhichun Li, Manan Sanghi, Yan Chen, Ming-Yang Kao and Brian Chavez. Hamsa: Fast Signature Generation for Zeroday Polymorphic Worms with Provable Attack Resilience.In Proc. of the IEEE Symposium on Security and Privacy,Oakland, CA, May 2006.
[41] L. Cavallaro, A. Lanzi, L. Mayer, and M. Monga. LISABETH: Automated content-based signature generator for zero-day polymorphic worms. In SESS'08: Proceedings of the 4th International Workshop on Software Engineering for Secure Systems, Leipzig, Germany, May 2008.
[42] Perdisci, R. et al., Misleading Worm Signature Generators Using Deliberate Noise Injection, Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006.
[43] James Newsome, Brad Karp, and Dawn Song. Paragraph: Thwarting signature learning by training aliciously. In Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006), September 2006.
[44] Simon P. Chung and Aloysius K. Mok. Allergy attack against automatic signature generation. In Recent Advances in Intrusion Detection (RAID), pages 61-80, 2006.
[45] V. Yegneswaran, J. T. Giffin, P. Barford, and S. Jha. An architecture for generating semantics-aware signatures. In Proceedings of 14th USENIX Security Symposium, Maryland, Aug 2005.
[46] N. Weaver, S. Staniford and V. Paxson. Very Fast Containment of Scanning Worms. In Proceedings of USENIX Security Symposium, January 2004.
[47] Sekar Vyas, Yinglian Xie, Reiter Michael K., Hui Zhang. A multi-resolution approach for worm detection and containment. In Proceedings of the International Conference on Dependable Systems and Networks, v 2006, p 189-198.
[48] Wong Cynthia, Wang Chenxi, Song Dawn, Bielski Stan, Ganger Gregory R. Dynamic quarantine of Internet worms. In Proceedings of the International Conference on Dependable Systems and Networks, p 73-82, 2004.
[49] Williamson, Matthew M. and Williamson, Matthew M. Design, implementation and test of an email virus throttle. In Proceedings of ACSAC Security Conference, Las Vegas, 2003.
[50] Wei Yu, Sriram Chellappan, Xun Wang, and D. Xuan, On Defending Peer-to-Peer System-based Active Worm Attacks, in Proc. of IEEE Global Telecommunications Conference (Globecom), November 2005.
[51] Liao Mingtao, Zhang Deyun, Hou Lin.“A Novel Approach for Early Detection of Worm Based on Failed Connection Flow Dissimilarity”. Computer Engineering,August 2006.
[52] Stuart E. Schechter, Jaeyeon Jung, and Arthur W. Berger.“Fast Detection of Scanning Worm Infections”.
[53] Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan. Fastportscan detection using sequential hypothesis testing. In Proceedings of the IEEE.Symposium on Security and Privacy, May 9–12, 2004.
[54] Robert Moskovitch, Nir Nissim, Dima Stopel, Clint Feher, Roman Englert, and Yuval Elovici. Improving the Detection of Unknown Computer Worms Activity Using Active Learning. J. Hertzberg, M. Beetz, and R. Englert (Eds.): KI 2007, LNAI 4667, pp. 489–493, 2007.
[55] A. Pasupulati, J. Coit, K. Levitt. S. F. Wu, etc.“Buttercup: On Network-based Detection of Polymorphic Buffer Overflow Vulnerabilities”, Network Operations and Management Symposium, 2004.
[56] Ke Wang, Salvatore J. Stolfo.“Anomalous Payload-based Network Intrusion Detection”. In Symposium on Recent Advances in Intrusion Detection, Sophia Antipolis.", In RAID, Sept 2004.
[57] Like Zhang, Gregory B. White.“An Approach to Detect Executable Content for Anomaly Based Network Intrusion Detection”. Parallel and Distributed Processing Symposium, 2007. IPDPS, 2007 - doi.ieeecomputersociety.org.
