网络病毒动态交互模型及防御研究
|
摘要
随着互联网络的飞速发展,网络安全问题也日益严重,网络安全事件频繁发生,近年来的增长速度尤为迅猛。其中,以网络蠕虫和僵尸网络病毒为主的网络病毒由于具有传播速度快、传播形式复杂多样、破坏性大的特点,已经成为互联网络上最为严重的安全威胁之一。网络病毒不仅会造成国民经济的巨大损失,而且会带来政治和军事安全问题。因此,网络病毒的研究近年来成为许多国家在网络安全和军事安全领域重点支持的研究方向之一,也是最活跃的研究方向之一。如何有效防御网络病毒成为急需解决的问题。
网络病毒在快速增长的同时呈现出两个新特征:第一,病毒之间存在着复杂的交互关系。第二,网络病毒的传播及防御与用户行为越来越密切相关。分析并充分利用网络病毒的新特性有助于提出高效的网络病毒防御措施。正是基于此,本文对网络病毒之间的交互模型和考虑用户行为及其规律特性的网络病毒防御技术进行了深入研究。具体研究内容包括:
1.提出了基于博弈论的两类僵尸网络静态交互模型(一次博弈)和僵尸网络的传播动力学模型。在静态交互模型的基础上,利用复制子动态方程给出了僵尸网络的动态交互模型,并将该模型与僵尸网络的传播模型耦合起来。利用快慢系统理论得到耦合模型中快系统(动态交互模型)的稳态以及诱导僵尸网络控制者由合作变为竞争的阈值条件。将快系统的稳态代入原耦合模型,得到两个简化的僵尸网络传播及交互模型,进一步给出每个简化模型中僵尸网络不流行的阈值条件,并研究了交互参数对阈值的影响。
2.提出了利它型网络蠕虫的概念,并分别建立了不考虑人类自适应行为和考虑人类自适应行为的利它型网络蠕虫与其它网络蠕虫的两(类)蠕虫传播及交互模型。对两个模型,均给出了利它型蠕虫存在和不存在两种情况下另一类蠕虫不流行的阈值条件,并研究了与人类自适应行为相关的参数对阈值的影响。
3.提出了基于移动设备和网络两种途径传播的网络蠕虫传播模型,给出了模型中网络蠕虫不流行的阈值条件,研究了与移动设备相关的参数对阈值的影响。
4.根据局域网内用户对网络站点访问具有聚集性的特征,提出了基于局域网的扼流法,设计了在局域网边界路由器上部署扼流系统的方案,并分析了扼流法中的阈值问题。
With the rapid growth of network applications, network security is becoming increasinglyserious and security events occur frequently, booming especially in recent years. Internetviruses, mainly including worm and botnet, have become one of the most serious securitythreats to the Internet due to their characteristics of fast propagating speed, complex andvarious invasion methods, significant damages. Furthermore, they can not only causetremendous damage to national economy but also bring threats to national political and militarysecurity. In recent years, the research on internet virus has been one of the most importantand active research topics in the fields of network security and military security in manycountries. How to contain internet virus has been an urgent issue.
Internet viruses develop two new features when they increase dramatically during the lastfew years. One is that there are complex interactions among internet viruses and the other isthat the propagation and containment of internet viruses are closely related to user’s behavior.Analyzing and taking full advantage of these features may contribute to raise efficientcounter-virus methods. Thus, we analyze the interaction models among internet viruses and thecounter-virus methods based on user’s behavior and its regulation. The detailed contents of ourresearch are given below:
1. A two-botnet static interaction model based on game theory and a botnet propagationdynamicsmodel are put forward. Based on the static interaction model, the replicator equationsare used to characterize the dynamical evolution of the strategies adopted by interacting botnetowners. Then,the evolutionary game dynamics which occurs at a fast time scale is coupled tothe botnet propagation dynamics model. Two stable equilibria of the fast evolutionary gamemodel and the thresholds below which two botnet owners will choose the competitive strategyare given. Additionally, we substitute the equilibria into the coupled model and get two reducedmodels. The thresholds which determine whether the botnet can survive or not in both reducedmodels are given. We also explore the influence of interaction parameters on the thresholds.
2. The concept of altruistic worm is presented and the interactions between the altruisticworm and the other worms are analyzed. Then, we presented two interaction models. One includes the influence of adaptive human behavior and the other does not. For each model, twothresholds which determine whether the other worm (not the altruistic worm) can survive ornot are given. One is for the altruistic worm’s existence state and the other is not.Furthermore, we also explore the influence of parameters concerning adaptive human behavioron the thresholds.
3. The propagation model of worm via both removable devices and internet is provided.Then, we give the threshold determining whether the worm can survive or not and explore theinfluence of the parameters concerning removable devices on the threshold.
4. Inspired by the accumulation characteristic among the web sites scanned by localusers within a subnet, we propose the throttling method based on subnet. Then, we design thedeployment scheme of the throttling method at the edge router of subnet and analyze thethreshold used to detect the suspicious subnet in the throttling method.
