动态环境下P2P蠕虫防御模型的研究
|
摘要
作为分布式系统与计算机网络相结合的产物,点对点通信方式已经成为当前数据共享,即时通信与企业协同领域最流行的网络技术。P2P网络也已成为因特网的一个重要而不可或缺的组成部分。但是P2P网络也为蠕虫的攻击与传播提供了良好的平台,使之面临着一系列的安全威胁。尤其是当P2P蠕虫出现之后,因其对P2P网络带来的严重伤害以及对因特网构成的潜在威胁,使得这种情况日益恶化。因此如何在动态条件下防御P2P蠕虫的攻击已经成为一个很有的价值的研究热点。
按照扫描策略的不同,可将蠕虫可为两类,一类是非扫描蠕虫,一类是扫描蠕虫。在网络蠕虫发展的初期,采用随机扫描方式寻找潜在攻击目标的扫描蠕虫占据主导;随着P2P应用的日益普及,借助邻居列表搜索潜在攻击目标的P2P蠕虫成为主流,P2P蠕虫正是一种典型的非扫描蠕虫。根据攻击方式的不同,又可把对P2P网络造成危重威胁的P2P蠕虫分为三类,第一类是被动型P2P蠕虫,它们将自己隐藏在恶意文件中,欺骗用户下载并执行这些文件实现自身的传播;第二类是沉默型P2P蠕虫,它们通过合法的网络链接实现自身的传播;第三类是主动型P2P蠕虫,也是危害最大的非扫描蠕虫。它们利用从入侵节点上所获取到的路由信息主动搜索并链接潜在的攻击目标实现自身传播。
由于P2P蠕虫能够利用层叠网中的路由机制实现拓扑传播,省掉了扫描过程,使得P2P蠕虫的传播更加隐蔽,攻击更加高效。因此有必要建立各类P2P蠕虫的防御模型并以此描述P2P蠕虫的防御过程,同时利用模型推导影响P2P蠕虫防御性能的关键因素。在本文的研究中取得了如下创新成果:
第一、针对结构化P2P网络中已有的主动蠕虫传播模型或多或少地忽略了P2P节点的动态性和多样性的问题,利用节点差异化理论,提出了一种防御策略,通过调整节点间的异构化参数,增加逻辑邻居节点间的配置差异来延缓主动蠕虫在结构化P2P网络中的传播速度。仿真实验证明通过调整相邻节点间的异构化参数可以有效地降低主动蠕虫在结构化P2P网络中的传播速度。
第二、针对非结构化P2P网络中已有的主动蠕虫防御模型过于复杂的问题,创新性地提出利用形式化逻辑矩阵来描述对抗环境下的主动蠕虫传播过程。仿真实验证明了此模型在动态环境下描述主动蠕虫对抗过程与防御过程的可行性与有效性。
第三、针对现有的大多数被动蠕虫防御模型或多或少地忽略P2P节点本身的随机搅动,定期隔离,突发下载,选择执行等动态属性对蠕虫传播效果影响的问题,构建了一个基于平均场法的被动蠕虫防御模型用于描述被动蠕虫在动态环境下的防御过程;针对平均场法防御模型忽略P2P节点间的信任关系,拓扑结构,安全意识以及潜在收益等社会属性对蠕虫传播效果的影响,利用节点间的信任评价体系和非零和博弈理论,构建了基于社交网络的被动蠕虫防御模型,并通过数值模拟与仿真实验证明这两类蠕虫防御模型的有效性与正确性。
第四、针对当前已有的沉默蠕虫防御模型或多或少地忽略了部分P2P节点动态特性对蠕虫传播过程影响的问题,在充分考虑真实环境下制约沉默蠕虫传播效果的各种动态因素的前提下,利用平均场法理论与生物流行病学知识,构建了动态环境下的沉默蠕虫防御模型;针对上述模型忽略用户习惯对沉默蠕虫攻击效果存在巨大影响的问题,通过分析和比较不同时段的节点数量和用户行为,仿真了不同时段的在网节点规模,并利用概率论知识,提出了基于动态时间的沉默蠕虫防御模型。并通过数值分析和仿真实验证明了上述两类蠕虫防御模型的有效性与可行性,并借此推导出沉默蠕虫的关键防御时段。
. Based on distributed system and computer networks, Peer-to-Peer (P2P) is themost popular networking technology for data sharing, instant messaging, andenterprise collaboration. P2P networks have become one part of Internet essentially.However, the current P2P networks are now facing serious security threat since theyalso provide an advantageous facility for worm attacking and propagation. Especiallythe emergence of P2P worms not only brings server harm to P2P networks, but alsoposes an underlying threat to Internet. Therefore, how to defend the P2P worm attacksin dynamic environment has become a significant research topic.
According to scanning strategies, Worms can be divided into two categories. oneis scanning worms, the other is non-scanning worms. Scanning worm that found thepotential targets by employing a random scanning strategy occupied a dominantposition in early stages of Internet worm development, but now P2P worms that tend tofind the potential targets by employing neighbor list became mainstream with thedevelopment and popularization of P2P applications. P2P worm is a kind of typicalnon-scannig worm. According to attacking ways, P2P worms that brought much greatthreat to P2P networks security can be divided into three groups. Passive worm,reactive worm and active worm. Passive worms hide themselves in malicious files andtrick users into downloading and executing them for propagation; reactive worms onlypropagate themselves with legitimate network activities; and active worms, they arethe most dangerous non-scannig worm in P2P networks, automatically connect to andinfect the potential targets by using topological information for propagation.
As P2P worms can carry out topology propagation by overlay networks, omit thescanning process, which made their propagation more stealthier and their attack moreefficient. It is necessary to establish defense models to exactly describe the defenseprocess of P2P worm, and find a number of key parameters to affect the defensiveperformance of P2P worm by employing these models. This paper makes the followingfour contributions.
1) Considering the existing propagation models of active worm in structured P2P system more or less ignored the diversity and dynamic of P2P nodes, a preventionstrategy using node heterogeneous theory is proposed by adjusting the heterogeneousvariable and increasing the configuration differences of adjacent logical nodes instructured P2P network to slow the propagation speed of active worm. Simulationresults show that the spreading speed of active worms in structured P2P network canbe slowed down efficiently by adjusting the heterogeneous variable betweenneighboring nodes.
2) Considering the existing defense models of active worm in unstructured P2Psystem are too complex, formalized logic matrix is innovatively put forwarded tocharacterize the propagation of active worm in adversarial environment. Simulationresults show this model is effective and feasible to describe countermeasure processand defense process of active worms in dynamic environment.
3) Considering the existing defense models of passive worm more or less ignoredthe impact of the dynamic features of P2P nodes on the spread of worms, such asrandom stir, regular quarantine, sudden traffic and selective execution. A defensemodel of passive worm based on mean-filed theory is proposed to characterize thedefense process of passive worm in dynamic environment. Given the foregoing modelignores the impact of the social attribute of P2P nodes on the spread of worms, such astrust relationship, network topology, security awareness and potential profit. A defensemodel of passive worm based on social network theory is proposed by using creditevaluation system and non-zero-sum game theory.The accuracy and validity of thesedefense models are proved by numerical simulation and simulation experiment.
4) Considering the existing defense models of reactive worm more or less ignoredthe impact of the dynamic features of P2P nodes on the spread of worms, a defensemodel of reactive worm is proposed by using mean-filed theory and epidemiologymodel with fully considering various dynamic factors that restrict the propagation ofreactive worm in real environment. Given the foregoing model ignores the impact ofuser behavior on the spread of worms, network size is simulated by analyzingcomparing network size and user behavior at different time periods, and a defensemodel of reactive worm based on dynamic time is proposed by using probabilitytheory. The accuracy and validity of these defense models are proved by numerical simulation and simulation experiment, also the key periods of reactive worm defense isdeduced.