[58] Ke Wang Janak J. Parekh Salvatore J. Stolfo.“Anagram: A Content Anomaly Detector Resistant to Mimicry Attack”. In Proceedings of the 9th Symposium on Recent Advances in Intrusion Detection (RAID), September 2006.
[59] Ki Hun Lee, Yuna Kim, Sung Je Hong, and Jong Kim.“PolyI-D: Polymorphic Worm Detection Based on Instruction Distribution”. WISA 2006, Jeju Island, Korea, August 28-30, 2006.
[60] Ikkyun Kim, Koohong Kang, YangSeo Choi1, etc.“A Practical Approach for Detecting Executable Codes in Network Traffic”. LECTURE NOTES IN COMPUTER SCIENCE, 2007– Springer.
[61] Thomas Toth and Christopher Kruegel.“Accurate Buffer Overflow Detection via Abstract Payload Execution.”RAID International Symposium on Recent Advances in Intrusion Detection 2002.
[62] Periklis Akritidis, Evangelos P. Markatos, Michalis Polychronakis, K. Anagnostakis.“STRIDE: Polymorphic Sled Detection through Instruction Sequence Analysis”. 20th IFIP International Information Security Conference, 2005 - ics.forth.gr.
[63] Ramkumar Chinchani and Eric van den Berg.“A Fast Static Analysis Approach To Detect Exploit Code Inside Network Flows”. Proceedings of Recent Advances In Intrusion Detection, 2005.
[64] Michalis Polychronakis, Kostas G. Anagnostakis, and Evangelos P. Markatos.“Network-Level Polymorphic Shellcode Detection Using Emulation”. In Journal in Computer Virology, vol. 2, no. 4, pp. 257-274, February 2007.
[65] Michalis Polychronakis1, Kostas G. Anagnostakis2, and Evangelos P. Markatos.“Emulation-based Detection of Non-self-contained Polymorphic Shellcode”. In Proceedings of the 10th International Symposium on RAID, September 2007.
[66] Del Grosso C, Antoniol G., Merlo E., Galinier P. Detecting buffer overflow via automatic test input data generation. Computers and Operations Research, v 35, n 10, p 3125-3143, October 2008.
[67] Kuperman Benjamin A, Brodley Carla E., Ozdoganoglu Hilmi, Vljaykumar T.N., Jalote Ankit. Detection and prevention of stack buffer overflow attacks.Communications of the ACM, v 48, n 11, p 51-56, 2005.
[68]腾玲莹.串空间方法分析安全协议.电子科技大学硕士学位论文, 2006年.
[69] Qing SH. Cryptography and Computer Network Security. Beijing: Tsinghua University Press, 2001, 127~147.
[70] Qing SH. Formal analysis of authentication protocols. Journal of Software, 1996, 7 (Supplement):107~114.
[71] Qing SH. Twenty Years Development of Security Protocols Research. Journal of Software, 2003, Vol.14, No.10.
[72] R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12), Dec. 1978.
[73] G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proceeedings of TACAS, volume 1055 of Lecture Notes in Computer Science, pages 147–166. Springer Verlag, 1996.
[74] Dolev D, Yao A. On the security of public key protocols. IEEE Transactions on Information Theory, 1983, 29(2):198~208.
[75] Millen J. The Interrogator model. In Proceedings of the 1995 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1995.251-260.
[76] Meadows C. Applying Formal Methods to the Analysis of a Key Management Protocol. Journal of Computer Securtiy, 1992, 1:5-53.
[77] Longley D and Rigby S. An Automatic Search for Security Flaws in Key Management Schemes. Computers and Security, 1992, 11(1):75-90.
[78] Burrows M, Abadi M, Needham R. A logic of authentication. In Proceedings of the Royal Society of London A, 1989, Vol. 426: 233-271.
[79] Li Gong, Roger Needham and Raphael Yahalom. Reasoning about Belief in Cryptographic Protocols. In Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy, p 234-248.
[80] Martin Abadi and Mark Tuttle. A Semantics for a Logic of Authentication. In Proceedings of the Tenth ACM Symposium on Principles of Distributed Computing, p 201-206.