网络病毒在快速增长的同时呈现出两个新特征:第一,病毒之间存在着复杂的交互关系。第二,网络病毒的传播及防御与用户行为越来越密切相关。分析并充分利用网络病毒的新特性有助于提出高效的网络病毒防御措施。正是基于此,本文对网络病毒之间的交互模型和考虑用户行为及其规律特性的网络病毒防御技术进行了深入研究。具体研究内容包括:
1.提出了基于博弈论的两类僵尸网络静态交互模型(一次博弈)和僵尸网络的传播动力学模型。在静态交互模型的基础上,利用复制子动态方程给出了僵尸网络的动态交互模型,并将该模型与僵尸网络的传播模型耦合起来。利用快慢系统理论得到耦合模型中快系统(动态交互模型)的稳态以及诱导僵尸网络控制者由合作变为竞争的阈值条件。将快系统的稳态代入原耦合模型,得到两个简化的僵尸网络传播及交互模型,进一步给出每个简化模型中僵尸网络不流行的阈值条件,并研究了交互参数对阈值的影响。
2.提出了利它型网络蠕虫的概念,并分别建立了不考虑人类自适应行为和考虑人类自适应行为的利它型网络蠕虫与其它网络蠕虫的两(类)蠕虫传播及交互模型。对两个模型,均给出了利它型蠕虫存在和不存在两种情况下另一类蠕虫不流行的阈值条件,并研究了与人类自适应行为相关的参数对阈值的影响。
3.提出了基于移动设备和网络两种途径传播的网络蠕虫传播模型,给出了模型中网络蠕虫不流行的阈值条件,研究了与移动设备相关的参数对阈值的影响。
4.根据局域网内用户对网络站点访问具有聚集性的特征,提出了基于局域网的扼流法,设计了在局域网边界路由器上部署扼流系统的方案,并分析了扼流法中的阈值问题。
With the rapid growth of network applications, network security is becoming increasinglyserious and security events occur frequently, booming especially in recent years. Internetviruses, mainly including worm and botnet, have become one of the most serious securitythreats to the Internet due to their characteristics of fast propagating speed, complex andvarious invasion methods, significant damages. Furthermore, they can not only causetremendous damage to national economy but also bring threats to national political and militarysecurity. In recent years, the research on internet virus has been one of the most importantand active research topics in the fields of network security and military security in manycountries. How to contain internet virus has been an urgent issue.
Internet viruses develop two new features when they increase dramatically during the lastfew years. One is that there are complex interactions among internet viruses and the other isthat the propagation and containment of internet viruses are closely related to user’s behavior.Analyzing and taking full advantage of these features may contribute to raise efficientcounter-virus methods. Thus, we analyze the interaction models among internet viruses and thecounter-virus methods based on user’s behavior and its regulation. The detailed contents of ourresearch are given below:
1. A two-botnet static interaction model based on game theory and a botnet propagationdynamicsmodel are put forward. Based on the static interaction model, the replicator equationsare used to characterize the dynamical evolution of the strategies adopted by interacting botnetowners. Then,the evolutionary game dynamics which occurs at a fast time scale is coupled tothe botnet propagation dynamics model. Two stable equilibria of the fast evolutionary gamemodel and the thresholds below which two botnet owners will choose the competitive strategyare given. Additionally, we substitute the equilibria into the coupled model and get two reducedmodels. The thresholds which determine whether the botnet can survive or not in both reducedmodels are given. We also explore the influence of interaction parameters on the thresholds.
2. The concept of altruistic worm is presented and the interactions between the altruisticworm and the other worms are analyzed. Then, we presented two interaction models. One includes the influence of adaptive human behavior and the other does not. For each model, twothresholds which determine whether the other worm (not the altruistic worm) can survive ornot are given. One is for the altruistic worm’s existence state and the other is not.Furthermore, we also explore the influence of parameters concerning adaptive human behavioron the thresholds.
3. The propagation model of worm via both removable devices and internet is provided.Then, we give the threshold determining whether the worm can survive or not and explore theinfluence of the parameters concerning removable devices on the threshold.
4. Inspired by the accumulation characteristic among the web sites scanned by localusers within a subnet, we propose the throttling method based on subnet. Then, we design thedeployment scheme of the throttling method at the edge router of subnet and analyze thethreshold used to detect the suspicious subnet in the throttling method.
引文
[1]朱涛,常国岑,施笑安,基于复杂网络的作战系统结构研究[J].火力指挥与控制,2008,33:136-140..
[2]綦宗纲,军队计算机网络安全性研究与应用[M].硕士学位论文,北京:北京交通大学,2007.
[3] Rising Viruslist.http://it.rising.com.cn/antivirus/mail-virus/mailvirus041.htm
[4]汪小帆,李翔,陈关荣,复杂网络理论及其应用[M].北京:清华大学出版社,2006.
[5] J. Nazario, The Conficker Cabal Announced, Arbor Networks.http://asert.arbornetworks.com/2009/02/the-conficker-cabal-announced.
[6] T.M. Chen, Stuxnet, the Real Start of Cyber Warfare[J]. IEEE. NETW.,2010,24:2-3.
[7]刘功申,计算机病毒及其防范技术[J].北京:清华大学出版社,2007.
[8] Symantec Security Response: W32.Stuxnet Dossier.http://www.symantec.com/connect/blogs/w32stuxnet-dossier
[9] Kaspersky: Virus News.http://www.kaspersky.com/about/news/virus/2012/kaspersky-lab-publishes-new-research
[10]王威,方滨兴,崔翔,基于终端行为特征的IRC僵尸网络检测[J].计算机学报,2009,32:1980-1988.
[11]李润恒,王明华,贾焰,基于通信特征提取和IP聚集的僵尸网络相似性度量模型[J].计算机学报,2010,33:45-54.
[12]汪洁,王建新,陈建二,基于彩色编码的多态蠕虫特征自动提取方法[J].软件学报,2010,21:2599-2609.
[13]程春玲,柴倩,徐小龙等,基于免疫协作的P2P网络病毒检测模型[J].计算机科学,2011,38:60-63.
[14]张永铮,肖军,云晓春等,DDoS攻击检测和控制方法[J].软件学报,2012,23:2058-2072..
[15]王蕊,冯登国,杨轶等,基于语义的恶意代码行为特征提取及检测方法[J].软件学报,2012,23:379-393..
[16]王雅文,姚欣洪,宫云战等,一种基于代码静态分析的缓冲区溢出检测算法[J].计算机研究与发展,2012,49:839-845.
[17]杨丁宁,肖晖,张玉清,基于Fuzzing的ActiveX控件漏洞挖掘技术研究[J].计算机研究与发展,2012,49:1525-1532.
[18]汪洁,王建新,刘绪崇,基于近邻关系特征的多态蠕虫防御方法[J].通信学报,2011,32:150-158.
[19] J.R. Crandall, R. Enasfi, S. Forrest et al., The Ecology of Malware[C]. In: The NewSecurity Paradigms Workshop, California,2008,99-106.