按照扫描策略的不同,可将蠕虫可为两类,一类是非扫描蠕虫,一类是扫描蠕虫。在网络蠕虫发展的初期,采用随机扫描方式寻找潜在攻击目标的扫描蠕虫占据主导;随着P2P应用的日益普及,借助邻居列表搜索潜在攻击目标的P2P蠕虫成为主流,P2P蠕虫正是一种典型的非扫描蠕虫。根据攻击方式的不同,又可把对P2P网络造成危重威胁的P2P蠕虫分为三类,第一类是被动型P2P蠕虫,它们将自己隐藏在恶意文件中,欺骗用户下载并执行这些文件实现自身的传播;第二类是沉默型P2P蠕虫,它们通过合法的网络链接实现自身的传播;第三类是主动型P2P蠕虫,也是危害最大的非扫描蠕虫。它们利用从入侵节点上所获取到的路由信息主动搜索并链接潜在的攻击目标实现自身传播。
由于P2P蠕虫能够利用层叠网中的路由机制实现拓扑传播,省掉了扫描过程,使得P2P蠕虫的传播更加隐蔽,攻击更加高效。因此有必要建立各类P2P蠕虫的防御模型并以此描述P2P蠕虫的防御过程,同时利用模型推导影响P2P蠕虫防御性能的关键因素。在本文的研究中取得了如下创新成果:
第一、针对结构化P2P网络中已有的主动蠕虫传播模型或多或少地忽略了P2P节点的动态性和多样性的问题,利用节点差异化理论,提出了一种防御策略,通过调整节点间的异构化参数,增加逻辑邻居节点间的配置差异来延缓主动蠕虫在结构化P2P网络中的传播速度。仿真实验证明通过调整相邻节点间的异构化参数可以有效地降低主动蠕虫在结构化P2P网络中的传播速度。
第二、针对非结构化P2P网络中已有的主动蠕虫防御模型过于复杂的问题,创新性地提出利用形式化逻辑矩阵来描述对抗环境下的主动蠕虫传播过程。仿真实验证明了此模型在动态环境下描述主动蠕虫对抗过程与防御过程的可行性与有效性。
第三、针对现有的大多数被动蠕虫防御模型或多或少地忽略P2P节点本身的随机搅动,定期隔离,突发下载,选择执行等动态属性对蠕虫传播效果影响的问题,构建了一个基于平均场法的被动蠕虫防御模型用于描述被动蠕虫在动态环境下的防御过程;针对平均场法防御模型忽略P2P节点间的信任关系,拓扑结构,安全意识以及潜在收益等社会属性对蠕虫传播效果的影响,利用节点间的信任评价体系和非零和博弈理论,构建了基于社交网络的被动蠕虫防御模型,并通过数值模拟与仿真实验证明这两类蠕虫防御模型的有效性与正确性。
第四、针对当前已有的沉默蠕虫防御模型或多或少地忽略了部分P2P节点动态特性对蠕虫传播过程影响的问题,在充分考虑真实环境下制约沉默蠕虫传播效果的各种动态因素的前提下,利用平均场法理论与生物流行病学知识,构建了动态环境下的沉默蠕虫防御模型;针对上述模型忽略用户习惯对沉默蠕虫攻击效果存在巨大影响的问题,通过分析和比较不同时段的节点数量和用户行为,仿真了不同时段的在网节点规模,并利用概率论知识,提出了基于动态时间的沉默蠕虫防御模型。并通过数值分析和仿真实验证明了上述两类蠕虫防御模型的有效性与可行性,并借此推导出沉默蠕虫的关键防御时段。
. Based on distributed system and computer networks, Peer-to-Peer (P2P) is themost popular networking technology for data sharing, instant messaging, andenterprise collaboration. P2P networks have become one part of Internet essentially.However, the current P2P networks are now facing serious security threat since theyalso provide an advantageous facility for worm attacking and propagation. Especiallythe emergence of P2P worms not only brings server harm to P2P networks, but alsoposes an underlying threat to Internet. Therefore, how to defend the P2P worm attacksin dynamic environment has become a significant research topic.
According to scanning strategies, Worms can be divided into two categories. oneis scanning worms, the other is non-scanning worms. Scanning worm that found thepotential targets by employing a random scanning strategy occupied a dominantposition in early stages of Internet worm development, but now P2P worms that tend tofind the potential targets by employing neighbor list became mainstream with thedevelopment and popularization of P2P applications. P2P worm is a kind of typicalnon-scannig worm. According to attacking ways, P2P worms that brought much greatthreat to P2P networks security can be divided into three groups. Passive worm,reactive worm and active worm. Passive worms hide themselves in malicious files andtrick users into downloading and executing them for propagation; reactive worms onlypropagate themselves with legitimate network activities; and active worms, they arethe most dangerous non-scannig worm in P2P networks, automatically connect to andinfect the potential targets by using topological information for propagation.
As P2P worms can carry out topology propagation by overlay networks, omit thescanning process, which made their propagation more stealthier and their attack moreefficient. It is necessary to establish defense models to exactly describe the defenseprocess of P2P worm, and find a number of key parameters to affect the defensiveperformance of P2P worm by employing these models. This paper makes the followingfour contributions.
1) Considering the existing propagation models of active worm in structured P2P system more or less ignored the diversity and dynamic of P2P nodes, a preventionstrategy using node heterogeneous theory is proposed by adjusting the heterogeneousvariable and increasing the configuration differences of adjacent logical nodes instructured P2P network to slow the propagation speed of active worm. Simulationresults show that the spreading speed of active worms in structured P2P network canbe slowed down efficiently by adjusting the heterogeneous variable betweenneighboring nodes.
2) Considering the existing defense models of active worm in unstructured P2Psystem are too complex, formalized logic matrix is innovatively put forwarded tocharacterize the propagation of active worm in adversarial environment. Simulationresults show this model is effective and feasible to describe countermeasure processand defense process of active worms in dynamic environment.
3) Considering the existing defense models of passive worm more or less ignoredthe impact of the dynamic features of P2P nodes on the spread of worms, such asrandom stir, regular quarantine, sudden traffic and selective execution. A defensemodel of passive worm based on mean-filed theory is proposed to characterize thedefense process of passive worm in dynamic environment. Given the foregoing modelignores the impact of the social attribute of P2P nodes on the spread of worms, such astrust relationship, network topology, security awareness and potential profit. A defensemodel of passive worm based on social network theory is proposed by using creditevaluation system and non-zero-sum game theory.The accuracy and validity of thesedefense models are proved by numerical simulation and simulation experiment.
4) Considering the existing defense models of reactive worm more or less ignoredthe impact of the dynamic features of P2P nodes on the spread of worms, a defensemodel of reactive worm is proposed by using mean-filed theory and epidemiologymodel with fully considering various dynamic factors that restrict the propagation ofreactive worm in real environment. Given the foregoing model ignores the impact ofuser behavior on the spread of worms, network size is simulated by analyzingcomparing network size and user behavior at different time periods, and a defensemodel of reactive worm based on dynamic time is proposed by using probabilitytheory. The accuracy and validity of these defense models are proved by numerical simulation and simulation experiment, also the key periods of reactive worm defense isdeduced.