[81] Paul C. van Oorschot. Extending Cryptographic Logics of Belief to Key Agreement Protocols (Extended Abstract). In Proceedings of the first ACM Conference on Computer and Communications Security. P 232-243.
[82] Syverson P F, van Oorschot P C. On Unified Some Cryptographic Protocol Logics. In Proceeding of the 1994. IEEE Computer Society Press, 1994.
[83] Kailar R. Accountability in Electronic Commerce Protocols. IEEE Trans on Software Engineering, 1996, 22 (5):313-328.
[84] Lowe G. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In proceedings of TACAS. Springer-Verlag, 1996, vol.1055: 147-166.
[85] Mitchell J C, Mitchell M, and Stern U. Automated analysis of cryptographic protocols using murφ. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1997.
[86] Paulson L C. Proving properties of security protocols by induction. Proceedings of the IEEE Computer Security Foundations Workshop X.IEEE Computer Society Press, 1997.70-83.
[87] chneider S, Verifying authentication protocols with CSP. Proceedings of the IEEE Computer Security Foundations Workshop X. lEEE Computer Society Press, 1997.3-17.
[88] Meadows C.A Model of Computation for the NRL Protocol Analyzer. In Proceeding of the 7th Computer Security Foundations Workshop. IEEE Computer Society Press, 1994.
[89] Woo T Y C, Lam S S. Authentication for Distributed Systems. IEEE Computer, 1992, 25(1):39-52.
[90] Thayer FJ, Herzog JC, Guttman JD. Strand spaces: Why is a security protocol correct? In: Proceedings of the 1998 IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1998. 160~171.
[91] Thayer FJ, Herzog JC, Guttman JD. Strand spaces: Proving security protocols correct. Journal of Computer Security, 1999, 7(2-3): 191~230.
[92] Thayer FJ, Herzog JC, Guttman JD. Strand spaces: Honest ideals on strand spaces. In: Proceedings of the 1998 IEEE Computer Security Foundations Workshop. Los Alamitos: IEEE Computer Society Press, 1998. 66~77.
[93] G. Lowe. Casper: A compiler for the analysis of security protocols. In 10th Computer Security Foundations Workshop Proceedings, pages 18–30. IEEE Computer Society Press, 1997.
[94] W. Marrero, E. Clarke, and S. Jha. A model checker for authentication protocols. InC. Meadows and H. Orman, editors, Proceedings of the DIMACS Workshop on Design and Verification of Security Protocols. DIMACS, Rutgers University, September 1997.
[95] L. C. Paulson. Proving properties of security protocols by induction. In 10th IEEE Computer Security Foundations Workshop, pages 70–83. IEEE Computer Society Press, 1997.
[96] G. Lowe. A heirarchy of authentication specifications. In 10th Computer Security Foundations Workshop Proceedings, pages 31–43. IEEE Computer Society Press, 1997.
[97] Xiao-song Zhang, Ting Chen, Jiong Zheng, and Hua Li. Active Worm Propagation Modeling in Unstructured P2P Networks. On Proceedings of the 2nd International Symposium Computer Science and Computational Technology 2009, pp. 035-038.
[98] Xiao-song Zhang, Ting Chen, Jiong Zheng, and Hua Li. Proactive Worm Propagation Modeling and Analysis in Unstructured P2P Networks. Journal of Zhejiang University-SCIENCE C (Computers & Electronics), 2010 11(2): 119-129.
[99] Zhang Xiaosong, Chen Ting, Chen Dapeng and Liu Zhi. SISG: self-immune automated signature generation for polymorphic worms. The International Journal for Computation and Mathematics in Electroinc Engineering, 2010 29(2): 445-567.
[100] Chen Ting, Zhang Xiaosong and Liu Zhi. A Hybrid Detection Approach for Zero-day Polymorphic Shellcodes. On Proceedings of 2009 International Conference on E-Business and Information System Security, Vol 1, p 45-50.