[20] W.O. Kermack, A.G. McKendrick, Contributions of mathematical theory toepidemics[J]. Proceedings of the Royal Society of London: Series A,1927,115:700-721.
[21] J.C. Frauenthal, Mathematical modeling in epidemiology[M]. Springer-Verlag,1980.
[22] J.O. Kephart, S.R. White, Directed-graph epidemiological models of computerviruses[C]. In: IEEE Symposium on Security and Privacy, Oakland,1991,343-361.
[23] J.C. Wierman, D.J. Marchette, Modeling computer virus prevalence with asusceptible-infected-susceptible model with reintroduction[J]. Computational Statisticsand Data Analysis,2004,45:3-23.
[24] C.C. Zou, W. Gong, D. Towsley, Code red worm propagation modeling and analysis[C].In: Atluri V, ed. Proc. of the9th ACM Symp. On Computer and CommunicationSecurity, New York,2002,138-147.
[25] J.R.C. Piqueira, A.A. de Vasconcelos, C.E.C.J. Gavriel et al., Dynamic models forcomputer viruses[J].Computers and Security,2008,27:355-359.
[26] X. Han, Q.L. Tan, Dynamical behavior of computer virus on Internet[J]. AppliedMathematics and Computation,2010,217:2520-2526.
[27] B. K. Mishra, S. K. Pandey, Dynamic model of worms with vertical transmission incomputer network[J]. Applied Mathematics and Computation,2011,217:8438-8446.
[28] J. Ren, X. Yan, Q. Zhu et al., A novel computer virus model and its dynamics[J].Nonlinear Analysis: Real World Applications,2012,13:376-384.
[29] L.Feng, X.Liao, H.Li et al., Hopf bifurcation analysis of a delayed viral infection modelin computer networks[J]. Mathematical and Computer Modeling,2012,56:167-179.
[30] L.-X..Yang, X.Yang, Propagation Behavior of Virus Codes in the Situation ThatInfected Computers Are Connected to the Internet with Positive Probability[J]. DiscreteDynamics in Nature and Society,2012, doi:10.1155/2012/693695.
[31] Q.Zhu, X.Yang, J.Ren, Modeling and analysis of the spread of computer virus[J].Communications in Nonlinear Science and Numerical Simulation,2012,17:5117-5124.
[32] Y Li, J.-X. Pan,Z.Jin, Dynamic modeling and analysis of the email virus propagation[J].Discrete Dynamics in Nature and Society,2012,doi:10.1155/2012/472072.
[33] S. Tanachaiwiwat, A. Helmy, Modeling and analysis of worm interactions: war of theworm[C]. In: Proceedings of the Fouth International Conference on BroadbandCommunications, Networks, and Systems, Raleigh, NC,2007,649-658.
[34]周翰逊,赵宏,主动良性蠕虫和混合良性蠕虫的建模与分析[J].计算机研究与发展,2007,44:958-964.
[35] S. Tanachaiwiwat, A. Helmy, Encounter-based worms: analysis and defense[J]. Ad HocNetwork,2009,7:1414-1430.
[36] Kaspersky: Securelist. http://www.securelist.com/en/descriptions
[37] M.E.J. Newman, S. Forrest, J. Balthrop, Email networks and the spread of computerviruses[J]. Physical Review E,2002,66:035101.
[38] C.C. Zou, D. Towsley, W. Gong, Email virus propagation modeling and analysis[R].TR-CSE-03-04,Amherst: University of Massachusettes,2003.
[39]夏春和,石昀平,李肖坚,结构化对等网中的P2P蠕虫传播模型研究[J].计算机学报,2006,29:952-959.
[40]卿斯汉,王超,何建波等,即时通信蠕虫研究与发展[J].软件学报,2006,17:2118-2130.
[41] G. Chen, R.S. Gray, Simulating non-scanning worms on peer-to-peer network[C]. In:Proceedings of the International Conference on Scalable Information Systems, HongKong,2006,1-13.
[42] C.C. Zou, D. Towsley, W. Gong, Modeling and Simulation Study of the Propagationand Defense of Internet E-mail Worms[J].IEEE Transactions on Dependable and SecureComputing,2007,4:105-118.
[43]孙鑫,刘衍衍,朱建启等,社交网络蠕虫仿真建模研究[J].计算机学报,2011,34:1252-1261.
[44] M.C. Gonzalez, C.A. Hidalgo, A.L. Barabasi, Understanding individual human mobilitypatterns[J].Nature,2008,453:779-782.
[45] P. Wang, M.C. Gonzalez, C.A. Hidalgo et al., Understanding the spreading Patterns ofMobile Phone Viruses[J]. Science,2009,324:1071-1076.
[46] J. Yu, Y. Hu, M. Yu et al., Analyzing netizens' view and reply behaviors on theforum.[J]. Physica A,2010,389:3267-3273.
[47] M.M. Williamson, Throttling Viruses: Restricting propagation to defeat maliciousmobile code[R].HPL-2002-172, HP: HP Lavoratories Bristol,2002.
[48] S.H. Sellke, N.B. Shroff and S. Bagchi, Modeling and Automated Containment ofWorms[J]. IEEE Transactions on Dependable and Secure Computing,2008,5:71-86.
[49]江健,诸葛建伟,段海新等,僵尸网络机理与防御技术[J].软件学报,2012,23:82-96.
[50] W.K. Lee, C. Wang, D. Dagon, Botnet Detection: Countering the Largest SecurityThreat[M]. New York: Springer,2008.
[51]方滨兴,崔翔,王威,僵尸网络综述[J].计算机研究与发展,2011,48:1315-1331.
[52] L.P. Song, Z. Jin, G.Q. Sun, Modeling and analyzing of botent interactions[J].PHYSICA A,2011,390:347-358.
[53]宋礼鹏,多蠕虫传播模型分析[J].计算机应用,2010,30:3360-3362.