引文
[1] China Internet Network Information Center,第30次中国互联网络发展状况统计报告
[EB/OL]. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201207/t20120723_32497.htm,July23,2012
[2] China Internet Computer Emergency Response Team,2011年中国互联网网络安全报告
[EB/OL]. http://www.cert.org.cn/publish/main/upload/File/2011-6.pdf, May23,2012
[3] F. Cohen. Computer viruses: theory and experiments [J]. Computers&Security.1987,(6):22-35
[4]郑辉. Internet蠕虫研究[D].天津:南开大学信息技术科学学院,2003,12-15
[5] S. Staniford. The worm faq: frequently asked questions on worms and worm containment,whitepaper[R]. Silicon Defense, UC Berkeley,2005
[6] China Internet Computer Emergency Response Team.2011年我国互联网网络安全态势综述[EB/OL]. http://www.antiy.com/news/20120320.html, March20,2012
[7] S. M. Hwang. P2P protocols analysis and blocking algorithm[C], Computational Science andIts Applications-ICCSA2005Proceedings, Singapore,2005,2l-30
[8] S. Staniford, V. Paxson, N. Weaver. How to own the Internet in your spare Time [C]. Proc ofthe11th USENIX Security Symposium, New York, USA,2002,149-167
[9] eMule. Server list for edonkey2000[EB/OL]. http://www.emule.org.cn/faq/doc/addresses.htm,December28,2002
[10] BitTorrent.org. The bittorrent protocol specification[EB/OL], http://www.bittorrent.org/bep-s/bep_0003.html, June25,2009
[11] Symantec Corp. Internet security threat report2011trends [EB/OL]. http://www.symantec.-com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf,April,2012
[12] L. Zhou, L. Zhang, F. McSherry et a1. A first look at peer-to-peer worms: threats anddefenses[C]. Proc of the4th Int Workshop on Peer-to-Peer Systems. Berlin,2005,24-35
[13] G. L. Chen, R. S. Gray. Simulating non-scanning worms on peer-to-peer networks [C] Procof the1st international conference on Scalable information systems, Hong Kong,2006,29-41
[14] Z. S. Chen, L. X. Gao, K. A. Kwiat, Modeling the spread of active worms[C], Proc of IEEEINFOCOM, San Francisco, CA,2003,1890–1900
[15] J. Kannan, K. Lakshminarayanan. Implications of peer-to-peer networks on worm attacks anddefenses[EB/OL]. http://taz.newffr.com/TAZ/_VX_/papers/avers/karthik_jayanth.pdf,September1.2003
[16] W. Yu. Analyze the worm-based attack in large scale P2P networks[C]. Proc of the8th IEEEInternational Symposium on High Assurance Systems Engineering. Tampa, Florida:,2004,308-309
[17] W. Yu. Analyzing the performance of Internet worm attack approaches[C]. Proc of13thInternational Conference on Computer communications and Networks. Chicago, Illinois,2004,501-506
[18] Singer M. Benjamin worm plagues kazaa[EB/OL].http://www.internetnews.com/dev-news/article.php/1141841/Benjamin+Worm+Plagues%20KaZaA.htm, May20,2002
[19] A. G. McKendrick. Applications of mathematics to medical problems[C]. Proc of the44thEdinburgh Mathematica Society. Edinburgh,1926,98-130
[20] J. O. Kephart, S. R. White.Directed-graph epidemiological models of computer viruses[C].Proc of the IEEE Symp on Security and Privacy.Piscataway, NJ,1991,343-359
[21] C. C. Zou,W. Gong, D. Towsley.Code red worm propagation modeling and analysis[C].Proc of the9th ACM Conference on Computer and Communication Security, WashingtonDC,2002
[22] C. C. Zou,D. Towsley,W. Gong. Email worm modeling and defense[C].Proc of the13thInternational Conference on Computer Communication and Networks,IEEE,2004,409-414
[23]文伟平,卿斯汉,蒋建春等.网络蠕虫研究与进展[J],软件学报.2004,15(08):1208-1219
[24] W. Yu, C. Boyer, S. Chellappan et al. Peer-to-Peer system-based active worm attacks:modeling and analysis[C]. Proc of2005International Conference on Communications,Seoul Special City,2005,295-300
[25] K. R. Rohloff and T. Basar. Stochastic behavior of random constant scanning worms[C].Proc of the14th ICCCN2005, San Diego, CA,2005,339-344
[26] S. Sellke, N. B. Shroff, and S. Bagchi. Modeling and automated containment of worms[J].IEEE Transactions on Dependable and Secure Computing,2005,5(2):71-86
[27] I. Stoica, R. Morris, D. Karger et al. Chord: A scalable peer-to-peer lookup service forinternet applications[C]. Proc of the ACM SIGCOMM2001, San Diego, CA,2001,149-160
[28] S. Ratnasamy, P. Francis, M. Handley. et al. A scalable content-addressable network[C]. Procof the ACM SIGCOMM2001, San Diego, CA,2001,161-172
[29] A. Rowstron, P. Druschel. Pastry: scalable, distributed object location and routing forlarge-scale peer-to-peer systems[C]. Proc of the IFIP/ACM International Conference onDistributed Systems Platforms, Berlin, German,2001,329-350
[30]夏春和,石昀平,李肖坚.结构化对等网中的P2P蠕虫传播模型研究[J].计算机学报,2006,29(6):952-959
[31] B. Y. Zhao, J. D. Kubiatowicz, A. D. Joseph, et al. Tapestry: an infrastructure for fault-toler-ant wide-area location and routing[R]. University of California, Berkeley: Technical ReportUCB/CSD20121141, April,2001.
[32] C. G. Plaxton., R. Rajaraman, A. W. Richa et al. Accessing nearby copies of replicatedobjects in a distributed environment[J]. Theory of Computing Systems,1999,32(3):241-280
[33]夏春和,石昀平,李肖坚.基于应用识别的P2P蠕虫检测[J].北京航空航天大学学报,2006,32(8):998-1002
[34] C. H. Xia, Y. P. Shi, X. J. Li et al. P2P worm detection based on application identification[J].Frontiers of Computer Science in China,2007,1(1):114-122
[35]高长喜,章甫源,辛阳等. P2P网络中蠕虫传播与防治模型的研究[J].北京邮电大学学报,2006,29(Sup.):49-53
[36]姜启源,谢金星,叶俊.数学建模[M].北京:高等教育出版社,2003.12-15,135-144,184-190
[37]罗兴睿.基于纯P2P原理的蠕虫传播模型的研究[D].沈阳:东北大学信息与计算科学学院,2007,38-44
[38]周瑛.基于P2P技术的网络蠕虫防御机制研究.[D].重庆:重庆大学计算机学院,2007,46-60
[39] Y. J. Zhang, Z. T.. Li. Evolutionary proactive P2P worm: propagation modeling andsimulation[C]. Proc of Genetic and Evolutionary Computing2008, Hubei, China: IEEEPress,2008:261-264
[40] C. S. Feng, Z. G. Qin, L. Cuthbet et al. Propagation model of active worms in P2Pnetworks[C]. Proc of Young Computer Scientists,2008. ICYCS2008. The9th InternationalConference, HuNan China,2008,1908-1912
[41] X. Fan, Y. Xiang. Modeling the propagation process of tpology-aware worms: an innovativelogic matrix formulation[C]. Proc of Network and Parallel Computing,2009. NPC '09.Sixth IFIP International Conference, Gold Coast, QLD,2009,182-189
[42] X. Fan, Y. Xiang. Modeling the propagation of peer-to-peer worms under quarantine[C].Proc of Network Operations and Management Symposium (NOMS2010), Osaka, Japan,2010,942-945
[43] X. Fan, W. W. Guo, M. Looi. Modeling and simulating the propagation of unstructuredpeer-to-peer worms[C]. Proc of Computational Intelligence and Security (CIS),2011Seventh International Conference, Hainan, China,2011,573-577
[44] Y. Xiang, X. Fan, and W. Zhu. Propagation of active worms: a survey[J]. InternationalJournal of Computer Systems Science&Engineering,2009,24(3):157-172
[45] W. Yang, Y. Li. P2P worm propagation modeling and analysis under dynamic quarantinedefense[C]. Proc of e-Business and Information System Security (EBISS),20102ndInternational Conference, WuHan, HuBei,2010,1-4
[46]冯朝胜,杨军,卿昱等. P2P干预式蠕虫传播仿真分析[J],计算机应用研究,2012,29(1):297-300
