对等结构的恶意蠕虫网络研究
|
摘要
计算机蠕虫是一种在网络中利用普遍使用的服务里存在的安全漏洞来进行自主传播的程序。对于蠕虫人们长期以来都存在不同的理解和认识,而缺乏完善的蠕虫模型是重要原因之一。蠕虫在传播控制方面具备良好的改进潜力,因此蠕虫决不会局限于现有的传播模式,一定会朝着更加优化的方向发展。蠕虫的自主传播能够为攻击者提供大量可以利用的主机节点,因此组建蠕虫网络就成了蠕虫传播的自然延续。普通蠕虫网络采用集中式网络结构,相对而言对等网络具有更加出色的隐蔽性和鲁棒性,资源利用率更高,因此对等结构的恶意蠕虫网络(简称对等蠕虫网络)比普通蠕虫网络更难检测和清除,在恶意应用方面极具潜力,代表了蠕虫网络的未来发展趋势,同时也给相关的防御工作带来了新的挑战。根据上述认识,本文从以下方面对蠕虫和对等蠕虫网络的相应问题进行了研究:
1.目前虽然已有一些病毒/蠕虫计算模型,但是它们自身都存在值得推敲的地方,另外由于蠕虫技术的不断发展,迫切需要建立适应现时情况的蠕虫模型。本文通过剖析蠕虫的行为特征,并借鉴经典的Cohen蠕虫模型,提出了一种更为完善的基于持久图灵机的蠕虫模型——SIW模型,即顺序交互蠕虫模型。SIW模型包括两部分:一部分是基本蠕虫定义,用来描述现有蠕虫的典型特征;另一部分是扩展蠕虫定义,用来涵盖基本蠕虫定义所不能描述的特殊蠕虫类型。基于SIW模型,从理论上分析了蠕虫的自繁殖性和网络交互性这两种本质特征,证明了蠕虫检测问题的不可判定性,并讨论了限制条件下蠕虫检测的计算复杂性。
2.由基于SIW模型的网络交互性分析可知,蠕虫在传播方面具备良好的优化潜力,而蠕虫的优化传播将使攻击者在构造蠕虫网络时能够更好地控制节点部署过程,而蠕虫网络也可以成为蠕虫进行优化传播的可靠支撑平台。本文总结蠕虫传播特点后根据搜索论原理定义了蠕虫传播问题,然后针对蠕虫传播问题分析了现有传播策略,进而从易感主机分布估计和蠕虫节点传播协同两个方面提出了蠕虫优化传播策略。通过理论分析和仿真实验,与现有传播策略进行比较后验证了优化传播策略的优越性。
3.蠕虫是以未经授权的方式占有他人主机资源,并具有特殊的应用目的,因此对等蠕虫网络的构造必须隐蔽地进行,以减少暴露机率。本文从节点部署、连接配置和消息通信三个方面建立了对等蠕虫网络构造的技术框架,而且分别给出了一个有预设节点和一个无预设节点的对等蠕虫网络构造案例,并进行了仿真评估,证明了该构造框架的有效性。由于对等蠕虫网络的特殊应用目的,因此最后专门分析了对等蠕虫网络的隐蔽性和鲁棒性。
4.对等蠕虫网络能够为攻击者提供一种良好的分布式资源平台,可供执行多种攻击任务。本文从资源组织与定位和应用类型两个方面建立了对等蠕虫网络的应用框架,并分析了对等蠕虫网络的几种典型应用案例,包括DDoS攻击、蠕虫传播、Phishing攻击、违禁内容发布和密钥暴力破解等。
5.对等蠕虫网络的应用将会带来严重的安全威胁,而且对等蠕虫网络与普通蠕虫网络相比在隐蔽性和鲁棒性等方面优势明显,这就给相关的防御工作带来了新的挑战。本文根据对等蠕虫网络的生命周期特点,从漏洞防御、蠕虫防御和网络防御三个层次研究了对等蠕虫网络的防御技术。
虽然由于发展时间较短,现有的对等蠕虫网络还存在不少缺陷,但是随着相关技术的不断进步,在不久的将来必然会出现适于应用的成熟系统,因此这方面的课题值得继续深入研究下去,以便能够有力地应对这一威胁。
A computer worm is a program which self-propagates across a network exploiting security flaws in widely used services. Until now people have different understandings about worms partially because of the lack of a perfect worm model. Worms have much potential in propagation control, and so they must evolve to adopt more optimized propagation patterns without confining themselves to existing ones. Self-propagation of worms can provide attackers plenty of available host nodes, and therefore construction of worm networks will naturally follow after propagation of worms. With regard to centralized networks, peer to peer (P2P) networks possess more excellent stealth and robustness. Thus P2P worm networks are more difficult to detect and eliminate than general worm networks, and also have much potential in malicious application. P2P worm networks represent the future of worm networks and bring great challenges to relevant defense work. With respect to the above discussion, we research into worms and P2P worm networks from the following aspects:
1. Although a few computational models of viruses/worms have been proposed at present, they all have their own shortages. Besides, due to the continuous progress of worm techniques, it is necessary to develop a worm model that adapts to current status of worms. In this paper we anatomize worms’behavior features, and develop a computational model of worms based on persistent Turing machines using the classical Cohen model for reference. The worm model is named as the SIW (Sequentially Interactive Worm) model. It includes two parts: the first one is the basic worm definition which is used to describe the typical features of current worms; the other one is the extended worm definition which is used to cover special worm types outside of the basic worm definition. Based on the SIW model, we analyze the essential self-reproduction and net-interaction of worms. We also prove the undecidability of the worm detection problem, and discuss the computing complexity of worm detection under some limitations.
2. From the net-interaction analysis based on the SIW model, we can derive that worms have much potential in propagation optimization. With optimized propagation of worms, attackers can better control the processes of node deployment during construction of worm networks. Worm networks can also act as reliable platforms supporting optimized propagation of worms. In this paper we define the worm propagation problem based on the search theory by concluding propagation features of worms. Aiming at the worm propagation problem, we analyze current propagation strategies, and move forward to propose an optimized propagation strategy from two aspects: distribution estimation of vulnerable hosts and propagation coordination of worm nodes. Through theoretical analysis and simulation we verify the advantage of the optimized propagation strategy compared with current propagation strategies.
3. Worms occupy user hosts’resources without authorization, and have special application aims. Therefore, construction of P2P worm networks should be stealthy in order to reduce exposure chances. In this paper we establish a construction framework of P2P worm networks with respect to node deployment, link configuration and message communication. After that we present a construction example with prepared nodes and a construction example without prepared nodes, and make simulation evaluation respectively. These two examples show the availability of the construction framework. Due to special application purposes of P2P worm networks, and so we analyze the stealth and the robustness of P2P worm networks finally.
4. P2P worm networks can act as favorable distributed resource platforms for attackers to perform many types of attack tasks. In this paper we establish an application framework of P2P worm networks with respect to resource organization, location and application types. And then we analyze several typical application cases including DDoS attack, worm propagation, phishing attack, illegal content distribution, and brute force cryptanalysis.
5. Application of P2P worm networks will pose serious threat to network security and P2P worm networks possess more excellent stealth and robustness than general worm networks, which bring great challenges to relevant defense work. According to the life circle of P2P worm networks, we study defense mechanisms against P2P worm networks from three aspects: vulnerability defense, worm defense and network defense.
Existing P2P worm networks still have many faults since they appear just in recent years. But with the progress of correlative techniques, some mature systems will come into being in the near future. Therefore we should keep close watch on the problem continuously in order to defend against the threat effectively.
1.目前虽然已有一些病毒/蠕虫计算模型,但是它们自身都存在值得推敲的地方,另外由于蠕虫技术的不断发展,迫切需要建立适应现时情况的蠕虫模型。本文通过剖析蠕虫的行为特征,并借鉴经典的Cohen蠕虫模型,提出了一种更为完善的基于持久图灵机的蠕虫模型——SIW模型,即顺序交互蠕虫模型。SIW模型包括两部分:一部分是基本蠕虫定义,用来描述现有蠕虫的典型特征;另一部分是扩展蠕虫定义,用来涵盖基本蠕虫定义所不能描述的特殊蠕虫类型。基于SIW模型,从理论上分析了蠕虫的自繁殖性和网络交互性这两种本质特征,证明了蠕虫检测问题的不可判定性,并讨论了限制条件下蠕虫检测的计算复杂性。
2.由基于SIW模型的网络交互性分析可知,蠕虫在传播方面具备良好的优化潜力,而蠕虫的优化传播将使攻击者在构造蠕虫网络时能够更好地控制节点部署过程,而蠕虫网络也可以成为蠕虫进行优化传播的可靠支撑平台。本文总结蠕虫传播特点后根据搜索论原理定义了蠕虫传播问题,然后针对蠕虫传播问题分析了现有传播策略,进而从易感主机分布估计和蠕虫节点传播协同两个方面提出了蠕虫优化传播策略。通过理论分析和仿真实验,与现有传播策略进行比较后验证了优化传播策略的优越性。
3.蠕虫是以未经授权的方式占有他人主机资源,并具有特殊的应用目的,因此对等蠕虫网络的构造必须隐蔽地进行,以减少暴露机率。本文从节点部署、连接配置和消息通信三个方面建立了对等蠕虫网络构造的技术框架,而且分别给出了一个有预设节点和一个无预设节点的对等蠕虫网络构造案例,并进行了仿真评估,证明了该构造框架的有效性。由于对等蠕虫网络的特殊应用目的,因此最后专门分析了对等蠕虫网络的隐蔽性和鲁棒性。
4.对等蠕虫网络能够为攻击者提供一种良好的分布式资源平台,可供执行多种攻击任务。本文从资源组织与定位和应用类型两个方面建立了对等蠕虫网络的应用框架,并分析了对等蠕虫网络的几种典型应用案例,包括DDoS攻击、蠕虫传播、Phishing攻击、违禁内容发布和密钥暴力破解等。
5.对等蠕虫网络的应用将会带来严重的安全威胁,而且对等蠕虫网络与普通蠕虫网络相比在隐蔽性和鲁棒性等方面优势明显,这就给相关的防御工作带来了新的挑战。本文根据对等蠕虫网络的生命周期特点,从漏洞防御、蠕虫防御和网络防御三个层次研究了对等蠕虫网络的防御技术。
虽然由于发展时间较短,现有的对等蠕虫网络还存在不少缺陷,但是随着相关技术的不断进步,在不久的将来必然会出现适于应用的成熟系统,因此这方面的课题值得继续深入研究下去,以便能够有力地应对这一威胁。
A computer worm is a program which self-propagates across a network exploiting security flaws in widely used services. Until now people have different understandings about worms partially because of the lack of a perfect worm model. Worms have much potential in propagation control, and so they must evolve to adopt more optimized propagation patterns without confining themselves to existing ones. Self-propagation of worms can provide attackers plenty of available host nodes, and therefore construction of worm networks will naturally follow after propagation of worms. With regard to centralized networks, peer to peer (P2P) networks possess more excellent stealth and robustness. Thus P2P worm networks are more difficult to detect and eliminate than general worm networks, and also have much potential in malicious application. P2P worm networks represent the future of worm networks and bring great challenges to relevant defense work. With respect to the above discussion, we research into worms and P2P worm networks from the following aspects:
1. Although a few computational models of viruses/worms have been proposed at present, they all have their own shortages. Besides, due to the continuous progress of worm techniques, it is necessary to develop a worm model that adapts to current status of worms. In this paper we anatomize worms’behavior features, and develop a computational model of worms based on persistent Turing machines using the classical Cohen model for reference. The worm model is named as the SIW (Sequentially Interactive Worm) model. It includes two parts: the first one is the basic worm definition which is used to describe the typical features of current worms; the other one is the extended worm definition which is used to cover special worm types outside of the basic worm definition. Based on the SIW model, we analyze the essential self-reproduction and net-interaction of worms. We also prove the undecidability of the worm detection problem, and discuss the computing complexity of worm detection under some limitations.
2. From the net-interaction analysis based on the SIW model, we can derive that worms have much potential in propagation optimization. With optimized propagation of worms, attackers can better control the processes of node deployment during construction of worm networks. Worm networks can also act as reliable platforms supporting optimized propagation of worms. In this paper we define the worm propagation problem based on the search theory by concluding propagation features of worms. Aiming at the worm propagation problem, we analyze current propagation strategies, and move forward to propose an optimized propagation strategy from two aspects: distribution estimation of vulnerable hosts and propagation coordination of worm nodes. Through theoretical analysis and simulation we verify the advantage of the optimized propagation strategy compared with current propagation strategies.
3. Worms occupy user hosts’resources without authorization, and have special application aims. Therefore, construction of P2P worm networks should be stealthy in order to reduce exposure chances. In this paper we establish a construction framework of P2P worm networks with respect to node deployment, link configuration and message communication. After that we present a construction example with prepared nodes and a construction example without prepared nodes, and make simulation evaluation respectively. These two examples show the availability of the construction framework. Due to special application purposes of P2P worm networks, and so we analyze the stealth and the robustness of P2P worm networks finally.
4. P2P worm networks can act as favorable distributed resource platforms for attackers to perform many types of attack tasks. In this paper we establish an application framework of P2P worm networks with respect to resource organization, location and application types. And then we analyze several typical application cases including DDoS attack, worm propagation, phishing attack, illegal content distribution, and brute force cryptanalysis.
5. Application of P2P worm networks will pose serious threat to network security and P2P worm networks possess more excellent stealth and robustness than general worm networks, which bring great challenges to relevant defense work. According to the life circle of P2P worm networks, we study defense mechanisms against P2P worm networks from three aspects: vulnerability defense, worm defense and network defense.
Existing P2P worm networks still have many faults since they appear just in recent years. But with the progress of correlative techniques, some mature systems will come into being in the near future. Therefore we should keep close watch on the problem continuously in order to defend against the threat effectively.
引文
[1] N. Weaver, V. Paxson, S. Staniford, R. Cunningham. A Taxonomy of Computer Worms. In: Proceedings of the 1st ACM Workshop on Rapid Malcode (WORM’03). New York: ACM Press, 2003. 11-18
[2] J. F. Shoch, J. A. Hupp. The“Worm”Programs - Early Experience with a Distributed Computation. Communications of the ACM, 1982, 25(3): 172-180
[3] F. Cohen. Computer Viruses: Theory and Experiments. Computers & Security, 1987, 6(1): 22-35
[4] D. M. Kienzle, M. C. Elder. Recent Worms: A Survey and Trends. In: Proceedings of the 1st ACM Workshop on Rapid Malcode (WORM’03). New York: ACM Press, 2003. 1-10
[5] M. Schmall. Building Anna Kournikova: An Analysis of the VBSWG Worm Kit. 2001. Available from: http://www.securityfocus.com/infocus/1287
[6] J. Nazario. Defense and Detection Strategies against Internet Worms. Norwood: Artech House, 2003
[7] P. Szor. The Art of Computer Virus Research and Defense. Boston: Addison-Wesley, 2005
[8] J. Li, T. Ehrenkranz, G. Kuenning, P. Reiher. Simulation and Analysis on the Resiliency and Efficiency of Malnets. In: Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation (PADS’05). Los Alamitos: IEEE Computer Society Press, 2005. 262-269
[9] L. Zeltser. The Evolution of Malicious Agents. 2000. Available from: http://www.zeltser.c om/malicious-agents/
[10] E. Cooke, F. Jahanian, D. McPherson. The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. In: Proceedings of the 1st Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI’05). Berkeley: USENIX Association, 2005. 39-44
[11]诸葛建伟,韩心慧,叶志远,邹维.僵尸网络的发现与跟踪.见: 2005全国网络与信息安全技术研讨会论文集. 2005. 183-189
[12] D. Dagon, G. F. Gu, C. Zou, J. Grizzard, S. Dwivedi, W. Lee, R. Lipton. A Taxonomy of Botnets. 2005. Available from: http://www.math.tulane.edu/~tcse m/botnets/ndss_botax.pdf
[13] D. S. Milojicic, V. Kalogeraki, R. Lukose, K. Nagaraja, J. Pruyne, B. Richard, S. Rollins, Z. C. Xu. Peer-to-Peer Computing. Technical Report, HPL-2002-57R1, HP Laboratories Palo Alto, 2002
[14] I. Arce, E. Levy. An Analysis of the Slapper Worm. IEEE Security & Privacy, 2003, 1(1): 82-87
[15] J. Stewart. Sinit P2P Trojan Analysis. 2003. Available from: http://www.secure works.com/research/threats/sinit/
[16] J. Stewart. Phatbot Trojan Analysis. 2004. Available from: http://www.securewor ks.com/research/threats/phatbot/
[17] R. Lemos. Bot Software Looks to Improve Peerage. 2006. Available from: http://www.securityfocus.com/news/11390
[18] J. Stewart. SpamThru Trojan Analysis. 2006. Available from: http://www.secure works.com/research/threats/spamthru/
[19] T. Holz, M. Steiner, F. Dahl, E. Biersack, F. Freiling. Measurements and Mitigation of Peer-to-Peer-Based Botnets: A Case Study on Storm Worm. In: Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET’08). Berkeley: USENIX Association, 2008
[20] F. Cohen. Computational Aspects of Computer Viruses. Computers & Security, 1989, 8(4): 325-344
[21] L. M. Adleman. An Abstract Theory of Computer Viruses. In: Proceedings of the 8th Annual International Cryptology Conference (CRYPTO’88), LNCS 403. Berlin: Springer-Verlag, 1990. 354-374
[22] F. Leitold. Mathematical Model of Computer Viruses. In: EICAR 2000 Best Paper Proceedings. Aalborg: EICAR c/o TIM World ApS, 2000. 194-217
[23]李祥,付继忠,宋荣功,杨宏亚.计算机病毒递归映射.见:第四届中国密码学学术会议论文集.北京:科学出版社, 1996. 279-286
[24]田畅,郑少仁.计算机病毒计算模型的研究.计算机学报, 2001, 24(2): 158-163
[25]王剑,唐朝京,张权,张森强,刘俭.基于扩展通用图灵机的计算机病毒传染模型.计算机研究与发展, 2003, 40(9): 1300-1306
[26]左志宏,舒敏,周明天.计算机病毒的计算复杂度问题.计算机科学, 2005, 32(7): 102-104
[27] G. Bonfante, M. Kaczmarek, J.-Y. Marion. On Abstract Computer Virology from a Recursion Theoretic Perspective. Journal in Computer Virology, 2006, 1(3-4): 45-54
[28] H. Thimbleby, S. Anderson, P. Cairns. A Framework for Modeling Trojans and Computer Virus Infection. The Computer Journal, 1998, 41(7): 444-458
[29] K. Kauranen, E. Makinen. A Note on Cohen’s Formal Model for Computer Viruses. ACM SIGSAC Review, 1990, 8(2): 40-43
[30] E. Makinen. Comment on‘a Framework for Modeling Trojans and Computer Virus Infection’. The Computer Journal, 2001, 44(4): 321-323
[31] H. Thimbleby, S. Anderson, P. Cairns. Reply to‘Comment on“a Framework for Modeling Trojans and Computer Virus Infection”’. The Computer Journal, 2001,44(4): 324-325
[32] F. Cohen. Reply to‘Comment on“a Framework for Modeling Trojans and Computer Virus Infection”’. The Computer Journal, 2001, 44(4): 326-327
[33] F. Cohen. A Formal Definition of Computer Worms and Some Related Results. Computers & Security, 1992, 11(7): 641-652
[34]郑辉. Internet蠕虫研究[博士学位论文].天津:南开大学, 2003
[35]文伟平,卿斯汉,蒋建春,王业君.网络蠕虫研究与进展.软件学报, 2004, 15(8): 1208-1219
[36] S. Staniford, V. Paxson, N. Weaver. How to Own the Internet in Your Spare Time. In: Proceedings of the 11th USENIX Security Symposium (Security’02). Berkeley: USENIX Association, 2002. 149-167
[37] C. C. Zou, D. Towsley, W. B. Gong, S. L. Cai. Advanced Routing Worm and Its Security Challenges. Simulation, 2006, 82(1): 75-85
[38] N. Provos, J. McClain, K. Wang. Search Worms. In: Proceedings of the 4th ACM Workshop on Recurring Malcode (WORM’06). New York: ACM Press, 2006. 1-8
[39] J. Ma, G. M. Voelker, S. Savage. Self-Stopping Worms. In: Proceedings of the 3rd ACM Workshop on Rapid Malcode (WORM’05). New York: ACM Press, 2005. 12-21
[40] Z. S. Chen, C. Y. Ji. Importance-Scanning Worm Using Vulnerable-Host Distribution. In: Proceedings of the 48th Annual IEEE Global Telecommunications Conference (GLOBECOM’05). Piscataway: IEEE Press, 2005. 1779-1784
[41] Z. S. Chen, C. Y. Ji. A Self-Learning Worm Using Importance Scanning. In: Proceedings of the 3rd ACM Workshop on Rapid Malcode (WORM’05). New York: ACM Press, 2005. 22-29
[42] B. Wiley. Curious Yellow: The First Coordinated Worm Design. 2002. Available from: http://blanu.net/curious_yellow.html
[43] J. Kannan, K. Lakshminarayanan. Implications of Peer-to-Peer Networks on Worm Attacks and Defenses. 2003. Available from: http://www.cs.berkeley.edu/~ kubitron/courses/cs294-4-F03/projects/karthik_jayanth.pdf
[44] E. Filiol, E. Franc, A. Gubbioli, B. Moquet, G. Roblot. Combinatorial Optimisation of Worm Propagation on an Unknown Network. Proceedings of the World Academy of Science, Engineering and Technology, 2007, 23: 373-379
[45] J. B. Grizzard, V. Sharma, C. Nunnery, B. H. Kang, D. Dagon. Peer-to-Peer Botnets: Overview and Case Study. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots’07). Berkeley: USENIX Association, 2007
[46] P. Reiher, J. Li, G. Kuenning. Midgard Worms: Sudden Nasty Surprises from aLarge Resilient Zombie Army. Technical Report, 040019, Computer Science Department, University of California, Los Angeles, 2004
[47] P. Wang, S. Sparks, C. C. Zou. An Advanced Hybrid Peer-to-Peer Botnet. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots’07). Berkeley: USENIX Association, 2007
[48] G. Starnberger, C. Kruegel, E. Kirda. Overbot - A Botnet Protocol Based on Kademlia. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm’08). New York: ACM Press, 2008
[49] R. Schoof, R. Koning. Detecting Peer-to-Peer Botnets. 2007. Available from: http://staff.science.uva.nl/~delaat/sne-2006-2007/p17/report.pdf
[50] C. Nunnery, B. H. Kang. Locating Zombie Nodes and Botmasters in Decentralized Peer-to-Peer Botnets. 2007. Available from: http://honeynet.uncc.e du/papers/P2PDetect_ConceptPaper.pdf
[51] M. Steggink, I. Idziejczak. Detection of Peer-to-Peer Botnets[Master Thesis]. Amsterdam: University of Amsterdam, 2008
[52] K. Dambiec. Detecting Potential Peer-to-Peer Botnets Using the Payload of Network Packets. 2008. Available from: http://cs.anu.edu.au/student/projects/08S 2/Reports/Karun%20Dambiec.pdf
[53] M. M. Masud, J. Gao, L. Khan, J. W. Han, B. Thuraisingham. Peer to Peer Botnet Detection for Cyber-Security: A Data Mining Approach. In: Proceedings of the 4th Annual Workshop on Cyber Security and Informaiton Intelligence Research (CSIIRW’08). New York: ACM Press, 2008
[54] G. F. Gu, R. Perdisci, J. J. Zhang, W. Lee. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In: Proceedings of the 17th USENIX Security Symposium (Security’08). Berkeley: USENIX Association, 2008. 139-154
[55] D. Ellis. Worm Anatomy and Model. In: Proceedings of the 1st ACM Workshop on Rapid Malcode (WORM’03). New York: ACM Press, 2003. 42-50
[56] J. E. Hopcroft, R. Motwani, J. D. Ullman著,刘田,姜晖,王捍贫译.自动机理论、语言和计算导论(原书第2版).北京:机械工业出版社, 2004
[57]张鸣华.可计算性理论.北京:清华大学出版社, 1984
[58] P. Wegner. Towards Empirical Computer Science. The Monist, 1999, 82(1): 58-108
[59] D. Goldin, S. Smolka, P. Attie, E. Sonderegger. Turing Machines, Transition Systems, and Interaction. Information and Computation, 2004, 194(2): 101-128
[60] C. Kruegel, E. Kirda, D. Mutz, W. Robertson, G. Vigna. Polymorphic Worm Detection Using Structural Information of Executables. In: Proceedings of the8th International Symposium on Recent Advances in Intrusion Detection (RAID’05), LNCS 3858. Berlin: Springer-Verlag, 2006. 207-226
[61]罗兴睿,姚羽,高福祥.基于纯P2P原理的蠕虫传播模型的研究.通信学报, 2006, 27(11A): 53-58
[62]高福山.基于递归自再生规则的计算机病毒传播分析.吉林大学学报(信息科学版), 2005, 23(1): 64-68
[63] J. Case. A Note on Degrees of Self-Describing Turing Machines. Journal of the ACM, 1971, 18(3): 329-338
[64] M. A. Ludwig. Computer Viruses, Artificial Life and Evolution. Tucson: American Eagle Publications, 1993
[65] F. Leitold. Reductions of the General Virus Detection Problem. In: EICAR 2001 Best Paper Proceedings. Aalborg: EICAR c/o TIM World ApS, 2001. 24-30
[66] D. Spinellis. Reliable Identification of Bounded-Length Viruses is NP-Complete. IEEE Transactions on Information Theory, 2003, 49(1): 280-284
[67]王晓东.算法设计与分析.北京:清华大学出版社, 2002
[68] A. Whitaker, D. P. Newman. Penetration Testing and Network Defense. Indianapolis: Cisco Press, 2005
[69]许治坤,王伟,郭添森,杨冀龙.网络渗透技术.北京:电子工业出版社, 2005
[70] L. D. Stone. Theory of Optimal Search. New York: Academic Press, 1975
[71]朱清新.离散和连续空间中的最优搜索理论.北京:科学出版社, 2005
[72] D. Moore, C. Shannon. The Spread of the Code-Red Worm (CRv2). 2001. Available from: http://www.caida.org/research/security/code-red/coderedv2_anal ysis.xml
[73] D. Moore, C. Shannon, J. Brown. Code-Red: A Case Study on the Spread and Victims of an Internet Worm. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement (IMW’02). New York: ACM Press, 2002. 273-284
[74] Z. S. Chen, C. Chen, C. Y. Ji. Understanding Localized-Scanning Worms. In: Proceedings of the 26th IEEE International Performance, Computing, and Communications Conference (IPCCC’07). Piscataway: IEEE Press, 2007. 186-193
[75] E. W. Weisstein. Chebyshev Sum Inequality. Available from: http://mathworld.w olfram.com/ChebyshevSumInequality.html
[76] K. Dunham. Four Reasons Why Klez Is Widespread. Information Security Journal: A Global Perspective, 2003, 12(2): 16-20
[77] C. C. Zou, D. Towsley, W. B. Gong. Modeling and Simulation Study of the Propagation and Defense of Internet Email Worm. IEEE Transactions onDependable and Secure Computing, 2007, 4(2): 105-118
[78] H. Ebel, L.-I. Mielsch, S. Bornholdt. Scale-Free Topology of E-mail Networks. Physical Review E, 2002, 66(3): 035103(4)
[79] A.-L. Barabasi, R. Albert. Emergence of Scaling in Random Networks. Science, 1999, 286: 509-512
[80] R. Pastor-Satorras, A. Vespignani. Epidemic Spreading in Scale-Free Networks. Physical Review Letters, 2001, 86(14): 3200-3203
[81] S. Staniford, D. Moore, V. Paxson, N. Weaver. The Top Speed of Flash Worms. In: Proceedings of the 2nd ACM Workshop on Rapid Malcode (WORM’04). New York: ACM Press, 2004. 33-42
[82] I. Gupta, K. Birman, P. Linga, A. Demers, R. van Renesse. Kelips: Building an Efficient and Stable P2P DHT through Increased Memory and Background Overhead. In: Proceedings of the 2nd International Workshop on Peer-to-Peer Systems (IPTPS’03). 2003
[83] P. Maymounkov, D. Mazieres. Kademlia: A Peer-to-Peer Information System Based on the XOR Metric. In: Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS’02). 2002
[84] D. Ellis. A Potency Relation for Worms and Next-Generation Attack Tools. 2002. Available from: http://www.mitre.org/work/tech_papers/tech_papers_02/ellis_po tency/ellis_potency.pdf
[85] S. Hazel, B. Wiley. Achord: A Variant of the Chord Lookup Service for Use in Censorship Resistant Peer-to-Peer Publishing Systems. In: Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS’02). 2002
[86] I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, H. Balakrishnan. Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications. ACM SIGCOMM Computer Communication Review, 2001, 31(4): 149-160
[87] Worm Blog. 2008. Available from: http://www.wormblog.com/
[88] B. Raghavan, E. Lin. WORM: Worm Organized Resource Management. 2003. Available from: http://www.cs.ucsd.edu/~ewlin/cse222/WORM.pdf
[89] B. Yang, H. Garcia-Molina. Designing a Super-Peer Network. In: Proceedings of the 19th International Conference on Data Engineering (ICDE’03). Los Alamitos: IEEE Computer Society Press, 2003. 49-60
[90] File-Sharing Activity Part 2 of 2 - Increased Intruder Attacks against Servers to Expand Illegal File Sharing Networks. 2002. Available from: http://www.auscer t.org.au/render.html?it=2229
[91] C. GauthierDickey, C. Grothoff. Bootstrapping of Peer-to-Peer Networks. In: Proceedings of the 2008 International Symposium on Applications and the Internet (SAINT’08). Los Alamitos: IEEE Computer Society Press, 2008. 205-208
[92] P. Karbhari, M. Ammar, A. Dhamdhere, H. Raj, G. Riley, E. Zegura. Bootstrapping in Gnutella: A Measurement Study. In: Proceedings of the 5th Passive and Active Measurement Workshop (PAM’04), LNCS 3015. Berlin: Springer-Verlag, 2004. 22-32
[93] S. Voulgaris. Epidemic-Based Self-Organization in Peer-to-Peer Systems[PhD Dissertation]. Amsterdam: Vrije Universiteit Amsterdam, 2006
[94] X. Y. Zhang, Q. Zhang, Z. S. Zhang, G. Song, W. W. Zhu. A Construction of Locality-Aware Overlay Network: mOverlay and Its Performance. IEEE Journal on Selected Areas in Communications, 2004, 22(1): 18-28
[95] D. Stutzbach, R. Rejaie. Understanding Churn in Peer-to-Peer Networks. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement (IMC’06). New York: ACM Press, 2006. 189-202
[96] P. B. Godfrey, S. Shenker, I. Stoica. Minimizing Churn in Distributed Systems. ACM SIGCOMM Computer Communication Review, 2006, 36(4): 147-158
[97] L. D. Zhou, L. T. Zhang, F. McSherry, N. Immorlica, M. Costa, S. Chien. A First Look at Peer-to-Peer Worms: Threats and Defenses. In: Proceedings of the 4th International Workshop on Peer-to-Peer Systems (IPTPS’05). 2005
[98] D. Dagon, G. F. Gu, C. P. Lee, W. Lee. A Taxonomy of Botnet Structures. In: Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC’07). Los Alamitos: IEEE Computer Society Press, 2007. 325-339
[99] P. Erdos, A. Renyi. On the Evolution of Random Graphs. Publications of the Mathematical Institute of the Hungarian Academy of Science, 1960, 5: 17-61
[100] D. J. Watts, S. H. Strogatz. Collective Dynamics of‘Small-World’Networks. Nature, 1998, 393: 440-442
[101] H. Guclu, M. Yuksel. Scale-Free Overlay Topologies with Hard Cutoffs for Unstructured Peer-to-Peer Networks. In: Proceedings of the 27th International Conference on Distributed Computing Systems (ICDCS’07). Los Alamitos: IEEE Computer Society Press, 2007
[102] Y. K. Hui, C. S. Lui, K. Y. Yau. Small-World Overlay P2P Networks: Construction, Management and Handling of Dynamic Flash Crowds. Computer Networks, 2006, 50(15): 2727-2746
[103] Taxonomy of Botnet Threats. 2006. Available from: http://us.trendmicro.com/im peria/md/content/us/pdf/threats/securitylibrary/botnettaxonomywhitepapernovember2006.pdf
[104] M. Portmann, A. Seneviratne. Cost-Effective Broadcast for Fully Decentralized Peer-to-Peer Networks. Computer Communications, 2003, 26(11): 1159-1167
[105] S. El-Ansary, L. O. Alima, P. Brand, S. Haridi. Efficient Broadcast in Structured P2P Networks. In: Proceedings of the 2nd International Workshop on Peer-to-Peer Systems (IPTPS’03). 2003
[106] A. Hirt, J. Aycock. Anonymous and Malicious. In: Proceedings of the 15th Virus Bulletin Conference (VB’05). Abingdon: Virus Bulletin, 2005. 2-8
[107] M. Castro, P. Druschel, Y. C. Hu, A. Rowstron. Topology-Aware Routing in Structured Peer-to-Peer Overlay Networks. Technical Report, MSR-TR-2002-82, Microsoft Research, 2002
[108] L. Mariani. Fault-Tolerant Routing for P2P Systems with Unstructured Topology. In: Proceedings of the 2005 Symposium on Applications and the Internet (SAINT’05). Los Alamitos: IEEE Computer Society Press, 2005. 256-263
[109]朱娜斐,陈松乔,眭鸿飞,陈建二.匿名通信概览.计算机应用, 2005, 25(11): 2475-2479
[110]王育民,张彤,黄继武,董庆宽.信息隐藏——理论与实践.北京:清华大学出版社, 2006
[111]陆庆,周世杰,秦志光,吴春江.对等网络流量检测技术.电子科技大学学报, 2007, 36(6): 1333-1337
[112]王继林,伍前红,陈德人,王育民.匿名技术的研究进展.通信学报, 2005, 26(2): 112-118
[113]李旭华,叶飞跃,蒙德龙. P2P网络中基于代理合作的匿名传输机制.计算机应用, 2006, 26(1): 70-71,86
[114]吴艳辉,王伟平,陈建二.结构化P2P覆盖网络中匿名通信的研究.小型微型计算机系统, 2007, 28(3): 421-424
[115]王永杰,刘京菊,孙乐昌.网络数据通信中的隐蔽通道技术研究.计算机工程, 2003, 29(2): 125-126,242
[116]徐杰锋.基于TCP/IP协议的网络隐蔽通道研究.北京邮电大学学报, 2003, 26(S1): 144-150
[117] R. Albert, H. Jeong, A.-L. Barabasi. Error and Attack Tolerence of Complex Networks. Nature, 2000, 406: 378-382
[118] B. Shargel, H. Sayama, I. R. Epstein, Y. Bar-Yam. Optimization of Robustness and Connectivity in Complex Networks. Physical Review Letters, 2003, 90(6): 068701(4)
[119] J. C. Brustoloni. Protecting Electronic Commerce from Distributed Denial-of-Service Attacks. In: Proceedings of the 11th International Conference on World Wide Web (WWW’02). New York: ACM Press, 2002. 553-561
[120]张基温,叶茜.分布式拒绝服务攻击建模与形式化描述.计算机工程与设计, 2006, 27(21): 4125-4127,4138
[121] A. Wagner, B. Plattner. Peer-to-Peer Systems as Attack Platform for Distributed Denial-of-Service. In: Proceedings of the 2002 ACM Workshop on Scientific Aspects of Cyber Terrorism (SACT’02). New York: ACM Press, 2002. 22-30
[122] N. Naoumov, K. Ross. Exploiting P2P Systems for DDoS Attacks. In: Proceedings of the 1st International Conference on Scalable Information Systems (Infoscale’06). New York: ACM Press, 2006
[123] Botnet Threats and Solutions: Phishing. 2006. Available from: http://us.trendmicr o.com/imperia/md/content/us/pdf/threats/securitylibrary/wp01_phishingfinalproof.pdf
[124] M. Jakobsson, A. Young. Distributed Phishing Attacks. 2005. Available from: http://eprint.iacr.org/2005/091.pdf
[125] Iroffer. 2005. Available from: http://iroffer.org/
[126] T. Rollo. A Description of the DCC Protocol. 1994. Available from: http://www.i rchelp.org/irchelp/rfc/dccspec.html
[127] P. Gladychev, A. Patel, D. O’Mahony. Cracking RC5 with Java Applets. Concurrency: Practice & Experience, 1998, 10(11-13): 1165-1171
[128] L. Auronen, A. Peltonen, S. Vaarala, T. Virtanen. Distributed Computing with a Trojan Horse. In: Proceedings of the 4th Australian Information Warfare & IT Security Conference. Adelaide: University of South Australia, 2003. 51-60
[129] M. Leech. Chinese Lottery Cryptanalysis Revisited: The Internet as a Codebreaking Tool. RFC 3607, IETF, 2003
[130] V. Lo, D. Y. Zhou, D. Zappala, Y. H. Liu, S. Y. Zhao. Cluster Computing on the Fly: P2P Scheduling of Idle Cycles in the Internet. In: Post-Proceedings of the 3rd International Workshop on Peer-to-Peer Systems (IPTPS’04), LNCS 3279. Berlin: Springer-Verlag, 2005. 227-236
[131] M. G. Graff, K. R. van Wyk. Secure Coding: Principles & Practices. Sebastopol: O’Reilly, 2003
[132]王磊,张玉清,王力.安全编程研究.计算机应用研究, 2004, 21(9): 130-133
[133] M. Howard, D. LeBlanc. Writing Secure Code(2nd Edition). Redmond: Microsoft Press, 2002
[134] Trusted Computing Group. 2008. Available from: https://www.trustedcomputing group.org/
[135]张焕国,罗捷,金刚,朱智强,余发江,严飞.可信计算研究进展.武汉大学学报(理学版), 2006, 52(5): 513-518
[136]林闯,彭雪海.可信网络研究.计算机学报, 2005, 28(5): 751-758
[137] Vulnerability Analysis. 2006. Available from: http://searchsecurity.techtarget.co m/sDefinition/0,,sid14_gci1176511,00.html
[138]邢栩嘉,林闯,蒋屹新.计算机系统脆弱性评估研究.计算机学报, 2004, 27(1): 1-11
[139]金静,吴辰文. Honeypot技术的原理与应用.兰州交通大学学报(自然科学版), 2005, 24(6): 86-89
[140]诸葛建伟,韩心慧,周勇林,宋程昱,郭晋鹏,邹维. HoneyBow:一个基于高交互式蜜罐技术的恶意代码自动捕获器.通信学报, 2007, 28(12): 8-13
[141]卿斯汉,文伟平,蒋建春,马恒太,刘雪飞.一种基于网状关联分析的网络蠕虫预警新方法.通信学报, 2004, 25(7): 62-70
[142] C. C. Zou, W. B. Gong, D. Towsley, L. X. Gao. The Monitoring and Early Detection of Internet Worms. IEEE/ACM Transactions on Networking, 2005, 13(5): 961-974
[143] J. Kannan, L. Subramanian. I. Stoica, S. Shenker, R. Katz. Cooperative Containment of Fast Scanning Worms. Technical Report, UCB/CSD-04-1359, Computer Science Division, University of California, Berkeley, 2004
[144] M. Cai, K. Hwang, Y.-K. Kwok, S. Song, Y. Chen. Collaborative Internet Worm Containment. IEEE Security & Privacy, 2005, 3(3): 24-33
[145] H. Toyoizumi, A. Kara. Predators: Good Will Mobile Codes Combat against Computer Viruses. In: Proceedings of the 2002 Workshop on New Security Paradigms (NSPW’02). New York: ACM Press, 2002. 11-17
[146] F. Castaneda, E. C. Sezer, J. Xu. WORM vs. WORM: Preliminary Study of an Active Counter-Attack Mechanism. In: Proceedings of the 2nd ACM Workshop on Rapid Malcode (WORM’04). New York: ACM Press, 2004. 83-93
[147]诸葛建伟,韩心慧,周勇林,叶志远,邹维.僵尸网络研究.软件学报, 2008, 19(3): 702-715
[148] C. Douligeris, A. Mitrokotsa. DDoS Attacks and Defense Mechanisms: Classification and State-of-the-Art. Computer Networks, 2004, 44(5): 643-666
[149]白洁,李雪,胡晓荷.直面网络安全最新威胁:网络钓鱼.信息安全与通信保密, 2007, (7): 7-14
[150]陈涓,郭传雄.网络钓鱼攻击的在线检测及防治.解放军理工大学学报(自然科学版), 2007, 8(2): 133-138
[2] J. F. Shoch, J. A. Hupp. The“Worm”Programs - Early Experience with a Distributed Computation. Communications of the ACM, 1982, 25(3): 172-180
[3] F. Cohen. Computer Viruses: Theory and Experiments. Computers & Security, 1987, 6(1): 22-35
[4] D. M. Kienzle, M. C. Elder. Recent Worms: A Survey and Trends. In: Proceedings of the 1st ACM Workshop on Rapid Malcode (WORM’03). New York: ACM Press, 2003. 1-10
[5] M. Schmall. Building Anna Kournikova: An Analysis of the VBSWG Worm Kit. 2001. Available from: http://www.securityfocus.com/infocus/1287
[6] J. Nazario. Defense and Detection Strategies against Internet Worms. Norwood: Artech House, 2003
[7] P. Szor. The Art of Computer Virus Research and Defense. Boston: Addison-Wesley, 2005
[8] J. Li, T. Ehrenkranz, G. Kuenning, P. Reiher. Simulation and Analysis on the Resiliency and Efficiency of Malnets. In: Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation (PADS’05). Los Alamitos: IEEE Computer Society Press, 2005. 262-269
[9] L. Zeltser. The Evolution of Malicious Agents. 2000. Available from: http://www.zeltser.c om/malicious-agents/
[10] E. Cooke, F. Jahanian, D. McPherson. The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. In: Proceedings of the 1st Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI’05). Berkeley: USENIX Association, 2005. 39-44
[11]诸葛建伟,韩心慧,叶志远,邹维.僵尸网络的发现与跟踪.见: 2005全国网络与信息安全技术研讨会论文集. 2005. 183-189
[12] D. Dagon, G. F. Gu, C. Zou, J. Grizzard, S. Dwivedi, W. Lee, R. Lipton. A Taxonomy of Botnets. 2005. Available from: http://www.math.tulane.edu/~tcse m/botnets/ndss_botax.pdf
[13] D. S. Milojicic, V. Kalogeraki, R. Lukose, K. Nagaraja, J. Pruyne, B. Richard, S. Rollins, Z. C. Xu. Peer-to-Peer Computing. Technical Report, HPL-2002-57R1, HP Laboratories Palo Alto, 2002
[14] I. Arce, E. Levy. An Analysis of the Slapper Worm. IEEE Security & Privacy, 2003, 1(1): 82-87
[15] J. Stewart. Sinit P2P Trojan Analysis. 2003. Available from: http://www.secure works.com/research/threats/sinit/
[16] J. Stewart. Phatbot Trojan Analysis. 2004. Available from: http://www.securewor ks.com/research/threats/phatbot/
[17] R. Lemos. Bot Software Looks to Improve Peerage. 2006. Available from: http://www.securityfocus.com/news/11390
[18] J. Stewart. SpamThru Trojan Analysis. 2006. Available from: http://www.secure works.com/research/threats/spamthru/
[19] T. Holz, M. Steiner, F. Dahl, E. Biersack, F. Freiling. Measurements and Mitigation of Peer-to-Peer-Based Botnets: A Case Study on Storm Worm. In: Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET’08). Berkeley: USENIX Association, 2008
[20] F. Cohen. Computational Aspects of Computer Viruses. Computers & Security, 1989, 8(4): 325-344
[21] L. M. Adleman. An Abstract Theory of Computer Viruses. In: Proceedings of the 8th Annual International Cryptology Conference (CRYPTO’88), LNCS 403. Berlin: Springer-Verlag, 1990. 354-374
[22] F. Leitold. Mathematical Model of Computer Viruses. In: EICAR 2000 Best Paper Proceedings. Aalborg: EICAR c/o TIM World ApS, 2000. 194-217
[23]李祥,付继忠,宋荣功,杨宏亚.计算机病毒递归映射.见:第四届中国密码学学术会议论文集.北京:科学出版社, 1996. 279-286
[24]田畅,郑少仁.计算机病毒计算模型的研究.计算机学报, 2001, 24(2): 158-163
[25]王剑,唐朝京,张权,张森强,刘俭.基于扩展通用图灵机的计算机病毒传染模型.计算机研究与发展, 2003, 40(9): 1300-1306
[26]左志宏,舒敏,周明天.计算机病毒的计算复杂度问题.计算机科学, 2005, 32(7): 102-104
[27] G. Bonfante, M. Kaczmarek, J.-Y. Marion. On Abstract Computer Virology from a Recursion Theoretic Perspective. Journal in Computer Virology, 2006, 1(3-4): 45-54
[28] H. Thimbleby, S. Anderson, P. Cairns. A Framework for Modeling Trojans and Computer Virus Infection. The Computer Journal, 1998, 41(7): 444-458
[29] K. Kauranen, E. Makinen. A Note on Cohen’s Formal Model for Computer Viruses. ACM SIGSAC Review, 1990, 8(2): 40-43
[30] E. Makinen. Comment on‘a Framework for Modeling Trojans and Computer Virus Infection’. The Computer Journal, 2001, 44(4): 321-323
[31] H. Thimbleby, S. Anderson, P. Cairns. Reply to‘Comment on“a Framework for Modeling Trojans and Computer Virus Infection”’. The Computer Journal, 2001,44(4): 324-325
[32] F. Cohen. Reply to‘Comment on“a Framework for Modeling Trojans and Computer Virus Infection”’. The Computer Journal, 2001, 44(4): 326-327
[33] F. Cohen. A Formal Definition of Computer Worms and Some Related Results. Computers & Security, 1992, 11(7): 641-652
[34]郑辉. Internet蠕虫研究[博士学位论文].天津:南开大学, 2003
[35]文伟平,卿斯汉,蒋建春,王业君.网络蠕虫研究与进展.软件学报, 2004, 15(8): 1208-1219
[36] S. Staniford, V. Paxson, N. Weaver. How to Own the Internet in Your Spare Time. In: Proceedings of the 11th USENIX Security Symposium (Security’02). Berkeley: USENIX Association, 2002. 149-167
[37] C. C. Zou, D. Towsley, W. B. Gong, S. L. Cai. Advanced Routing Worm and Its Security Challenges. Simulation, 2006, 82(1): 75-85
[38] N. Provos, J. McClain, K. Wang. Search Worms. In: Proceedings of the 4th ACM Workshop on Recurring Malcode (WORM’06). New York: ACM Press, 2006. 1-8
[39] J. Ma, G. M. Voelker, S. Savage. Self-Stopping Worms. In: Proceedings of the 3rd ACM Workshop on Rapid Malcode (WORM’05). New York: ACM Press, 2005. 12-21
[40] Z. S. Chen, C. Y. Ji. Importance-Scanning Worm Using Vulnerable-Host Distribution. In: Proceedings of the 48th Annual IEEE Global Telecommunications Conference (GLOBECOM’05). Piscataway: IEEE Press, 2005. 1779-1784
[41] Z. S. Chen, C. Y. Ji. A Self-Learning Worm Using Importance Scanning. In: Proceedings of the 3rd ACM Workshop on Rapid Malcode (WORM’05). New York: ACM Press, 2005. 22-29
[42] B. Wiley. Curious Yellow: The First Coordinated Worm Design. 2002. Available from: http://blanu.net/curious_yellow.html
[43] J. Kannan, K. Lakshminarayanan. Implications of Peer-to-Peer Networks on Worm Attacks and Defenses. 2003. Available from: http://www.cs.berkeley.edu/~ kubitron/courses/cs294-4-F03/projects/karthik_jayanth.pdf
[44] E. Filiol, E. Franc, A. Gubbioli, B. Moquet, G. Roblot. Combinatorial Optimisation of Worm Propagation on an Unknown Network. Proceedings of the World Academy of Science, Engineering and Technology, 2007, 23: 373-379
[45] J. B. Grizzard, V. Sharma, C. Nunnery, B. H. Kang, D. Dagon. Peer-to-Peer Botnets: Overview and Case Study. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots’07). Berkeley: USENIX Association, 2007
[46] P. Reiher, J. Li, G. Kuenning. Midgard Worms: Sudden Nasty Surprises from aLarge Resilient Zombie Army. Technical Report, 040019, Computer Science Department, University of California, Los Angeles, 2004
[47] P. Wang, S. Sparks, C. C. Zou. An Advanced Hybrid Peer-to-Peer Botnet. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots’07). Berkeley: USENIX Association, 2007
[48] G. Starnberger, C. Kruegel, E. Kirda. Overbot - A Botnet Protocol Based on Kademlia. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm’08). New York: ACM Press, 2008
[49] R. Schoof, R. Koning. Detecting Peer-to-Peer Botnets. 2007. Available from: http://staff.science.uva.nl/~delaat/sne-2006-2007/p17/report.pdf
[50] C. Nunnery, B. H. Kang. Locating Zombie Nodes and Botmasters in Decentralized Peer-to-Peer Botnets. 2007. Available from: http://honeynet.uncc.e du/papers/P2PDetect_ConceptPaper.pdf
[51] M. Steggink, I. Idziejczak. Detection of Peer-to-Peer Botnets[Master Thesis]. Amsterdam: University of Amsterdam, 2008
[52] K. Dambiec. Detecting Potential Peer-to-Peer Botnets Using the Payload of Network Packets. 2008. Available from: http://cs.anu.edu.au/student/projects/08S 2/Reports/Karun%20Dambiec.pdf
[53] M. M. Masud, J. Gao, L. Khan, J. W. Han, B. Thuraisingham. Peer to Peer Botnet Detection for Cyber-Security: A Data Mining Approach. In: Proceedings of the 4th Annual Workshop on Cyber Security and Informaiton Intelligence Research (CSIIRW’08). New York: ACM Press, 2008
[54] G. F. Gu, R. Perdisci, J. J. Zhang, W. Lee. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In: Proceedings of the 17th USENIX Security Symposium (Security’08). Berkeley: USENIX Association, 2008. 139-154
[55] D. Ellis. Worm Anatomy and Model. In: Proceedings of the 1st ACM Workshop on Rapid Malcode (WORM’03). New York: ACM Press, 2003. 42-50
[56] J. E. Hopcroft, R. Motwani, J. D. Ullman著,刘田,姜晖,王捍贫译.自动机理论、语言和计算导论(原书第2版).北京:机械工业出版社, 2004
[57]张鸣华.可计算性理论.北京:清华大学出版社, 1984
[58] P. Wegner. Towards Empirical Computer Science. The Monist, 1999, 82(1): 58-108
[59] D. Goldin, S. Smolka, P. Attie, E. Sonderegger. Turing Machines, Transition Systems, and Interaction. Information and Computation, 2004, 194(2): 101-128
[60] C. Kruegel, E. Kirda, D. Mutz, W. Robertson, G. Vigna. Polymorphic Worm Detection Using Structural Information of Executables. In: Proceedings of the8th International Symposium on Recent Advances in Intrusion Detection (RAID’05), LNCS 3858. Berlin: Springer-Verlag, 2006. 207-226
[61]罗兴睿,姚羽,高福祥.基于纯P2P原理的蠕虫传播模型的研究.通信学报, 2006, 27(11A): 53-58
[62]高福山.基于递归自再生规则的计算机病毒传播分析.吉林大学学报(信息科学版), 2005, 23(1): 64-68
[63] J. Case. A Note on Degrees of Self-Describing Turing Machines. Journal of the ACM, 1971, 18(3): 329-338
[64] M. A. Ludwig. Computer Viruses, Artificial Life and Evolution. Tucson: American Eagle Publications, 1993
[65] F. Leitold. Reductions of the General Virus Detection Problem. In: EICAR 2001 Best Paper Proceedings. Aalborg: EICAR c/o TIM World ApS, 2001. 24-30
[66] D. Spinellis. Reliable Identification of Bounded-Length Viruses is NP-Complete. IEEE Transactions on Information Theory, 2003, 49(1): 280-284
[67]王晓东.算法设计与分析.北京:清华大学出版社, 2002
[68] A. Whitaker, D. P. Newman. Penetration Testing and Network Defense. Indianapolis: Cisco Press, 2005
[69]许治坤,王伟,郭添森,杨冀龙.网络渗透技术.北京:电子工业出版社, 2005
[70] L. D. Stone. Theory of Optimal Search. New York: Academic Press, 1975
[71]朱清新.离散和连续空间中的最优搜索理论.北京:科学出版社, 2005
[72] D. Moore, C. Shannon. The Spread of the Code-Red Worm (CRv2). 2001. Available from: http://www.caida.org/research/security/code-red/coderedv2_anal ysis.xml
[73] D. Moore, C. Shannon, J. Brown. Code-Red: A Case Study on the Spread and Victims of an Internet Worm. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement (IMW’02). New York: ACM Press, 2002. 273-284
[74] Z. S. Chen, C. Chen, C. Y. Ji. Understanding Localized-Scanning Worms. In: Proceedings of the 26th IEEE International Performance, Computing, and Communications Conference (IPCCC’07). Piscataway: IEEE Press, 2007. 186-193
[75] E. W. Weisstein. Chebyshev Sum Inequality. Available from: http://mathworld.w olfram.com/ChebyshevSumInequality.html
[76] K. Dunham. Four Reasons Why Klez Is Widespread. Information Security Journal: A Global Perspective, 2003, 12(2): 16-20
[77] C. C. Zou, D. Towsley, W. B. Gong. Modeling and Simulation Study of the Propagation and Defense of Internet Email Worm. IEEE Transactions onDependable and Secure Computing, 2007, 4(2): 105-118
[78] H. Ebel, L.-I. Mielsch, S. Bornholdt. Scale-Free Topology of E-mail Networks. Physical Review E, 2002, 66(3): 035103(4)
[79] A.-L. Barabasi, R. Albert. Emergence of Scaling in Random Networks. Science, 1999, 286: 509-512
[80] R. Pastor-Satorras, A. Vespignani. Epidemic Spreading in Scale-Free Networks. Physical Review Letters, 2001, 86(14): 3200-3203
[81] S. Staniford, D. Moore, V. Paxson, N. Weaver. The Top Speed of Flash Worms. In: Proceedings of the 2nd ACM Workshop on Rapid Malcode (WORM’04). New York: ACM Press, 2004. 33-42
[82] I. Gupta, K. Birman, P. Linga, A. Demers, R. van Renesse. Kelips: Building an Efficient and Stable P2P DHT through Increased Memory and Background Overhead. In: Proceedings of the 2nd International Workshop on Peer-to-Peer Systems (IPTPS’03). 2003
[83] P. Maymounkov, D. Mazieres. Kademlia: A Peer-to-Peer Information System Based on the XOR Metric. In: Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS’02). 2002
[84] D. Ellis. A Potency Relation for Worms and Next-Generation Attack Tools. 2002. Available from: http://www.mitre.org/work/tech_papers/tech_papers_02/ellis_po tency/ellis_potency.pdf
[85] S. Hazel, B. Wiley. Achord: A Variant of the Chord Lookup Service for Use in Censorship Resistant Peer-to-Peer Publishing Systems. In: Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS’02). 2002
[86] I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, H. Balakrishnan. Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications. ACM SIGCOMM Computer Communication Review, 2001, 31(4): 149-160
[87] Worm Blog. 2008. Available from: http://www.wormblog.com/
[88] B. Raghavan, E. Lin. WORM: Worm Organized Resource Management. 2003. Available from: http://www.cs.ucsd.edu/~ewlin/cse222/WORM.pdf
[89] B. Yang, H. Garcia-Molina. Designing a Super-Peer Network. In: Proceedings of the 19th International Conference on Data Engineering (ICDE’03). Los Alamitos: IEEE Computer Society Press, 2003. 49-60
[90] File-Sharing Activity Part 2 of 2 - Increased Intruder Attacks against Servers to Expand Illegal File Sharing Networks. 2002. Available from: http://www.auscer t.org.au/render.html?it=2229
[91] C. GauthierDickey, C. Grothoff. Bootstrapping of Peer-to-Peer Networks. In: Proceedings of the 2008 International Symposium on Applications and the Internet (SAINT’08). Los Alamitos: IEEE Computer Society Press, 2008. 205-208
[92] P. Karbhari, M. Ammar, A. Dhamdhere, H. Raj, G. Riley, E. Zegura. Bootstrapping in Gnutella: A Measurement Study. In: Proceedings of the 5th Passive and Active Measurement Workshop (PAM’04), LNCS 3015. Berlin: Springer-Verlag, 2004. 22-32
[93] S. Voulgaris. Epidemic-Based Self-Organization in Peer-to-Peer Systems[PhD Dissertation]. Amsterdam: Vrije Universiteit Amsterdam, 2006
[94] X. Y. Zhang, Q. Zhang, Z. S. Zhang, G. Song, W. W. Zhu. A Construction of Locality-Aware Overlay Network: mOverlay and Its Performance. IEEE Journal on Selected Areas in Communications, 2004, 22(1): 18-28
[95] D. Stutzbach, R. Rejaie. Understanding Churn in Peer-to-Peer Networks. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement (IMC’06). New York: ACM Press, 2006. 189-202
[96] P. B. Godfrey, S. Shenker, I. Stoica. Minimizing Churn in Distributed Systems. ACM SIGCOMM Computer Communication Review, 2006, 36(4): 147-158
[97] L. D. Zhou, L. T. Zhang, F. McSherry, N. Immorlica, M. Costa, S. Chien. A First Look at Peer-to-Peer Worms: Threats and Defenses. In: Proceedings of the 4th International Workshop on Peer-to-Peer Systems (IPTPS’05). 2005
[98] D. Dagon, G. F. Gu, C. P. Lee, W. Lee. A Taxonomy of Botnet Structures. In: Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC’07). Los Alamitos: IEEE Computer Society Press, 2007. 325-339
[99] P. Erdos, A. Renyi. On the Evolution of Random Graphs. Publications of the Mathematical Institute of the Hungarian Academy of Science, 1960, 5: 17-61
[100] D. J. Watts, S. H. Strogatz. Collective Dynamics of‘Small-World’Networks. Nature, 1998, 393: 440-442
[101] H. Guclu, M. Yuksel. Scale-Free Overlay Topologies with Hard Cutoffs for Unstructured Peer-to-Peer Networks. In: Proceedings of the 27th International Conference on Distributed Computing Systems (ICDCS’07). Los Alamitos: IEEE Computer Society Press, 2007
[102] Y. K. Hui, C. S. Lui, K. Y. Yau. Small-World Overlay P2P Networks: Construction, Management and Handling of Dynamic Flash Crowds. Computer Networks, 2006, 50(15): 2727-2746
[103] Taxonomy of Botnet Threats. 2006. Available from: http://us.trendmicro.com/im peria/md/content/us/pdf/threats/securitylibrary/botnettaxonomywhitepapernovember2006.pdf
[104] M. Portmann, A. Seneviratne. Cost-Effective Broadcast for Fully Decentralized Peer-to-Peer Networks. Computer Communications, 2003, 26(11): 1159-1167
[105] S. El-Ansary, L. O. Alima, P. Brand, S. Haridi. Efficient Broadcast in Structured P2P Networks. In: Proceedings of the 2nd International Workshop on Peer-to-Peer Systems (IPTPS’03). 2003
[106] A. Hirt, J. Aycock. Anonymous and Malicious. In: Proceedings of the 15th Virus Bulletin Conference (VB’05). Abingdon: Virus Bulletin, 2005. 2-8
[107] M. Castro, P. Druschel, Y. C. Hu, A. Rowstron. Topology-Aware Routing in Structured Peer-to-Peer Overlay Networks. Technical Report, MSR-TR-2002-82, Microsoft Research, 2002
[108] L. Mariani. Fault-Tolerant Routing for P2P Systems with Unstructured Topology. In: Proceedings of the 2005 Symposium on Applications and the Internet (SAINT’05). Los Alamitos: IEEE Computer Society Press, 2005. 256-263
[109]朱娜斐,陈松乔,眭鸿飞,陈建二.匿名通信概览.计算机应用, 2005, 25(11): 2475-2479
[110]王育民,张彤,黄继武,董庆宽.信息隐藏——理论与实践.北京:清华大学出版社, 2006
[111]陆庆,周世杰,秦志光,吴春江.对等网络流量检测技术.电子科技大学学报, 2007, 36(6): 1333-1337
[112]王继林,伍前红,陈德人,王育民.匿名技术的研究进展.通信学报, 2005, 26(2): 112-118
[113]李旭华,叶飞跃,蒙德龙. P2P网络中基于代理合作的匿名传输机制.计算机应用, 2006, 26(1): 70-71,86
[114]吴艳辉,王伟平,陈建二.结构化P2P覆盖网络中匿名通信的研究.小型微型计算机系统, 2007, 28(3): 421-424
[115]王永杰,刘京菊,孙乐昌.网络数据通信中的隐蔽通道技术研究.计算机工程, 2003, 29(2): 125-126,242
[116]徐杰锋.基于TCP/IP协议的网络隐蔽通道研究.北京邮电大学学报, 2003, 26(S1): 144-150
[117] R. Albert, H. Jeong, A.-L. Barabasi. Error and Attack Tolerence of Complex Networks. Nature, 2000, 406: 378-382
[118] B. Shargel, H. Sayama, I. R. Epstein, Y. Bar-Yam. Optimization of Robustness and Connectivity in Complex Networks. Physical Review Letters, 2003, 90(6): 068701(4)
[119] J. C. Brustoloni. Protecting Electronic Commerce from Distributed Denial-of-Service Attacks. In: Proceedings of the 11th International Conference on World Wide Web (WWW’02). New York: ACM Press, 2002. 553-561
[120]张基温,叶茜.分布式拒绝服务攻击建模与形式化描述.计算机工程与设计, 2006, 27(21): 4125-4127,4138
[121] A. Wagner, B. Plattner. Peer-to-Peer Systems as Attack Platform for Distributed Denial-of-Service. In: Proceedings of the 2002 ACM Workshop on Scientific Aspects of Cyber Terrorism (SACT’02). New York: ACM Press, 2002. 22-30
[122] N. Naoumov, K. Ross. Exploiting P2P Systems for DDoS Attacks. In: Proceedings of the 1st International Conference on Scalable Information Systems (Infoscale’06). New York: ACM Press, 2006
[123] Botnet Threats and Solutions: Phishing. 2006. Available from: http://us.trendmicr o.com/imperia/md/content/us/pdf/threats/securitylibrary/wp01_phishingfinalproof.pdf
[124] M. Jakobsson, A. Young. Distributed Phishing Attacks. 2005. Available from: http://eprint.iacr.org/2005/091.pdf
[125] Iroffer. 2005. Available from: http://iroffer.org/
[126] T. Rollo. A Description of the DCC Protocol. 1994. Available from: http://www.i rchelp.org/irchelp/rfc/dccspec.html
[127] P. Gladychev, A. Patel, D. O’Mahony. Cracking RC5 with Java Applets. Concurrency: Practice & Experience, 1998, 10(11-13): 1165-1171
[128] L. Auronen, A. Peltonen, S. Vaarala, T. Virtanen. Distributed Computing with a Trojan Horse. In: Proceedings of the 4th Australian Information Warfare & IT Security Conference. Adelaide: University of South Australia, 2003. 51-60
[129] M. Leech. Chinese Lottery Cryptanalysis Revisited: The Internet as a Codebreaking Tool. RFC 3607, IETF, 2003
[130] V. Lo, D. Y. Zhou, D. Zappala, Y. H. Liu, S. Y. Zhao. Cluster Computing on the Fly: P2P Scheduling of Idle Cycles in the Internet. In: Post-Proceedings of the 3rd International Workshop on Peer-to-Peer Systems (IPTPS’04), LNCS 3279. Berlin: Springer-Verlag, 2005. 227-236
[131] M. G. Graff, K. R. van Wyk. Secure Coding: Principles & Practices. Sebastopol: O’Reilly, 2003
[132]王磊,张玉清,王力.安全编程研究.计算机应用研究, 2004, 21(9): 130-133
[133] M. Howard, D. LeBlanc. Writing Secure Code(2nd Edition). Redmond: Microsoft Press, 2002
[134] Trusted Computing Group. 2008. Available from: https://www.trustedcomputing group.org/
[135]张焕国,罗捷,金刚,朱智强,余发江,严飞.可信计算研究进展.武汉大学学报(理学版), 2006, 52(5): 513-518
[136]林闯,彭雪海.可信网络研究.计算机学报, 2005, 28(5): 751-758
[137] Vulnerability Analysis. 2006. Available from: http://searchsecurity.techtarget.co m/sDefinition/0,,sid14_gci1176511,00.html
[138]邢栩嘉,林闯,蒋屹新.计算机系统脆弱性评估研究.计算机学报, 2004, 27(1): 1-11
[139]金静,吴辰文. Honeypot技术的原理与应用.兰州交通大学学报(自然科学版), 2005, 24(6): 86-89
[140]诸葛建伟,韩心慧,周勇林,宋程昱,郭晋鹏,邹维. HoneyBow:一个基于高交互式蜜罐技术的恶意代码自动捕获器.通信学报, 2007, 28(12): 8-13
[141]卿斯汉,文伟平,蒋建春,马恒太,刘雪飞.一种基于网状关联分析的网络蠕虫预警新方法.通信学报, 2004, 25(7): 62-70
[142] C. C. Zou, W. B. Gong, D. Towsley, L. X. Gao. The Monitoring and Early Detection of Internet Worms. IEEE/ACM Transactions on Networking, 2005, 13(5): 961-974
[143] J. Kannan, L. Subramanian. I. Stoica, S. Shenker, R. Katz. Cooperative Containment of Fast Scanning Worms. Technical Report, UCB/CSD-04-1359, Computer Science Division, University of California, Berkeley, 2004
[144] M. Cai, K. Hwang, Y.-K. Kwok, S. Song, Y. Chen. Collaborative Internet Worm Containment. IEEE Security & Privacy, 2005, 3(3): 24-33
[145] H. Toyoizumi, A. Kara. Predators: Good Will Mobile Codes Combat against Computer Viruses. In: Proceedings of the 2002 Workshop on New Security Paradigms (NSPW’02). New York: ACM Press, 2002. 11-17
[146] F. Castaneda, E. C. Sezer, J. Xu. WORM vs. WORM: Preliminary Study of an Active Counter-Attack Mechanism. In: Proceedings of the 2nd ACM Workshop on Rapid Malcode (WORM’04). New York: ACM Press, 2004. 83-93
[147]诸葛建伟,韩心慧,周勇林,叶志远,邹维.僵尸网络研究.软件学报, 2008, 19(3): 702-715
[148] C. Douligeris, A. Mitrokotsa. DDoS Attacks and Defense Mechanisms: Classification and State-of-the-Art. Computer Networks, 2004, 44(5): 643-666
[149]白洁,李雪,胡晓荷.直面网络安全最新威胁:网络钓鱼.信息安全与通信保密, 2007, (7): 7-14
[150]陈涓,郭传雄.网络钓鱼攻击的在线检测及防治.解放军理工大学学报(自然科学版), 2007, 8(2): 133-138