[54] L.P. Song, X. Han, D.M. Liu et al., Adaptive human behavior in a two-worm interactionmodel[J]. Discrete Dynamics in Nature and Society,2012, doi:10.1155/2012/828246.
[55] L.P. Song, Z. Jin, G.Q. Sun et al., Influence of removable devices on computer worms:Dynamic analysis and control strategies[J]. Computers And Mathematics WithApplications,2011,61:1823-1829.
[56]马卫东,王磊,李幼平等,用户需求行为对互联网络动力学整体特性的影响[J].物理学报,2008,57:1381-1388.
[57] L.P. Song, Z. Jin, An Automated Worm Containment Scheme[J]. Lecture Notes InComputer Science,2010,6318:187-193.
[58] J. Brunner, The shockwave rider[M]. Canada: Delrey Books,1975.
[59] J.F. Shoch, J. Hupp, The worm progams-early experiments with a distributedcomputation[J]. Communications of the
[60] E.H. Spafford, The Internet worm program: an analysis[J]. ACM SIGCOMMComputer Communication Review,1989,19:17-57.
[61] N. Weaver, V. Paxson, S. Staniford et al., A taxonomy of computer worms[C]. In:Proceedings of the2003ACM Workshop on Rapid Malcode, Washington DC: USA,2003,11-18.
[62]文伟平,卿斯汉,蒋建春等,网络蠕虫研究与进展[J].软件学报,2004,15:1208-1219.
[63] D.M. Kienzle, M.C. Elder, Recent worms: a survey and trends[C]. In: Proceedings ofthe2003ACM Workshop on Rapid Malcode,Washington DC: USA,2003,1-10.
[64] S. Staniford, V. Paxson, N. Weaver, How to Own the Internet in Your Spare Time[C].In: Proc. of the$11^{th}$Usenix Security Symp.,California,2002,149-167.
[65] C.C. Zou, D. Towsley, W. Gong et al., Routing worm: a fast, selective attack wormbased on IP address information[C]. In:Proceedings of19th ACM/IEEE/SCS Workshopon Principles of Advanced and Distributed Simulation, Singapore,2005,199-206.
[66]徐延贵,钱焕延,张凯,IPv6网络中DNS蠕虫的研究[J].计算机科学,2009,36:32-37.
[67] C.C. Zou, D. Towsley, W. Gong, On the performance of Internet worm scanningstrategies[J]. Performance Evaluation,2006,63:700-723.
[68] M. Liljenstam, D.M. Nicol, Comparing passive and active worm defense[C]. In:Proceeding of1st International Conference on the Quantitative Evaluation of Systems,2004,18-27.
[69]王方伟,大规模网络蠕虫建模与防御研究[M].博士学位论文,西安:西安电子科技大学,2009.
[70]汪小帆,李翔,陈关荣,网络科学导论[M].北京:高等教育出版社,2012.
[71] B. McCarty, Botnets: Big and bigger[J]. IEEE Security\&Privacy,2003,1:87-90.
[72] P. Bacher, T. Holz, M. Kotter et al., Know your enemy: Tracking botnets.2005,http://www.honeynet.org/papers/bots
[73] G. Gu, R. Perdisct, J. Zhang et al., BotMiner: Clustering analysis of network traffic forprotocol-and structure-independent botnet detection[C]. In: Proceeding of the17thUSENIX Security Symp, Berkeley, CA,2008,269-286.
[74]诸葛建伟,韩心慧,周勇林等,僵尸网络研究[J].软件学报,2008,19:702-715.
[75]王天佐,王怀民,刘波等,僵尸网络中的关键问题[J].计算机学报,2012,35:1192-1208.
[76] E. Cook, F. Jahanian, The zombie roundup: Understanding, detecting,and disruptingbotnets[C]. In: Proceding of the1st USENIX Workshop on Hot Topics inUnderstanding Botnets, Berkeley, CA,2005,39-44.
[77] F. Leder, T. Werner, P. Martini, Proactive botnet countermeasures-An offensiveapproach[R]. Tallinn, Estonia,2009.
[78]许长伟,向继,鲍春杰等,蠕虫软件仿真技术研究与进展[J].计算机仿真,2006,23:139-144.
[79]王跃武,荆继武,向继等,拓扑相关网络蠕虫仿真分析[J].软件学报,2008,19:1508-1518.
[80] D. Nicol, The impact of stochastic variance on worm propagation and detection[C]. In:Proc. of the2006ACM Workshop on Rapid Malcode,New York,2006,57-63.
[81] G.F. Riley, M.I. Sharif, W. Lee, Simulating Internet worms[C]. In:Proceeding of the12th IEEE/ACM International Symp. on Modeling,Analysis and Simulation ofComputer and Telecommunication Systems,Washington,2004,268-274.
[82] M. Liljenstam, Y. Yuan, B. Premore et al., A mixed abstraction level simulation modelof large-scale Internet worm infestations[C]. In:Proc. of the10th IEEE InternationalSymp. on Modeling, Analysis,and Simulation of Computer and TelecommunicationsSystems,Washington,2002,109-116.
[83] M. Overton, Bots and botnets: risks, issues and prevention[C]. In: Proceeding of the2005Virus Bulletin conference, Burligton, Dublin,2005,1-28.
[84] D. Dagon, C. Zou, W.K. Lee, Modeling botnet propagation using time zones[C]. In:Proceedings of13th Annual Network and Distributed System Security, San Diego, CA,2006,1-15.
[85] J.D. Murray, Mathematical Modeling in Epidemiology[M]. Berlin: Springer-Verlag,2003.
[86] J. Hofbauer, K. Sigmund, Evolutionary Games and Population Dynamics[M].Cambridge: Cambridge University Press,1998.
[87] M.A. Nowak, K. Sigmund, Evolutionary dynamics of biological games[J]. Science,2004,303:793-798.
[88] W.H. Debany Jr., Modeling the spread of internet worms via persistently unpatchedhosts[J]. IEEE Netw.,2008,22:26-32.