[47] W. M. Luo, J. B. Liu, J. L.Xu. An analysis of propagation and capability to attack of activeP2P worms[C]. Proc of Computer Science and Information Technology (ICCSIT),20103rdIEEE International Conference, Chengdu, China,2010,506-509
[48] J. Ma, X. M. Chen, G. L.Xiang. Modeling passive worm propagation in peer-to-peersystem[C]. Proc of Computational Intelligence and Security,2006International Conference,Guangzhou, China,2006,1129-1132
[49] H. X. Zhou, Y.Y. Wen, H. Zhao. Passive worm propagation modeling and analysis[C].Procof Computing in the Global Information Technology(ICCGI2007), Guadeloupe City,France,2007,32
[50] C. S. Feng, Z. G. Qin, L. Cuthbet et al. Propagation modeling of passive worms in P2Pnetworks[C]. Proc of Cybernetics and Intelligent Systems2008IEEE Conference, Chengdu,China,2008,1027-1031
[51]冯朝胜,秦志光,劳伦斯.库珀特等. P2P文件共享网络中被动型P2P蠕虫传播建模与分析[J],电子科技大学学报,2009,38(2):262-265
[52] C. S. Feng, Z. G. Qin, Y. Ding et al. Modeling passive worm propagation in mobile P2Pnetworks[C]. Proc of Communications, Circuits and Systems (ICCCAS),2010InternationalConference, Chengdu, China,2010,241-244
[53] F. W. Wang, Y..F. Dong, J. Song. On the performance of passive worms over unstructuredP2P networks[C]. Proc of2009Second International Conference on Intelligent Networksand Intelligent Systems (ICINIS '09), Tianjin, China,2009,164-167
[54]罗卫敏,刘井波,方嗣.被动型P2P蠕虫后期传播分析[J],计算机工程,2010,36(21):154-156
[55]王跃武,荆继武,向继等.Contagion蠕虫传播仿真分析[J],计算机研究与发展,2008,45(2):207-216
[56] Z. G. Qin, C. S. Feng, F. L.Zhang et al. Modeling propagation of reactive worm in P2Pnetworks[C].Proc of Communications, Circuits and Systems2009(ICCCAS2009),Milpitas, CA,2009,335-340
[57]冯朝胜,秦志光,劳伦斯·库珀特.等. P2P网络中沉默型蠕虫传播建模与分析[J],计算机研究与发展,2010,47(3):500-507
[58] C. C. Zou, L.Crao, W. Gong et al.Monitoring and early wanting for Interact worms[C]. Procof the lOth ACM Conference on Computer and Communications Security(ccs), New York,NY,2003,190-199
[59] X. Yang, J. Lu, Y. G. Zhu et al. Simulation and evaluation of a new algorithm of wormdetection and containment[C]. Proc of the Seventh International Conference on Parallel andDistributed Computing, Applications and Technologies (PDCAT'06), Taipei, Taiwan,2006,448-453
[60] Z. T. Li, Y. J. Zhang, Z. B..Hu et al.Containing proactive P2P worm based on its multicastcharacteristic[C]. Proc of International Conference on Networks Security, WirelessCommunications and Trusted Computing(NSWCTC '09), Wuhan, China,2009,762-765
[61] Z. T. Li, Y. J. Zhang, Z. B. Hu et al.Network-based detection method against proactive P2Pworms leveraging application-level knowledge[C]. Proc of2009First InternationalWorkshop on Education Technology and Computer Science, Wuhan, China,2009,575-579
[62] C. Kreibich, J. Crowcroft. Honeycomb: creating intrusion detection signatures usinghoneypots[J],ACM SIGCOMM Computer Communications Review,2004,34(1):51-56
[63] D. Dagoil, X. Z. Qin, G. Gu.HoneyStat: local worm detection using honeypots [J], RecentAdvances in Intngsion Dctectioil(PAID),Springer-Vcrlag,2004,3224:39-58
[64]丁思博,高岭,王力.结构化P2P中基于蜜罐的蠕虫发现策略研究[J],东南大学学报(自然科学版),2008,38, sup(I):100-103
[65] H.A. Kim, B.Karp.Autograph: toward automated, distributed worm signature detection[C].Proc of the13th USENIX Security Sympesium, San Diego, CA,2004
[66] S. Singh, C. Estan, G. Varghese et al.Automated worm fingerprinting[C].Proc of the6thSymposium Oil Operating System Design and Implementation(OSDD, USENIX2004), SanFrancisco, CA,2004,45-60
[67] V. Karamcheti, D. Geiger, Z. Kedem. detecting malicious network traffic using inversedistributions of packet contents[C]. Proc of the2005ACM SIGCOMM workshop onMining network data, New York, NY,2005,165-170
[68]谢承灏,董健全. P2P文件共享系统中的恶意代码防治策略[J],计算机工程与应用,2006,(24):152-156
[69] S. Antonatos, V. Q. Hieu. Harnessing the power of P2P systems for fast attack signaturevalidation[C]. Proc of2009Third International Conference on Network and SystemSecurity, Gold Coast, QLD,2009,107-114
[70] Y. Yao, Y. Li, F. X. Gao et al.A signature-behavior-based P2P worm detection approach[C].Proc of2009Ninth International Conference on Hybrid Intelligent Systems, Shenyang,China,2009,391-395
[71] D. R. Ellis, J. G. Aiken, K. S. Attwood et a1.A behavioral approach to worm detection[C].Proc of ACM Workshop on Rapid Maloode(WORM), New York, NY,2004,43-53
[72] C. S. Staniford, S. Cheung, R.Crawford et a1.Grids: a graph based intrusion detection systemfor large networks[C]. Proc of the19th National Information Systems Security Conference,Baltimore,1996,361-370
[73] X. X. Jiang, D. Y. Xu. Profiling self-propagating worms via behavioral footprinting[C].Procof the4th ACM Workshop on Recurring Malcode, New York, NY,2006,17-24
[74] T. Liu, C. Zhang. Approach to worm detection, early warning based on local victimbehavior[C]. Proc of the2008International Conference on Computer Science and SoftwareEngineering, Wuhan, China,2008,880-884
[75] F. Castaneda, E. C. Sezer, J. Xu. Worm vs. worm: preliminary study of an activecunter-attack mechanism[C]. Proc of the2004ACM Workshop on RapidMalcode(WORM’04), New York, NY,2004,83-93
[76] Y. X. Liu, X. C. Yun, B. L.Wang et al. Qbtp Worm: an anti-worm with balanced tree basedspreading strategy[C]. Proc of the Fourth International Conference on Machine Learningand Cybernetics(ICMLC2005), Guangzhou, China,2005,3955-3964
[77] B. Wang, P. Ding, J. F. Sheng. P2P anti-worm: modeling and analysis of a new wormcounter-measurement strategy[C]. Proc of The9th International Conference on YoungComputer Scientists2008(ICYCS2008), Hunan, China,2008,1553-1558[78]
[78] T. J. Ossama and M. Y. Seong. Passive benign worm propagation modeling with dynamicquarantine defense[J], KSII TRANSACTIONS ON INTERNET AND INFORMATIONSYSTEMS,2009,3(1):96-107
[79]周世杰,秦志光,刘乐源等.基于良性益虫的对等网络蠕虫防御技术[J],计算机科学,2011,38(3):57-64
[80] S. D. Kamvar, M. T. Schlosser,Hector GarciaMolina. The eigentrust algorithm for reputationmanagement in P2P networks[C].Proc of WWW '03Proceedings of the12th internationalconference on World Wide Web, New York, NY,2003,640-651
[81].窦文,王怀民,贾焰等.构造基于推荐的Peer-to-Peer环境下的Trust模型[J],软件学报,2004,15(4):571-583
[82] J. Shin, T. Kim, S. Tak. A reputation management scheme improving the trustworthiness ofP2P networks[C]. Proc of International Conference on Convergence and HybridInformation Technology2008, Daejeon, Korea,2008,92-97
[83] L. Cai, R. R. Cessa. Mitigation of malware proliferation in P2P networks using double layerdynamic trust (DDT) management scheme[C]. Proc of Sarnoff Symposium,2009.SARNOFF '09, Princeton, NJ,2009,1-5
[84] S. Antonatos, P. Akritidis, E. P. Markatos et al. Defending against hitlist worms usingnetwork address space randomization[C].Proc of the2005ACM workshop on Rapidmalcode(WORM '05), New York, NY,2005,30-40
[85] Y. Zhou, Z. F. Wu, H. Wang et al. Breaking monocultures In P2P networks for wormprevention[C].Proc of the Fifth International Conference on Machine Learning andCybernetics, Dalian, China2006,2793-2798