[89] E. Sanchez, P. Auger, R. Bravo de la Parra, Influence of individual aggressiveness onthe dynamics of competitive populations[J]. Acta Biotheoretica,1997,45:321-333.
[90] P. Auger, R. Bravo de la Parra, Mehtods of aggregation of variables in populationdynsmics[J]. C.R.Acad.Sci.,2000,323:665-674.
[91] N. Fenichel, Persistence and smoothness of invariant manifolds for flows[J]. IndianaUniv. Math. J.,1971,21:193-226.
[92] D.T. Gillespie, Exact stochastic simulation of coupled chemical reactions[J].J.Phys.Chem.,1997,81:2340-2361.
[93] D. Arnaud, F. Nando de, G. Neil, Sequential Monte Carlo Methods in Practice[M]. NewYork: Springer,2001.
[94] B. Stephenson, B. Sikdar, A quasi-species model for the propagation and containmentof polymorphic worms[J]. IEEE Trans. Comput.,2009,58:1289-1296.
[95] M. Vojnovic, A.J. Ganesh, On the race of worms, alerts, and patches[J]. IEEE/ACMTrans. Netw.,2008,16:1066-1079.
[96] M. Hypponen, Malware Goes Mobile[J]. Scientific American,2006,295:70-77.
[97] L.P. Song, Dynamics of Multiple Internet Worms[C]. In: Proceedings of the3rdInternational Conference on Biomedical Engineering and Informatics, Yantai,2010,2726-2729.
[98] R.M. Anderson, R.M. May, Infectious Diseases in Humans: Dynamics and Control[M],Oxford: Oxford University Press,1991.
[99]马知恩,周义仓,常微分方程定性与稳定性方法[M].北京:科学出版社,2001.
[100] T.C. Reluga, Game Theory of Social Distancing in Response to an Epidemic[J]. PlosComputational Biology,2010,6:1-9.
[101] S. Funk, M. Salathe, V.A.A. Jansen, Modeling the influence of human behaviour on thespread of infectious disease: a review[J].2010,7:1247-1256.
[102] E.P. Fenichel, C.C. Chavez, M.G. Ceddia et al., Adaptive human behavior inepidemiological models[J].2011,108:6306-6311.
[103] E.A. Barbashin, Introduction to Theory of Stability[M]. Walters Noordhoff, Groningen,1970.
[104]葛哲学,精通MATLAB[M].北京:电子工业出版社,2008.
[105]魏毅强,张建国,张洪斌等,数值计算方法[M].北京:科学出版社,2004.
[106]左黎明,刘二根,汤鹏志,U盘病毒随机传播模型[J].微电子学与计算机,2010,27:106-108.
[107]王晓燕,金聪,计算机病毒传播模型及检测研究[M].武汉:硕士学位论文,2011.
[108] D. Raywood, Greater Manchester police hit by conficker from infected USB that leavesit unconnected from its network for three days[J]. SC Magazine,2010.
[109] M. Lewis, J. Renclawowicz, P. van den Driessche, Traveling Waves and Spread Ratesfor a West Nile Virus Model[J]. Bulletin of Mathematical Biology,2006,68:3-23.
[110] F. Rubel, K. Brugger, M. Hantel et al., Explaining Usutu virus dynamics in Austria:Model development and calibration[J].Preventive Veterinary Medicine,2008,85:166-186.
[111] M.J. Wonham, T. de-Camino-Beck, M.A. lewis, An epidemiological model for WestNile virus: invasion analysis and control applications[J].Proc. R. Soc. B.,2004,271:501-507.
[112] L. Markus, Asymptotically autonomous differential systems[M]. In Contributions to theTheory of Nolinear Oscillations III (S.~Lefschetz, ed.): Ann. Math. Stud.,1956,36:17-29.
[113] H.R. Thieme, Asymptotically autonomous differential equations inthe plane[J]. J. Math.,1994,24:351-380.
[114] J. La Salle, S. Lefschetz, Stability by Liapunov’s Direct Method[M]. New York:Academic Press,1961.
[115] Science and technology daily2010[Online]. Available: http://www.stdaily.com/kjrb/content/2010-08/18/content220190.htm
[116] R.A. Grimes, Malicious Mobile Code: Virus Protection for Windows. O'Reilly\&Associates, Inc.,2001.
[117] CERT, Code Red Worm Exploiting Buffer Overflow In IIS Indexing Service DLL[R].CA-2001-19, CERT:http://www.cert.org/advisories/CA-2001-19.html,2001.
[118] C. Wong, C. Wang, D. Song et al., Dynamic Quarantine of Internet Worms[C]. In: theInternational Conference on Dependable Systems and Networks, Florence,2004.
[119] Nlanr.: Bell Lab-I Data Set (2007),http://pma.nlanr.net/Traces/long/bell.html.
[2]綦宗纲,军队计算机网络安全性研究与应用[M].硕士学位论文,北京:北京交通大学,2007.
[3] Rising Viruslist.http://it.rising.com.cn/antivirus/mail-virus/mailvirus041.htm
[4]汪小帆,李翔,陈关荣,复杂网络理论及其应用[M].北京:清华大学出版社,2006.
[5] J. Nazario, The Conficker Cabal Announced, Arbor Networks.http://asert.arbornetworks.com/2009/02/the-conficker-cabal-announced.
[6] T.M. Chen, Stuxnet, the Real Start of Cyber Warfare[J]. IEEE. NETW.,2010,24:2-3.
[7]刘功申,计算机病毒及其防范技术[J].北京:清华大学出版社,2007.
[8] Symantec Security Response: W32.Stuxnet Dossier.http://www.symantec.com/connect/blogs/w32stuxnet-dossier
[9] Kaspersky: Virus News.http://www.kaspersky.com/about/news/virus/2012/kaspersky-lab-publishes-new-research
[10]王威,方滨兴,崔翔,基于终端行为特征的IRC僵尸网络检测[J].计算机学报,2009,32:1980-1988.
[11]李润恒,王明华,贾焰,基于通信特征提取和IP聚集的僵尸网络相似性度量模型[J].计算机学报,2010,33:45-54.
[12]汪洁,王建新,陈建二,基于彩色编码的多态蠕虫特征自动提取方法[J].软件学报,2010,21:2599-2609.
[13]程春玲,柴倩,徐小龙等,基于免疫协作的P2P网络病毒检测模型[J].计算机科学,2011,38:60-63.
[14]张永铮,肖军,云晓春等,DDoS攻击检测和控制方法[J].软件学报,2012,23:2058-2072..
[15]王蕊,冯登国,杨轶等,基于语义的恶意代码行为特征提取及检测方法[J].软件学报,2012,23:379-393..
[16]王雅文,姚欣洪,宫云战等,一种基于代码静态分析的缓冲区溢出检测算法[J].计算机研究与发展,2012,49:839-845.
[17]杨丁宁,肖晖,张玉清,基于Fuzzing的ActiveX控件漏洞挖掘技术研究[J].计算机研究与发展,2012,49:1525-1532.
[18]汪洁,王建新,刘绪崇,基于近邻关系特征的多态蠕虫防御方法[J].通信学报,2011,32:150-158.
[19] J.R. Crandall, R. Enasfi, S. Forrest et al., The Ecology of Malware[C]. In: The NewSecurity Paradigms Workshop, California,2008,99-106.
[20] W.O. Kermack, A.G. McKendrick, Contributions of mathematical theory toepidemics[J]. Proceedings of the Royal Society of London: Series A,1927,115:700-721.
[21] J.C. Frauenthal, Mathematical modeling in epidemiology[M]. Springer-Verlag,1980.
[22] J.O. Kephart, S.R. White, Directed-graph epidemiological models of computerviruses[C]. In: IEEE Symposium on Security and Privacy, Oakland,1991,343-361.
[23] J.C. Wierman, D.J. Marchette, Modeling computer virus prevalence with asusceptible-infected-susceptible model with reintroduction[J]. Computational Statisticsand Data Analysis,2004,45:3-23.
[24] C.C. Zou, W. Gong, D. Towsley, Code red worm propagation modeling and analysis[C].In: Atluri V, ed. Proc. of the9th ACM Symp. On Computer and CommunicationSecurity, New York,2002,138-147.
[25] J.R.C. Piqueira, A.A. de Vasconcelos, C.E.C.J. Gavriel et al., Dynamic models forcomputer viruses[J].Computers and Security,2008,27:355-359.
[26] X. Han, Q.L. Tan, Dynamical behavior of computer virus on Internet[J]. AppliedMathematics and Computation,2010,217:2520-2526.
[27] B. K. Mishra, S. K. Pandey, Dynamic model of worms with vertical transmission incomputer network[J]. Applied Mathematics and Computation,2011,217:8438-8446.
[28] J. Ren, X. Yan, Q. Zhu et al., A novel computer virus model and its dynamics[J].Nonlinear Analysis: Real World Applications,2012,13:376-384.
[29] L.Feng, X.Liao, H.Li et al., Hopf bifurcation analysis of a delayed viral infection modelin computer networks[J]. Mathematical and Computer Modeling,2012,56:167-179.
[30] L.-X..Yang, X.Yang, Propagation Behavior of Virus Codes in the Situation ThatInfected Computers Are Connected to the Internet with Positive Probability[J]. DiscreteDynamics in Nature and Society,2012, doi:10.1155/2012/693695.
[31] Q.Zhu, X.Yang, J.Ren, Modeling and analysis of the spread of computer virus[J].Communications in Nonlinear Science and Numerical Simulation,2012,17:5117-5124.
[32] Y Li, J.-X. Pan,Z.Jin, Dynamic modeling and analysis of the email virus propagation[J].Discrete Dynamics in Nature and Society,2012,doi:10.1155/2012/472072.
[33] S. Tanachaiwiwat, A. Helmy, Modeling and analysis of worm interactions: war of theworm[C]. In: Proceedings of the Fouth International Conference on BroadbandCommunications, Networks, and Systems, Raleigh, NC,2007,649-658.
[34]周翰逊,赵宏,主动良性蠕虫和混合良性蠕虫的建模与分析[J].计算机研究与发展,2007,44:958-964.
[35] S. Tanachaiwiwat, A. Helmy, Encounter-based worms: analysis and defense[J]. Ad HocNetwork,2009,7:1414-1430.
[36] Kaspersky: Securelist. http://www.securelist.com/en/descriptions
[37] M.E.J. Newman, S. Forrest, J. Balthrop, Email networks and the spread of computerviruses[J]. Physical Review E,2002,66:035101.
[38] C.C. Zou, D. Towsley, W. Gong, Email virus propagation modeling and analysis[R].TR-CSE-03-04,Amherst: University of Massachusettes,2003.
[39]夏春和,石昀平,李肖坚,结构化对等网中的P2P蠕虫传播模型研究[J].计算机学报,2006,29:952-959.
[40]卿斯汉,王超,何建波等,即时通信蠕虫研究与发展[J].软件学报,2006,17:2118-2130.
[41] G. Chen, R.S. Gray, Simulating non-scanning worms on peer-to-peer network[C]. In:Proceedings of the International Conference on Scalable Information Systems, HongKong,2006,1-13.
[42] C.C. Zou, D. Towsley, W. Gong, Modeling and Simulation Study of the Propagationand Defense of Internet E-mail Worms[J].IEEE Transactions on Dependable and SecureComputing,2007,4:105-118.
[43]孙鑫,刘衍衍,朱建启等,社交网络蠕虫仿真建模研究[J].计算机学报,2011,34:1252-1261.
[44] M.C. Gonzalez, C.A. Hidalgo, A.L. Barabasi, Understanding individual human mobilitypatterns[J].Nature,2008,453:779-782.
[45] P. Wang, M.C. Gonzalez, C.A. Hidalgo et al., Understanding the spreading Patterns ofMobile Phone Viruses[J]. Science,2009,324:1071-1076.