[86] J. McHugh, R. McLeod, V. Nagaonkar. Passive network forensics: behavioural classificationof network hosts based on connection patterns[J], ACM SIGOPS Operating SystemsReview,2008,42(3):99-111
[87]吴国政,秦志光.基于节点自杀的对等网络蠕虫防治方法[J],电子科技大学学报,2012,41(1):125-130
[88] S. Krishnamurthy, S. E. Ansary, E. Aurell et al. A statistical theory of chord under churn[M].peer-to-peer systems IV: Lecture Notes in Computer Science,2005,3640:93-103
[89] C. G. Plaxton, R. Rajaraman, A. W. Richa. Accessing nearby copies of replicated objects in adistributed environment[C]. Proc of Annual ACM Symposium on Parallel Algorithms andArchitectures, New York, NY,1997,311-320
[90] P. Maymoankov and Mazieres D.Kademlia: a peer-to-peer information system based on thexor metric[M]. Peer-to-Peer Systems, Lecture Notes in Computer Science,2002,2429:53-65
[91] D. Loguinov, J. Casas, X. M. Wang. Graph-theoretic analysis of structured peer-to-peersystems: routing distances and fault resilience[J], IEEE/ACM Transactions on Networking,2005,13(5):1107-1120
[92] J. A. Nicholas, H. John, D. Michale et al. SkipNet: A scalable overlay network with practicallocality properties[C].Proc of USITS2003, Seattle, WA,2003,113-126
[93] J. Kubiatowicz, D. Bindel, Y. Chen. et al. Oceanstore: an architecture for global-scalepersistent storage[J], ACM SIGPLAN Notices,2000,35(11):190-201
[94] F. Dabek, M. F. Kaashoek, D. Karger. et al. Wide-area cooperative storage with CFS[C].Proc of the18th ACM Symposium On Operating System Principles,New York, NY,2001,202-215
[95] A. Rowstron and P. Druschel. Storage management and caching in past, a large-scale,persistent peer-to-peer storage utility[C]. Proc of the18th ACM Symposium On OperatingSystem Principles,New York, NY,2001,188-201
[96] S. Ratnasamy, M. Handley, R. Karp et al. Application-level multicast using content-addressable networks[M].Networked Group Communication, Lecture Notes in ComputerScience,2001,2233:14-29
[97] A. Rowstron, A. M. Kermarrec, M. Castro. et al. Scribe: The design of a large-scale eventnotification infrastructure[M]. Networked Group Communication, Lecture Notes inComputer Science,2001,2233:30-43
[98] S. Q. Zhuang, B. Y. Zhao, A. D.Joseph et al. Bayeux: an architecture for scalable andfault-tolerant wide-area data dissemination[C]. Proc of the11th international workshop onNetwork and operating systems support for digital audio and video, New York, NY,2001,11-20
[99] M. Srivatsa and L. Liu. Vulnerabilities and security threats in structured overlay networks: aquantitative analysis [C]. Proc of the20th Annual Computer Security ApplicationsConference (ACSAC'04), Tucson,2004,252-261
[100]贾晓林,张森,覃征.一种基于服务质量区分的激励机制与资源分配方法[J],小型微型计算机系统,2008,29(11):1986-1989
[101]乐光学,李仁发,陈志等. P2P网络中搭便车行为分析与抵制机制建模[J],计算机研究与发展,2011,48(3):382-397
[102]赵伟,P2P流媒体系统的公平性机制研究.[D].广东:中山大学,2012,,40-42
[103] J. B. GRizzard, V. Sharma, C. Nunnery. et al. Peer-to-peer botnets: overview and casestudy[C].Proc of Hotbots’07Conference Cambridge,2007,175-183
[104] Ballard, Josh. An eye on the storm: inside the storm epidemic[EB/OL].http://www.scribd.com/doc/2674623/An-Eye-on-the-Storm, August12,2008
[105] P. Porras, H. Saidi. Y. Yegneswaran. A multi-perspective analysis of the storm (peacomm)worm [R]. Computer Science Laboratory, SRI International, October1,2007
[106] T. Holz, M. Steiner, F.Dahl et al. Measurements and mitigation of peer-to-peer based Botnets.a case study on storm worm[C].Proc of LEET’08Conference, San Francisco,2008,58-65
[107] Shoch J. Fand J. A. Hupp. The worm programs early experience with a distributedcomputation[J], Communications of the ACM,1982,25(3):172-180
[108] Nazario J, Anderson J, Wash R, et al. The future of Internet worms[EB/OL]. http://wenku.-baidu.com/view/7c06f0a3284ac850ad0242c1.html, June3,2001
[109] EEye Digital Security.Analysis: codeRed II worm[EB/OL], http://www.eeye.com/-Resources/Security-Center/Research/Security-Advisories/AL20010804, Auguest4,2001
[110] F-Secure Secure Information Center. Global slapper worm information Center[EB/OL].www.f-secure.com/weblog/archives/00002426.html, April26,2002
[111] D. Moore, V. Paxson, S. Savage. et al. Inside the slammer worm[J], IEEE Magazine ofSecurity and Privacy,2003,1(4):33-39
[112] EEye Digital Security. Analysis: blaster worm[EB/OL]. http://www.eeye.com/Resources/Security-Center/Research/Security-Advisories/AL20030811, August11,2003
[113] C.C. Zou, W. Gong, D. Towsley. On the performance of Internet worm scanning strategies.Technical Report[J], Performance Evaluation,2006,63(7):700-723
[114] CAIDA. Ipv4bgp geopolitical analysis[EB/OL]. http://www.caida.org/research/policy/geopolitical/bgp2country, May2,2008
[115] C. C. Zou,D. Towsley et a1.Routing worm:a fast,selective attack worm based on ip addressinformation[C].the19th Workshop on Principles of Advanced and Distributed SimulationConference Proceedings, Washington,2005,199-206
[116] D. Moore, C. Shannon, K. Claffy. Code red: a case study on the spread and victims of anInternet worm[C]. Proc of the2nd ACM SIGCOMM Workshop on Internet measurement,Marseille,2002.273~284
[117] J.O. Kephart, S.R. White. Measuring and modeling computer virus prevalence[C].Proc of theIEEE Symposiums on Security and Privacy, Oakland, CA,1993,2-15
[118] Kern M. Codegreen beta release[EB/OL]. http://archives.neohapsis.com/archives/vuln-dev/2001-q3/0575.html, September01,2001
[119] Vogt T. Simulating and optimizing worm propagation algorithms[EB/OL]. http://gtiis.googlecode.com/svn-history/r59/trunk/WormPropagation.pdf, September29,2003
[120]张冶江,李之棠,陆垂伟等.面向异构网络环境的蠕虫传播模型Enhanced-AAWP[J],通信学报,2011,32(12):103-113.
[121]刘波,王怀民,肖枫涛等. P2P蠕虫的分析与对策[J],华中科技大学学报(自然科学版),2007,35(Sup.I):228-231
[122] C. E. SHANNON. Communication theory of secrecy systems [J]. Bell System TechnicalJournal,1949,28(4):656-715
[123] A.SHAMIR. Identity-based cryptosystems and signature schemes[C].Proc of CRYPTO '84,Aug19-22,1984,Santa Barbara, CA,USA. Berlin, Germany,1984,47-53
[124] L. X. Han, Y. P. Wang, S. J. Lan. Graph coloring algorithm based on ordered partitionencoding[J], Journal of Acta Electronica Sinica,2010,38(1):146-150
[125]周翰逊,郭薇,王妍等.混合的结构化良性蠕虫对抗蠕虫过程的建模与分析[J],小型微型计算机系统,2012,33(2):376-379.
[126] Computer Economics, Malware report: the impact of malicious code attacks [EB/OL].https://www.computereconomics.com/custom.cfm?name=postPaymentGateway.cfm&id=1089, January,2006
[127] Symantec Corporation. Symantec security response: W32.Welchia.Worm[EB/OL].http://www.symantec.com/security_response/writeup.jsp?docid=2003-081815-2308-99, Fe-bruary13,2007
[128] F. Yang, H. X. Duan, X. Li. Modeling and analysis on the interaction between the lnternetworm and antiworm[J], SCENCE IN CHINA Ser. E Information Sciences,2004,34(8):841-856
[129]冯朝胜,袁丁,卿昱等. P2P网络中激发型蠕虫传播动态建模[J],电子学报,2012,40(2):300-307.
[130]孙鑫.被动网络蠕虫传播模型[D].长春:吉林大学计算机科学与技术学院,2010,04.
[131]孙鑫,刘衍珩,朱建启等.社交网络蠕虫仿真建模研究[J],计算机学报,2011,34(7):1252-1261.
[132] S..Stahl A gentle introduction to game theory[M]. Washington, DC: American MathematicalSociety,1999,121-131
[133] K. Sallhammar, Knapskog S J, Helvik B E. Using stochastic game theory to compute theexpected behavior of attackers[C]. Proc of the Symposium on Applications and InternetWorkshops. Trento, Italy,2005,102-105
[134] G. Owen. Game theory.3rdedition[M]. New York, NY: Academic Press,1995,10-24
[135] S. Joe,A. John,A.Randal et al. The tale of the weather worm[C]. Proc of the2008ACMSymposium on Applied Computing. Fortaleza, Brazil,2008:2097-2102
[136]中国互联网络信息中心.第20次中国互联网络发展状况统计报告[EB/OL].http://www.cnnic.cn/gywm/xwzx/rdxw/2007nrd/201207/t20120710_31532.htm, July18,2007
[EB/OL]. http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201207/t20120723_32497.htm,July23,2012
[2] China Internet Computer Emergency Response Team,2011年中国互联网网络安全报告
[EB/OL]. http://www.cert.org.cn/publish/main/upload/File/2011-6.pdf, May23,2012
[3] F. Cohen. Computer viruses: theory and experiments [J]. Computers&Security.1987,(6):22-35
[4]郑辉. Internet蠕虫研究[D].天津:南开大学信息技术科学学院,2003,12-15
[5] S. Staniford. The worm faq: frequently asked questions on worms and worm containment,whitepaper[R]. Silicon Defense, UC Berkeley,2005
[6] China Internet Computer Emergency Response Team.2011年我国互联网网络安全态势综述[EB/OL]. http://www.antiy.com/news/20120320.html, March20,2012
[7] S. M. Hwang. P2P protocols analysis and blocking algorithm[C], Computational Science andIts Applications-ICCSA2005Proceedings, Singapore,2005,2l-30
[8] S. Staniford, V. Paxson, N. Weaver. How to own the Internet in your spare Time [C]. Proc ofthe11th USENIX Security Symposium, New York, USA,2002,149-167
[9] eMule. Server list for edonkey2000[EB/OL]. http://www.emule.org.cn/faq/doc/addresses.htm,December28,2002
[10] BitTorrent.org. The bittorrent protocol specification[EB/OL], http://www.bittorrent.org/bep-s/bep_0003.html, June25,2009
[11] Symantec Corp. Internet security threat report2011trends [EB/OL]. http://www.symantec.-com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf,April,2012
[12] L. Zhou, L. Zhang, F. McSherry et a1. A first look at peer-to-peer worms: threats anddefenses[C]. Proc of the4th Int Workshop on Peer-to-Peer Systems. Berlin,2005,24-35
[13] G. L. Chen, R. S. Gray. Simulating non-scanning worms on peer-to-peer networks [C] Procof the1st international conference on Scalable information systems, Hong Kong,2006,29-41
[14] Z. S. Chen, L. X. Gao, K. A. Kwiat, Modeling the spread of active worms[C], Proc of IEEEINFOCOM, San Francisco, CA,2003,1890–1900
[15] J. Kannan, K. Lakshminarayanan. Implications of peer-to-peer networks on worm attacks anddefenses[EB/OL]. http://taz.newffr.com/TAZ/_VX_/papers/avers/karthik_jayanth.pdf,September1.2003
[16] W. Yu. Analyze the worm-based attack in large scale P2P networks[C]. Proc of the8th IEEEInternational Symposium on High Assurance Systems Engineering. Tampa, Florida:,2004,308-309
[17] W. Yu. Analyzing the performance of Internet worm attack approaches[C]. Proc of13thInternational Conference on Computer communications and Networks. Chicago, Illinois,2004,501-506
[18] Singer M. Benjamin worm plagues kazaa[EB/OL].http://www.internetnews.com/dev-news/article.php/1141841/Benjamin+Worm+Plagues%20KaZaA.htm, May20,2002
[19] A. G. McKendrick. Applications of mathematics to medical problems[C]. Proc of the44thEdinburgh Mathematica Society. Edinburgh,1926,98-130
[20] J. O. Kephart, S. R. White.Directed-graph epidemiological models of computer viruses[C].Proc of the IEEE Symp on Security and Privacy.Piscataway, NJ,1991,343-359
[21] C. C. Zou,W. Gong, D. Towsley.Code red worm propagation modeling and analysis[C].Proc of the9th ACM Conference on Computer and Communication Security, WashingtonDC,2002
[22] C. C. Zou,D. Towsley,W. Gong. Email worm modeling and defense[C].Proc of the13thInternational Conference on Computer Communication and Networks,IEEE,2004,409-414
[23]文伟平,卿斯汉,蒋建春等.网络蠕虫研究与进展[J],软件学报.2004,15(08):1208-1219
[24] W. Yu, C. Boyer, S. Chellappan et al. Peer-to-Peer system-based active worm attacks:modeling and analysis[C]. Proc of2005International Conference on Communications,Seoul Special City,2005,295-300
[25] K. R. Rohloff and T. Basar. Stochastic behavior of random constant scanning worms[C].Proc of the14th ICCCN2005, San Diego, CA,2005,339-344
[26] S. Sellke, N. B. Shroff, and S. Bagchi. Modeling and automated containment of worms[J].IEEE Transactions on Dependable and Secure Computing,2005,5(2):71-86
[27] I. Stoica, R. Morris, D. Karger et al. Chord: A scalable peer-to-peer lookup service forinternet applications[C]. Proc of the ACM SIGCOMM2001, San Diego, CA,2001,149-160
[28] S. Ratnasamy, P. Francis, M. Handley. et al. A scalable content-addressable network[C]. Procof the ACM SIGCOMM2001, San Diego, CA,2001,161-172
[29] A. Rowstron, P. Druschel. Pastry: scalable, distributed object location and routing forlarge-scale peer-to-peer systems[C]. Proc of the IFIP/ACM International Conference onDistributed Systems Platforms, Berlin, German,2001,329-350
[30]夏春和,石昀平,李肖坚.结构化对等网中的P2P蠕虫传播模型研究[J].计算机学报,2006,29(6):952-959
[31] B. Y. Zhao, J. D. Kubiatowicz, A. D. Joseph, et al. Tapestry: an infrastructure for fault-toler-ant wide-area location and routing[R]. University of California, Berkeley: Technical ReportUCB/CSD20121141, April,2001.
[32] C. G. Plaxton., R. Rajaraman, A. W. Richa et al. Accessing nearby copies of replicatedobjects in a distributed environment[J]. Theory of Computing Systems,1999,32(3):241-280
[33]夏春和,石昀平,李肖坚.基于应用识别的P2P蠕虫检测[J].北京航空航天大学学报,2006,32(8):998-1002
[34] C. H. Xia, Y. P. Shi, X. J. Li et al. P2P worm detection based on application identification[J].Frontiers of Computer Science in China,2007,1(1):114-122
[35]高长喜,章甫源,辛阳等. P2P网络中蠕虫传播与防治模型的研究[J].北京邮电大学学报,2006,29(Sup.):49-53
[36]姜启源,谢金星,叶俊.数学建模[M].北京:高等教育出版社,2003.12-15,135-144,184-190
[37]罗兴睿.基于纯P2P原理的蠕虫传播模型的研究[D].沈阳:东北大学信息与计算科学学院,2007,38-44
[38]周瑛.基于P2P技术的网络蠕虫防御机制研究.[D].重庆:重庆大学计算机学院,2007,46-60
[39] Y. J. Zhang, Z. T.. Li. Evolutionary proactive P2P worm: propagation modeling andsimulation[C]. Proc of Genetic and Evolutionary Computing2008, Hubei, China: IEEEPress,2008:261-264
[40] C. S. Feng, Z. G. Qin, L. Cuthbet et al. Propagation model of active worms in P2Pnetworks[C]. Proc of Young Computer Scientists,2008. ICYCS2008. The9th InternationalConference, HuNan China,2008,1908-1912
[41] X. Fan, Y. Xiang. Modeling the propagation process of tpology-aware worms: an innovativelogic matrix formulation[C]. Proc of Network and Parallel Computing,2009. NPC '09.Sixth IFIP International Conference, Gold Coast, QLD,2009,182-189
[42] X. Fan, Y. Xiang. Modeling the propagation of peer-to-peer worms under quarantine[C].Proc of Network Operations and Management Symposium (NOMS2010), Osaka, Japan,2010,942-945
[43] X. Fan, W. W. Guo, M. Looi. Modeling and simulating the propagation of unstructuredpeer-to-peer worms[C]. Proc of Computational Intelligence and Security (CIS),2011Seventh International Conference, Hainan, China,2011,573-577
[44] Y. Xiang, X. Fan, and W. Zhu. Propagation of active worms: a survey[J]. InternationalJournal of Computer Systems Science&Engineering,2009,24(3):157-172
[45] W. Yang, Y. Li. P2P worm propagation modeling and analysis under dynamic quarantinedefense[C]. Proc of e-Business and Information System Security (EBISS),20102ndInternational Conference, WuHan, HuBei,2010,1-4
[46]冯朝胜,杨军,卿昱等. P2P干预式蠕虫传播仿真分析[J],计算机应用研究,2012,29(1):297-300
[47] W. M. Luo, J. B. Liu, J. L.Xu. An analysis of propagation and capability to attack of activeP2P worms[C]. Proc of Computer Science and Information Technology (ICCSIT),20103rdIEEE International Conference, Chengdu, China,2010,506-509
[48] J. Ma, X. M. Chen, G. L.Xiang. Modeling passive worm propagation in peer-to-peersystem[C]. Proc of Computational Intelligence and Security,2006International Conference,Guangzhou, China,2006,1129-1132
[49] H. X. Zhou, Y.Y. Wen, H. Zhao. Passive worm propagation modeling and analysis[C].Procof Computing in the Global Information Technology(ICCGI2007), Guadeloupe City,France,2007,32
[50] C. S. Feng, Z. G. Qin, L. Cuthbet et al. Propagation modeling of passive worms in P2Pnetworks[C]. Proc of Cybernetics and Intelligent Systems2008IEEE Conference, Chengdu,China,2008,1027-1031
[51]冯朝胜,秦志光,劳伦斯.库珀特等. P2P文件共享网络中被动型P2P蠕虫传播建模与分析[J],电子科技大学学报,2009,38(2):262-265
[52] C. S. Feng, Z. G. Qin, Y. Ding et al. Modeling passive worm propagation in mobile P2Pnetworks[C]. Proc of Communications, Circuits and Systems (ICCCAS),2010InternationalConference, Chengdu, China,2010,241-244
[53] F. W. Wang, Y..F. Dong, J. Song. On the performance of passive worms over unstructuredP2P networks[C]. Proc of2009Second International Conference on Intelligent Networksand Intelligent Systems (ICINIS '09), Tianjin, China,2009,164-167
[54]罗卫敏,刘井波,方嗣.被动型P2P蠕虫后期传播分析[J],计算机工程,2010,36(21):154-156
[55]王跃武,荆继武,向继等.Contagion蠕虫传播仿真分析[J],计算机研究与发展,2008,45(2):207-216
[56] Z. G. Qin, C. S. Feng, F. L.Zhang et al. Modeling propagation of reactive worm in P2Pnetworks[C].Proc of Communications, Circuits and Systems2009(ICCCAS2009),Milpitas, CA,2009,335-340
[57]冯朝胜,秦志光,劳伦斯·库珀特.等. P2P网络中沉默型蠕虫传播建模与分析[J],计算机研究与发展,2010,47(3):500-507
[58] C. C. Zou, L.Crao, W. Gong et al.Monitoring and early wanting for Interact worms[C]. Procof the lOth ACM Conference on Computer and Communications Security(ccs), New York,NY,2003,190-199
[59] X. Yang, J. Lu, Y. G. Zhu et al. Simulation and evaluation of a new algorithm of wormdetection and containment[C]. Proc of the Seventh International Conference on Parallel andDistributed Computing, Applications and Technologies (PDCAT'06), Taipei, Taiwan,2006,448-453
[60] Z. T. Li, Y. J. Zhang, Z. B..Hu et al.Containing proactive P2P worm based on its multicastcharacteristic[C]. Proc of International Conference on Networks Security, WirelessCommunications and Trusted Computing(NSWCTC '09), Wuhan, China,2009,762-765
[61] Z. T. Li, Y. J. Zhang, Z. B. Hu et al.Network-based detection method against proactive P2Pworms leveraging application-level knowledge[C]. Proc of2009First InternationalWorkshop on Education Technology and Computer Science, Wuhan, China,2009,575-579
[62] C. Kreibich, J. Crowcroft. Honeycomb: creating intrusion detection signatures usinghoneypots[J],ACM SIGCOMM Computer Communications Review,2004,34(1):51-56
[63] D. Dagoil, X. Z. Qin, G. Gu.HoneyStat: local worm detection using honeypots [J], RecentAdvances in Intngsion Dctectioil(PAID),Springer-Vcrlag,2004,3224:39-58
[64]丁思博,高岭,王力.结构化P2P中基于蜜罐的蠕虫发现策略研究[J],东南大学学报(自然科学版),2008,38, sup(I):100-103
[65] H.A. Kim, B.Karp.Autograph: toward automated, distributed worm signature detection[C].Proc of the13th USENIX Security Sympesium, San Diego, CA,2004
[66] S. Singh, C. Estan, G. Varghese et al.Automated worm fingerprinting[C].Proc of the6thSymposium Oil Operating System Design and Implementation(OSDD, USENIX2004), SanFrancisco, CA,2004,45-60
[67] V. Karamcheti, D. Geiger, Z. Kedem. detecting malicious network traffic using inversedistributions of packet contents[C]. Proc of the2005ACM SIGCOMM workshop onMining network data, New York, NY,2005,165-170
[68]谢承灏,董健全. P2P文件共享系统中的恶意代码防治策略[J],计算机工程与应用,2006,(24):152-156
[69] S. Antonatos, V. Q. Hieu. Harnessing the power of P2P systems for fast attack signaturevalidation[C]. Proc of2009Third International Conference on Network and SystemSecurity, Gold Coast, QLD,2009,107-114
[70] Y. Yao, Y. Li, F. X. Gao et al.A signature-behavior-based P2P worm detection approach[C].Proc of2009Ninth International Conference on Hybrid Intelligent Systems, Shenyang,China,2009,391-395
[71] D. R. Ellis, J. G. Aiken, K. S. Attwood et a1.A behavioral approach to worm detection[C].Proc of ACM Workshop on Rapid Maloode(WORM), New York, NY,2004,43-53
[72] C. S. Staniford, S. Cheung, R.Crawford et a1.Grids: a graph based intrusion detection systemfor large networks[C]. Proc of the19th National Information Systems Security Conference,Baltimore,1996,361-370
[73] X. X. Jiang, D. Y. Xu. Profiling self-propagating worms via behavioral footprinting[C].Procof the4th ACM Workshop on Recurring Malcode, New York, NY,2006,17-24
[74] T. Liu, C. Zhang. Approach to worm detection, early warning based on local victimbehavior[C]. Proc of the2008International Conference on Computer Science and SoftwareEngineering, Wuhan, China,2008,880-884
[75] F. Castaneda, E. C. Sezer, J. Xu. Worm vs. worm: preliminary study of an activecunter-attack mechanism[C]. Proc of the2004ACM Workshop on RapidMalcode(WORM’04), New York, NY,2004,83-93
[76] Y. X. Liu, X. C. Yun, B. L.Wang et al. Qbtp Worm: an anti-worm with balanced tree basedspreading strategy[C]. Proc of the Fourth International Conference on Machine Learningand Cybernetics(ICMLC2005), Guangzhou, China,2005,3955-3964
[77] B. Wang, P. Ding, J. F. Sheng. P2P anti-worm: modeling and analysis of a new wormcounter-measurement strategy[C]. Proc of The9th International Conference on YoungComputer Scientists2008(ICYCS2008), Hunan, China,2008,1553-1558[78]
[78] T. J. Ossama and M. Y. Seong. Passive benign worm propagation modeling with dynamicquarantine defense[J], KSII TRANSACTIONS ON INTERNET AND INFORMATIONSYSTEMS,2009,3(1):96-107
[79]周世杰,秦志光,刘乐源等.基于良性益虫的对等网络蠕虫防御技术[J],计算机科学,2011,38(3):57-64
[80] S. D. Kamvar, M. T. Schlosser,Hector GarciaMolina. The eigentrust algorithm for reputationmanagement in P2P networks[C].Proc of WWW '03Proceedings of the12th internationalconference on World Wide Web, New York, NY,2003,640-651
[81].窦文,王怀民,贾焰等.构造基于推荐的Peer-to-Peer环境下的Trust模型[J],软件学报,2004,15(4):571-583
[82] J. Shin, T. Kim, S. Tak. A reputation management scheme improving the trustworthiness ofP2P networks[C]. Proc of International Conference on Convergence and HybridInformation Technology2008, Daejeon, Korea,2008,92-97
[83] L. Cai, R. R. Cessa. Mitigation of malware proliferation in P2P networks using double layerdynamic trust (DDT) management scheme[C]. Proc of Sarnoff Symposium,2009.SARNOFF '09, Princeton, NJ,2009,1-5
[84] S. Antonatos, P. Akritidis, E. P. Markatos et al. Defending against hitlist worms usingnetwork address space randomization[C].Proc of the2005ACM workshop on Rapidmalcode(WORM '05), New York, NY,2005,30-40
[85] Y. Zhou, Z. F. Wu, H. Wang et al. Breaking monocultures In P2P networks for wormprevention[C].Proc of the Fifth International Conference on Machine Learning andCybernetics, Dalian, China2006,2793-2798
[86] J. McHugh, R. McLeod, V. Nagaonkar. Passive network forensics: behavioural classificationof network hosts based on connection patterns[J], ACM SIGOPS Operating SystemsReview,2008,42(3):99-111
[87]吴国政,秦志光.基于节点自杀的对等网络蠕虫防治方法[J],电子科技大学学报,2012,41(1):125-130
[88] S. Krishnamurthy, S. E. Ansary, E. Aurell et al. A statistical theory of chord under churn[M].peer-to-peer systems IV: Lecture Notes in Computer Science,2005,3640:93-103
[89] C. G. Plaxton, R. Rajaraman, A. W. Richa. Accessing nearby copies of replicated objects in adistributed environment[C]. Proc of Annual ACM Symposium on Parallel Algorithms andArchitectures, New York, NY,1997,311-320
[90] P. Maymoankov and Mazieres D.Kademlia: a peer-to-peer information system based on thexor metric[M]. Peer-to-Peer Systems, Lecture Notes in Computer Science,2002,2429:53-65
[91] D. Loguinov, J. Casas, X. M. Wang. Graph-theoretic analysis of structured peer-to-peersystems: routing distances and fault resilience[J], IEEE/ACM Transactions on Networking,2005,13(5):1107-1120
[92] J. A. Nicholas, H. John, D. Michale et al. SkipNet: A scalable overlay network with practicallocality properties[C].Proc of USITS2003, Seattle, WA,2003,113-126
[93] J. Kubiatowicz, D. Bindel, Y. Chen. et al. Oceanstore: an architecture for global-scalepersistent storage[J], ACM SIGPLAN Notices,2000,35(11):190-201
[94] F. Dabek, M. F. Kaashoek, D. Karger. et al. Wide-area cooperative storage with CFS[C].Proc of the18th ACM Symposium On Operating System Principles,New York, NY,2001,202-215
[95] A. Rowstron and P. Druschel. Storage management and caching in past, a large-scale,persistent peer-to-peer storage utility[C]. Proc of the18th ACM Symposium On OperatingSystem Principles,New York, NY,2001,188-201
[96] S. Ratnasamy, M. Handley, R. Karp et al. Application-level multicast using content-addressable networks[M].Networked Group Communication, Lecture Notes in ComputerScience,2001,2233:14-29
[97] A. Rowstron, A. M. Kermarrec, M. Castro. et al. Scribe: The design of a large-scale eventnotification infrastructure[M]. Networked Group Communication, Lecture Notes inComputer Science,2001,2233:30-43
[98] S. Q. Zhuang, B. Y. Zhao, A. D.Joseph et al. Bayeux: an architecture for scalable andfault-tolerant wide-area data dissemination[C]. Proc of the11th international workshop onNetwork and operating systems support for digital audio and video, New York, NY,2001,11-20
[99] M. Srivatsa and L. Liu. Vulnerabilities and security threats in structured overlay networks: aquantitative analysis [C]. Proc of the20th Annual Computer Security ApplicationsConference (ACSAC'04), Tucson,2004,252-261
[100]贾晓林,张森,覃征.一种基于服务质量区分的激励机制与资源分配方法[J],小型微型计算机系统,2008,29(11):1986-1989
[101]乐光学,李仁发,陈志等. P2P网络中搭便车行为分析与抵制机制建模[J],计算机研究与发展,2011,48(3):382-397
[102]赵伟,P2P流媒体系统的公平性机制研究.[D].广东:中山大学,2012,,40-42
[103] J. B. GRizzard, V. Sharma, C. Nunnery. et al. Peer-to-peer botnets: overview and casestudy[C].Proc of Hotbots’07Conference Cambridge,2007,175-183
[104] Ballard, Josh. An eye on the storm: inside the storm epidemic[EB/OL].http://www.scribd.com/doc/2674623/An-Eye-on-the-Storm, August12,2008
[105] P. Porras, H. Saidi. Y. Yegneswaran. A multi-perspective analysis of the storm (peacomm)worm [R]. Computer Science Laboratory, SRI International, October1,2007
[106] T. Holz, M. Steiner, F.Dahl et al. Measurements and mitigation of peer-to-peer based Botnets.a case study on storm worm[C].Proc of LEET’08Conference, San Francisco,2008,58-65
[107] Shoch J. Fand J. A. Hupp. The worm programs early experience with a distributedcomputation[J], Communications of the ACM,1982,25(3):172-180
[108] Nazario J, Anderson J, Wash R, et al. The future of Internet worms[EB/OL]. http://wenku.-baidu.com/view/7c06f0a3284ac850ad0242c1.html, June3,2001
[109] EEye Digital Security.Analysis: codeRed II worm[EB/OL], http://www.eeye.com/-Resources/Security-Center/Research/Security-Advisories/AL20010804, Auguest4,2001
[110] F-Secure Secure Information Center. Global slapper worm information Center[EB/OL].www.f-secure.com/weblog/archives/00002426.html, April26,2002
[111] D. Moore, V. Paxson, S. Savage. et al. Inside the slammer worm[J], IEEE Magazine ofSecurity and Privacy,2003,1(4):33-39
[112] EEye Digital Security. Analysis: blaster worm[EB/OL]. http://www.eeye.com/Resources/Security-Center/Research/Security-Advisories/AL20030811, August11,2003
[113] C.C. Zou, W. Gong, D. Towsley. On the performance of Internet worm scanning strategies.Technical Report[J], Performance Evaluation,2006,63(7):700-723
[114] CAIDA. Ipv4bgp geopolitical analysis[EB/OL]. http://www.caida.org/research/policy/geopolitical/bgp2country, May2,2008
[115] C. C. Zou,D. Towsley et a1.Routing worm:a fast,selective attack worm based on ip addressinformation[C].the19th Workshop on Principles of Advanced and Distributed SimulationConference Proceedings, Washington,2005,199-206
[116] D. Moore, C. Shannon, K. Claffy. Code red: a case study on the spread and victims of anInternet worm[C]. Proc of the2nd ACM SIGCOMM Workshop on Internet measurement,Marseille,2002.273~284
[117] J.O. Kephart, S.R. White. Measuring and modeling computer virus prevalence[C].Proc of theIEEE Symposiums on Security and Privacy, Oakland, CA,1993,2-15
[118] Kern M. Codegreen beta release[EB/OL]. http://archives.neohapsis.com/archives/vuln-dev/2001-q3/0575.html, September01,2001
[119] Vogt T. Simulating and optimizing worm propagation algorithms[EB/OL]. http://gtiis.googlecode.com/svn-history/r59/trunk/WormPropagation.pdf, September29,2003
[120]张冶江,李之棠,陆垂伟等.面向异构网络环境的蠕虫传播模型Enhanced-AAWP[J],通信学报,2011,32(12):103-113.
[121]刘波,王怀民,肖枫涛等. P2P蠕虫的分析与对策[J],华中科技大学学报(自然科学版),2007,35(Sup.I):228-231
[122] C. E. SHANNON. Communication theory of secrecy systems [J]. Bell System TechnicalJournal,1949,28(4):656-715
[123] A.SHAMIR. Identity-based cryptosystems and signature schemes[C].Proc of CRYPTO '84,Aug19-22,1984,Santa Barbara, CA,USA. Berlin, Germany,1984,47-53
[124] L. X. Han, Y. P. Wang, S. J. Lan. Graph coloring algorithm based on ordered partitionencoding[J], Journal of Acta Electronica Sinica,2010,38(1):146-150
[125]周翰逊,郭薇,王妍等.混合的结构化良性蠕虫对抗蠕虫过程的建模与分析[J],小型微型计算机系统,2012,33(2):376-379.
[126] Computer Economics, Malware report: the impact of malicious code attacks [EB/OL].https://www.computereconomics.com/custom.cfm?name=postPaymentGateway.cfm&id=1089, January,2006
[127] Symantec Corporation. Symantec security response: W32.Welchia.Worm[EB/OL].http://www.symantec.com/security_response/writeup.jsp?docid=2003-081815-2308-99, Fe-bruary13,2007
[128] F. Yang, H. X. Duan, X. Li. Modeling and analysis on the interaction between the lnternetworm and antiworm[J], SCENCE IN CHINA Ser. E Information Sciences,2004,34(8):841-856
[129]冯朝胜,袁丁,卿昱等. P2P网络中激发型蠕虫传播动态建模[J],电子学报,2012,40(2):300-307.
[130]孙鑫.被动网络蠕虫传播模型[D].长春:吉林大学计算机科学与技术学院,2010,04.
[131]孙鑫,刘衍珩,朱建启等.社交网络蠕虫仿真建模研究[J],计算机学报,2011,34(7):1252-1261.
[132] S..Stahl A gentle introduction to game theory[M]. Washington, DC: American MathematicalSociety,1999,121-131
[133] K. Sallhammar, Knapskog S J, Helvik B E. Using stochastic game theory to compute theexpected behavior of attackers[C]. Proc of the Symposium on Applications and InternetWorkshops. Trento, Italy,2005,102-105
[134] G. Owen. Game theory.3rdedition[M]. New York, NY: Academic Press,1995,10-24
[135] S. Joe,A. John,A.Randal et al. The tale of the weather worm[C]. Proc of the2008ACMSymposium on Applied Computing. Fortaleza, Brazil,2008:2097-2102
[136]中国互联网络信息中心.第20次中国互联网络发展状况统计报告[EB/OL].http://www.cnnic.cn/gywm/xwzx/rdxw/2007nrd/201207/t20120710_31532.htm, July18,2007