[46] J. Yu, Y. Hu, M. Yu et al., Analyzing netizens' view and reply behaviors on theforum.[J]. Physica A,2010,389:3267-3273.
[47] M.M. Williamson, Throttling Viruses: Restricting propagation to defeat maliciousmobile code[R].HPL-2002-172, HP: HP Lavoratories Bristol,2002.
[48] S.H. Sellke, N.B. Shroff and S. Bagchi, Modeling and Automated Containment ofWorms[J]. IEEE Transactions on Dependable and Secure Computing,2008,5:71-86.
[49]江健,诸葛建伟,段海新等,僵尸网络机理与防御技术[J].软件学报,2012,23:82-96.
[50] W.K. Lee, C. Wang, D. Dagon, Botnet Detection: Countering the Largest SecurityThreat[M]. New York: Springer,2008.
[51]方滨兴,崔翔,王威,僵尸网络综述[J].计算机研究与发展,2011,48:1315-1331.
[52] L.P. Song, Z. Jin, G.Q. Sun, Modeling and analyzing of botent interactions[J].PHYSICA A,2011,390:347-358.
[53]宋礼鹏,多蠕虫传播模型分析[J].计算机应用,2010,30:3360-3362.
[54] L.P. Song, X. Han, D.M. Liu et al., Adaptive human behavior in a two-worm interactionmodel[J]. Discrete Dynamics in Nature and Society,2012, doi:10.1155/2012/828246.
[55] L.P. Song, Z. Jin, G.Q. Sun et al., Influence of removable devices on computer worms:Dynamic analysis and control strategies[J]. Computers And Mathematics WithApplications,2011,61:1823-1829.
[56]马卫东,王磊,李幼平等,用户需求行为对互联网络动力学整体特性的影响[J].物理学报,2008,57:1381-1388.
[57] L.P. Song, Z. Jin, An Automated Worm Containment Scheme[J]. Lecture Notes InComputer Science,2010,6318:187-193.
[58] J. Brunner, The shockwave rider[M]. Canada: Delrey Books,1975.
[59] J.F. Shoch, J. Hupp, The worm progams-early experiments with a distributedcomputation[J]. Communications of the
[60] E.H. Spafford, The Internet worm program: an analysis[J]. ACM SIGCOMMComputer Communication Review,1989,19:17-57.
[61] N. Weaver, V. Paxson, S. Staniford et al., A taxonomy of computer worms[C]. In:Proceedings of the2003ACM Workshop on Rapid Malcode, Washington DC: USA,2003,11-18.
[62]文伟平,卿斯汉,蒋建春等,网络蠕虫研究与进展[J].软件学报,2004,15:1208-1219.
[63] D.M. Kienzle, M.C. Elder, Recent worms: a survey and trends[C]. In: Proceedings ofthe2003ACM Workshop on Rapid Malcode,Washington DC: USA,2003,1-10.
[64] S. Staniford, V. Paxson, N. Weaver, How to Own the Internet in Your Spare Time[C].In: Proc. of the$11^{th}$Usenix Security Symp.,California,2002,149-167.
[65] C.C. Zou, D. Towsley, W. Gong et al., Routing worm: a fast, selective attack wormbased on IP address information[C]. In:Proceedings of19th ACM/IEEE/SCS Workshopon Principles of Advanced and Distributed Simulation, Singapore,2005,199-206.
[66]徐延贵,钱焕延,张凯,IPv6网络中DNS蠕虫的研究[J].计算机科学,2009,36:32-37.
[67] C.C. Zou, D. Towsley, W. Gong, On the performance of Internet worm scanningstrategies[J]. Performance Evaluation,2006,63:700-723.
[68] M. Liljenstam, D.M. Nicol, Comparing passive and active worm defense[C]. In:Proceeding of1st International Conference on the Quantitative Evaluation of Systems,2004,18-27.
[69]王方伟,大规模网络蠕虫建模与防御研究[M].博士学位论文,西安:西安电子科技大学,2009.
[70]汪小帆,李翔,陈关荣,网络科学导论[M].北京:高等教育出版社,2012.
[71] B. McCarty, Botnets: Big and bigger[J]. IEEE Security\&Privacy,2003,1:87-90.
[72] P. Bacher, T. Holz, M. Kotter et al., Know your enemy: Tracking botnets.2005,http://www.honeynet.org/papers/bots
[73] G. Gu, R. Perdisct, J. Zhang et al., BotMiner: Clustering analysis of network traffic forprotocol-and structure-independent botnet detection[C]. In: Proceeding of the17thUSENIX Security Symp, Berkeley, CA,2008,269-286.
[74]诸葛建伟,韩心慧,周勇林等,僵尸网络研究[J].软件学报,2008,19:702-715.
[75]王天佐,王怀民,刘波等,僵尸网络中的关键问题[J].计算机学报,2012,35:1192-1208.
[76] E. Cook, F. Jahanian, The zombie roundup: Understanding, detecting,and disruptingbotnets[C]. In: Proceding of the1st USENIX Workshop on Hot Topics inUnderstanding Botnets, Berkeley, CA,2005,39-44.
[77] F. Leder, T. Werner, P. Martini, Proactive botnet countermeasures-An offensiveapproach[R]. Tallinn, Estonia,2009.
[78]许长伟,向继,鲍春杰等,蠕虫软件仿真技术研究与进展[J].计算机仿真,2006,23:139-144.
[79]王跃武,荆继武,向继等,拓扑相关网络蠕虫仿真分析[J].软件学报,2008,19:1508-1518.
[80] D. Nicol, The impact of stochastic variance on worm propagation and detection[C]. In:Proc. of the2006ACM Workshop on Rapid Malcode,New York,2006,57-63.
[81] G.F. Riley, M.I. Sharif, W. Lee, Simulating Internet worms[C]. In:Proceeding of the12th IEEE/ACM International Symp. on Modeling,Analysis and Simulation ofComputer and Telecommunication Systems,Washington,2004,268-274.
[82] M. Liljenstam, Y. Yuan, B. Premore et al., A mixed abstraction level simulation modelof large-scale Internet worm infestations[C]. In:Proc. of the10th IEEE InternationalSymp. on Modeling, Analysis,and Simulation of Computer and TelecommunicationsSystems,Washington,2002,109-116.
[83] M. Overton, Bots and botnets: risks, issues and prevention[C]. In: Proceeding of the2005Virus Bulletin conference, Burligton, Dublin,2005,1-28.
[84] D. Dagon, C. Zou, W.K. Lee, Modeling botnet propagation using time zones[C]. In:Proceedings of13th Annual Network and Distributed System Security, San Diego, CA,2006,1-15.
[85] J.D. Murray, Mathematical Modeling in Epidemiology[M]. Berlin: Springer-Verlag,2003.
[86] J. Hofbauer, K. Sigmund, Evolutionary Games and Population Dynamics[M].Cambridge: Cambridge University Press,1998.
[87] M.A. Nowak, K. Sigmund, Evolutionary dynamics of biological games[J]. Science,2004,303:793-798.
[88] W.H. Debany Jr., Modeling the spread of internet worms via persistently unpatchedhosts[J]. IEEE Netw.,2008,22:26-32.
[89] E. Sanchez, P. Auger, R. Bravo de la Parra, Influence of individual aggressiveness onthe dynamics of competitive populations[J]. Acta Biotheoretica,1997,45:321-333.
[90] P. Auger, R. Bravo de la Parra, Mehtods of aggregation of variables in populationdynsmics[J]. C.R.Acad.Sci.,2000,323:665-674.
[91] N. Fenichel, Persistence and smoothness of invariant manifolds for flows[J]. IndianaUniv. Math. J.,1971,21:193-226.
[92] D.T. Gillespie, Exact stochastic simulation of coupled chemical reactions[J].J.Phys.Chem.,1997,81:2340-2361.
[93] D. Arnaud, F. Nando de, G. Neil, Sequential Monte Carlo Methods in Practice[M]. NewYork: Springer,2001.
[94] B. Stephenson, B. Sikdar, A quasi-species model for the propagation and containmentof polymorphic worms[J]. IEEE Trans. Comput.,2009,58:1289-1296.
[95] M. Vojnovic, A.J. Ganesh, On the race of worms, alerts, and patches[J]. IEEE/ACMTrans. Netw.,2008,16:1066-1079.
[96] M. Hypponen, Malware Goes Mobile[J]. Scientific American,2006,295:70-77.
[97] L.P. Song, Dynamics of Multiple Internet Worms[C]. In: Proceedings of the3rdInternational Conference on Biomedical Engineering and Informatics, Yantai,2010,2726-2729.
[98] R.M. Anderson, R.M. May, Infectious Diseases in Humans: Dynamics and Control[M],Oxford: Oxford University Press,1991.
[99]马知恩,周义仓,常微分方程定性与稳定性方法[M].北京:科学出版社,2001.
[100] T.C. Reluga, Game Theory of Social Distancing in Response to an Epidemic[J]. PlosComputational Biology,2010,6:1-9.
[101] S. Funk, M. Salathe, V.A.A. Jansen, Modeling the influence of human behaviour on thespread of infectious disease: a review[J].2010,7:1247-1256.
[102] E.P. Fenichel, C.C. Chavez, M.G. Ceddia et al., Adaptive human behavior inepidemiological models[J].2011,108:6306-6311.
[103] E.A. Barbashin, Introduction to Theory of Stability[M]. Walters Noordhoff, Groningen,1970.
[104]葛哲学,精通MATLAB[M].北京:电子工业出版社,2008.
[105]魏毅强,张建国,张洪斌等,数值计算方法[M].北京:科学出版社,2004.
[106]左黎明,刘二根,汤鹏志,U盘病毒随机传播模型[J].微电子学与计算机,2010,27:106-108.
[107]王晓燕,金聪,计算机病毒传播模型及检测研究[M].武汉:硕士学位论文,2011.
[108] D. Raywood, Greater Manchester police hit by conficker from infected USB that leavesit unconnected from its network for three days[J]. SC Magazine,2010.
[109] M. Lewis, J. Renclawowicz, P. van den Driessche, Traveling Waves and Spread Ratesfor a West Nile Virus Model[J]. Bulletin of Mathematical Biology,2006,68:3-23.
[110] F. Rubel, K. Brugger, M. Hantel et al., Explaining Usutu virus dynamics in Austria:Model development and calibration[J].Preventive Veterinary Medicine,2008,85:166-186.
[111] M.J. Wonham, T. de-Camino-Beck, M.A. lewis, An epidemiological model for WestNile virus: invasion analysis and control applications[J].Proc. R. Soc. B.,2004,271:501-507.
[112] L. Markus, Asymptotically autonomous differential systems[M]. In Contributions to theTheory of Nolinear Oscillations III (S.~Lefschetz, ed.): Ann. Math. Stud.,1956,36:17-29.
[113] H.R. Thieme, Asymptotically autonomous differential equations inthe plane[J]. J. Math.,1994,24:351-380.
[114] J. La Salle, S. Lefschetz, Stability by Liapunov’s Direct Method[M]. New York:Academic Press,1961.
[115] Science and technology daily2010[Online]. Available: http://www.stdaily.com/kjrb/content/2010-08/18/content220190.htm
[116] R.A. Grimes, Malicious Mobile Code: Virus Protection for Windows. O'Reilly\&Associates, Inc.,2001.
[117] CERT, Code Red Worm Exploiting Buffer Overflow In IIS Indexing Service DLL[R].CA-2001-19, CERT:http://www.cert.org/advisories/CA-2001-19.html,2001.
[118] C. Wong, C. Wang, D. Song et al., Dynamic Quarantine of Internet Worms[C]. In: theInternational Conference on Dependable Systems and Networks, Florence,2004.
[119] Nlanr.: Bell Lab-I Data Set (2007),http://pma.nlanr.net/Traces/long/bell.html.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |