主动P2P蠕虫的检测与防御技术研究
|
摘要
当前,P2P网络的流量已超过互联网带宽的60%,由此带来的安全隐患也与日俱增。主动P2P蠕虫可以通过各种安全漏洞在P2P网络中传播,它通过获取感染节点的邻居信息,对部分或全部邻居发起直接攻击。与随机扫描蠕虫相比,它不需要通过随机生成IP地址进行嗅探以发现目标,也不会产生大量的失败连接,因而传播更快更隐蔽,更难以检测和防御。主动P2P蠕虫已成为制约P2P网络应用发展的严重安全威胁之一。
构建了主动P2P蠕虫传播的离散递归模型(P2P Worm Discrete Recursive Model,PWDRM)。主动P2P蠕虫的传播是一种动态过程,在每个离散的时刻分析节点的状态和行为,归纳相邻时刻感染节点数量之间的关系,从而构建起递归数学模型。该模型引入P2P网络规模、节点在线概率、节点感染概率和节点拓扑度等P2P网络参数,以及攻击速率和hit-list规模等蠕虫参数。特别考虑了拓扑类型、节点平均拓扑度、无结构P2P网络的幂律指数、感染策略、hit-list拓扑度、邻居节点选择策略等对主动P2P蠕虫传播的影响。仿真表明该模型能有效描述主动P2P蠕虫在无结构P2P网络和结构化P2P网络中的传播现象,比现有的拓扑型传染病微分模型更能真实反映主动P2P蠕虫的传播。
提出了基于网络、利用应用层知识的主动P2P蠕虫检测方法。1)基于连接变化点的检测方法(Connection Change-point based Detection,CCD)。使用随机序列表示拥有不同“源-目”对的连接总数,应用序列变化检测理论对数据流进行统计检测。2)基于异常多播特征的检测方法(Abnormal Multicast based Detection,AMD)。构建主动P2P蠕虫的多播树,将它的传播视为泊松过程,并检测其可能出现的异常多播现象以发现蠕虫。另外,该方法还可通过阻塞感染节点的蠕虫多播行为,实现对主动P2P蠕虫的防御。仿真表明上述方法能够在较短的时间内发现主动P2P蠕虫,并遏制它的传播。
提出了主动P2P蠕虫的防御策略、防御方法,以及防御系统框架。1)选择性静态免疫方法(Selective Static Immunization,SSI)。通过对部分节点实施静态免疫,以减缓或遏制主动P2P蠕虫的传播速度。2)基于关键节点的本地隔离方法(Key Nodebased Local Containment,KNLC)。利用多层k路分区算法将P2P网络划分为大小基本相同的若干区域,通过对关键(蠕虫在不同区域之间传播必须经过的)节点进行免疫,蠕虫的传播将被限制在这些区域内,从而实现了与其它区域的隔离。另外,关键节点选择算法还可以作为选择性静态免疫节点的依据。3)基于连通控制集的动态免疫方法(Connected Dominating Set based Dynamic Imunization,CDSDI)。构建P2P网络的连通控制集,将疫苗推送至其中部分节点,在P2P网络中快速分发。仿真表明:通过采取合适的节点选择策略,SSI对于无结构P2P网络相当有效;KNLC和CDSDI的性能优于基准方法,它们对于P2P网络拓扑变化的容忍度也较高。4)设计了主动P2P蠕虫防御系统框架。该系统由安全服务器、志愿关键节点和连通控制集节点构成,在静态免疫的志愿关键节点上部署蠕虫检测组件,由安全服务器根据检测报告生成疫苗,并推送至连通控制集志愿节点,再由它分发至普通节点,从而实现对主动P2P蠕虫的系统防御。
Nowadays, P2P network traffic possesses 60% of Internet bandwidth, and the hiddensecurity issues arising therefrom are steadily on the increase. Proactive P2P worm canpropagate in P2P network through all kinds of security holes, and it attacks partial or allneighbors directly by getting neighbor information of infected node. Compared withrandom scanning worm, it need not find target by probing randomly generated IP addresses,and it does not generate too many connection failures. Thus it can achive faster and moreconcealed propagation, and it is more difficult to detect and defend. Proactive P2P wormbecomes one of the most serious security threats that restrict the development of P2Pnetwork application.
The discrete recursive propagations model of proactive P2P worm (P2P WormDiscrete Recursive Model, PWDRM) is constructed. As the propagation of proactive P2Pworm is a dynamic process, it analyzes the state and behavior of node in every discretemoment, concludes relation of infected node numbers in very neighboring time and therebybuild recursive mathematical model. The model introduces P2P network parameters such asP2P network size, online probability of node, vulnerable probability of node, topologicaldegree of node, etc. It also introduces worm parameters such as attack rate, hit-list size, etc.It especially considers other factors that may affect propagation of proactive P2P worm,such as topology type, average topology degree of node, power law exponent ofunstructured P2P network, infection tactics, topology degree of hit-list, selection strategy ofneighbor node, etc. Simulations indicate that the model can describe the propagationphenomenon of proactive P2P worm effectively in both unstructured and structured P2Pnetwork, and it can reflect real propagation of proactive P2P worm more than presenttopological epidemic differential model.
Network-based detection methods against proactive P2P worm leveraging application level knowledge are proposed. 1) Connection Chang-point based Detection (CCD) method.It uses random sequence to denote the total number of connections with differentsource-destination pairs, and applies sequential change detection theory to conduct statisticdetection for data stream. 2) Abnormal Multicast based Detection (AMD) method. Itconstructs multicast tree of proactive P2P worm, considers the propagation as a Poissonprocess, and detects the abnormal multicast phenomenon which may appear to find worm.Moreover, it can also achieve defense against proactive P2P worm by blocking wormmulticast behavior of infected nodes. Simulations indicate that above methods can findproactive P2P worm in a short time and contain its propagation.
The defense strategies, defense methods, and defense system framework are proposed.1) Selective Static Immunization (SSI) method. It slows down or contains propagationspeed of proactive P2P worm through immunizing partial nodes statically. 2) Key Nodebased Local Containment (KNLC) method. It utilizes multilevel k-way partitioningalgorithm to divide P2P network into a number of areas with a nearly equal size, andimmunizes key node (node that worm propagation between different areas has to gothrough). Then the worm propagation will be contained in these areas, and the separation toother areas is accomplished. Moreover, the key node selection algorithm can be used tochoose nodes that should be statically immunized. 3) Connected Dominating Set basedDynamic Immunization (CDSDI) method. It constructs connected dominating set of P2Pnetwork, and push vaccine to some nodes in the set for rapid disseminating in P2P networks.Simulations indicate that, SSI is quite effective for unstructured P2P network throughadopting appropriate strategy to select nodes; KNLC and CDSDI outperform the baselinemethod, and they are tolerant to the topology changes of P2P network. 4) Defense systemframework against proactive P2P worm is designed. The system is composed of securityservers, volunteer key nodes, and volunteer nodes of connected dominating set. Wormdetection component is deployed on statically immunized volunteer key node, and securityserver generates vaccine according to detection report, and pushes it to volunteer nodes of connected dominating set. The vaccine is then disseminated to normal nodes by volunteernodes of connected dominating set, and the framework defend proactive P2P wormsystematically.
构建了主动P2P蠕虫传播的离散递归模型(P2P Worm Discrete Recursive Model,PWDRM)。主动P2P蠕虫的传播是一种动态过程,在每个离散的时刻分析节点的状态和行为,归纳相邻时刻感染节点数量之间的关系,从而构建起递归数学模型。该模型引入P2P网络规模、节点在线概率、节点感染概率和节点拓扑度等P2P网络参数,以及攻击速率和hit-list规模等蠕虫参数。特别考虑了拓扑类型、节点平均拓扑度、无结构P2P网络的幂律指数、感染策略、hit-list拓扑度、邻居节点选择策略等对主动P2P蠕虫传播的影响。仿真表明该模型能有效描述主动P2P蠕虫在无结构P2P网络和结构化P2P网络中的传播现象,比现有的拓扑型传染病微分模型更能真实反映主动P2P蠕虫的传播。
提出了基于网络、利用应用层知识的主动P2P蠕虫检测方法。1)基于连接变化点的检测方法(Connection Change-point based Detection,CCD)。使用随机序列表示拥有不同“源-目”对的连接总数,应用序列变化检测理论对数据流进行统计检测。2)基于异常多播特征的检测方法(Abnormal Multicast based Detection,AMD)。构建主动P2P蠕虫的多播树,将它的传播视为泊松过程,并检测其可能出现的异常多播现象以发现蠕虫。另外,该方法还可通过阻塞感染节点的蠕虫多播行为,实现对主动P2P蠕虫的防御。仿真表明上述方法能够在较短的时间内发现主动P2P蠕虫,并遏制它的传播。
提出了主动P2P蠕虫的防御策略、防御方法,以及防御系统框架。1)选择性静态免疫方法(Selective Static Immunization,SSI)。通过对部分节点实施静态免疫,以减缓或遏制主动P2P蠕虫的传播速度。2)基于关键节点的本地隔离方法(Key Nodebased Local Containment,KNLC)。利用多层k路分区算法将P2P网络划分为大小基本相同的若干区域,通过对关键(蠕虫在不同区域之间传播必须经过的)节点进行免疫,蠕虫的传播将被限制在这些区域内,从而实现了与其它区域的隔离。另外,关键节点选择算法还可以作为选择性静态免疫节点的依据。3)基于连通控制集的动态免疫方法(Connected Dominating Set based Dynamic Imunization,CDSDI)。构建P2P网络的连通控制集,将疫苗推送至其中部分节点,在P2P网络中快速分发。仿真表明:通过采取合适的节点选择策略,SSI对于无结构P2P网络相当有效;KNLC和CDSDI的性能优于基准方法,它们对于P2P网络拓扑变化的容忍度也较高。4)设计了主动P2P蠕虫防御系统框架。该系统由安全服务器、志愿关键节点和连通控制集节点构成,在静态免疫的志愿关键节点上部署蠕虫检测组件,由安全服务器根据检测报告生成疫苗,并推送至连通控制集志愿节点,再由它分发至普通节点,从而实现对主动P2P蠕虫的系统防御。
Nowadays, P2P network traffic possesses 60% of Internet bandwidth, and the hiddensecurity issues arising therefrom are steadily on the increase. Proactive P2P worm canpropagate in P2P network through all kinds of security holes, and it attacks partial or allneighbors directly by getting neighbor information of infected node. Compared withrandom scanning worm, it need not find target by probing randomly generated IP addresses,and it does not generate too many connection failures. Thus it can achive faster and moreconcealed propagation, and it is more difficult to detect and defend. Proactive P2P wormbecomes one of the most serious security threats that restrict the development of P2Pnetwork application.
The discrete recursive propagations model of proactive P2P worm (P2P WormDiscrete Recursive Model, PWDRM) is constructed. As the propagation of proactive P2Pworm is a dynamic process, it analyzes the state and behavior of node in every discretemoment, concludes relation of infected node numbers in very neighboring time and therebybuild recursive mathematical model. The model introduces P2P network parameters such asP2P network size, online probability of node, vulnerable probability of node, topologicaldegree of node, etc. It also introduces worm parameters such as attack rate, hit-list size, etc.It especially considers other factors that may affect propagation of proactive P2P worm,such as topology type, average topology degree of node, power law exponent ofunstructured P2P network, infection tactics, topology degree of hit-list, selection strategy ofneighbor node, etc. Simulations indicate that the model can describe the propagationphenomenon of proactive P2P worm effectively in both unstructured and structured P2Pnetwork, and it can reflect real propagation of proactive P2P worm more than presenttopological epidemic differential model.
Network-based detection methods against proactive P2P worm leveraging application level knowledge are proposed. 1) Connection Chang-point based Detection (CCD) method.It uses random sequence to denote the total number of connections with differentsource-destination pairs, and applies sequential change detection theory to conduct statisticdetection for data stream. 2) Abnormal Multicast based Detection (AMD) method. Itconstructs multicast tree of proactive P2P worm, considers the propagation as a Poissonprocess, and detects the abnormal multicast phenomenon which may appear to find worm.Moreover, it can also achieve defense against proactive P2P worm by blocking wormmulticast behavior of infected nodes. Simulations indicate that above methods can findproactive P2P worm in a short time and contain its propagation.
The defense strategies, defense methods, and defense system framework are proposed.1) Selective Static Immunization (SSI) method. It slows down or contains propagationspeed of proactive P2P worm through immunizing partial nodes statically. 2) Key Nodebased Local Containment (KNLC) method. It utilizes multilevel k-way partitioningalgorithm to divide P2P network into a number of areas with a nearly equal size, andimmunizes key node (node that worm propagation between different areas has to gothrough). Then the worm propagation will be contained in these areas, and the separation toother areas is accomplished. Moreover, the key node selection algorithm can be used tochoose nodes that should be statically immunized. 3) Connected Dominating Set basedDynamic Immunization (CDSDI) method. It constructs connected dominating set of P2Pnetwork, and push vaccine to some nodes in the set for rapid disseminating in P2P networks.Simulations indicate that, SSI is quite effective for unstructured P2P network throughadopting appropriate strategy to select nodes; KNLC and CDSDI outperform the baselinemethod, and they are tolerant to the topology changes of P2P network. 4) Defense systemframework against proactive P2P worm is designed. The system is composed of securityservers, volunteer key nodes, and volunteer nodes of connected dominating set. Wormdetection component is deployed on statically immunized volunteer key node, and securityserver generates vaccine according to detection report, and pushes it to volunteer nodes of connected dominating set. The vaccine is then disseminated to normal nodes by volunteernodes of connected dominating set, and the framework defend proactive P2P wormsystematically.
引文
[1]Ripeanu, M., Foster, I., Iamnitchi, A.. Mapping the Gnutella Network:Macroscopic Properties of Large-Scale Peer-to-Peer Systems. in: Proceedings of 1-th International Workshop on Peer-to-Peer Systems (IPTPS), 2002. 238-245
[2]Zeitoun, A., Jamin, S.. Rapid Exploration of Internet Live Address Space Using Optimal Discovery Path. in: Proceedings of IEEE Globlecom, 2003. 2885-2890
[3]Staniford, S, Paxson, V, Weaver, N.. How to Own the Internet in Your Spare Time.in: Proc. of the 11th USENIX Security Symposium. San Francisco, CA, Aug. 2002.149-167
[4]Khiat, Nassima, Carlinet, Yannick, Agoulmine, Nazim. The Emerging Threat of Peer-to-Peer Worms. in: MonAM 2006 Workshop. Tuebingen, Germany, 2006.174-175
[5]Kannan, J., Lakshminarayanan, K.. Implications of Peer-to-Peer networks on worm attacks and defenses. California: CS294-4 Project, 2003
[6]Zhou, L., Zhang, L., McSherry, F. et al. A First Look at Peer-to-Peer Worms:Threats and Defenses in: Peer-to-Peer Systems IV. 4th International Workshop,IPTPS 2005. Revised Selected Papers. Berlin: Springer-Verlag, 2005. 24-35
[7]Costa, M., Crowcroft, J., Castro, M. et al. Vigilante: end-to-end containment of internet worms. in: Proc. ACM Symp. Operating Systems Principles (SOSP 05),ACM Press, Dec. 2005. 133-147
[8]Yu, Wei. Analyze the worm-based attack in large scale P2P networks. in: Proc of Eighth IEEE International Symposium on High Assurance Systems Engineering(HASE'04). Florida, 2004. 308-309
[9]Chen. G, Gray, R.S.. Simulating non-Scanning worms on peer-to-peer networks. in:Proc. ACM Conf. Scalable Information Systems (INFOSCALE 06), ACM Press, May. 2006.29-41
[10] 夏春和,石昀平,李肖坚.结构化对等网中的P2P蠕虫传播模型研究.计算机学报,2006,29(6):952-959
[11] Stoica, I., Morris, R., Karger, D. et al. Chord: A scalable peer-to-peer lookup service for internet applications, in: Proceedings of the ACM SIGCOMM 2001, San Diego, 2001. 149-160
[12] Ratnasamy, S., Francis, P., Handley, M. et al. A scalable content-addressable network, in: Proceedings of the ACM SIGCOMM 2001, San Diego, 2001. 161-172
[13] Rowstron, A., Druschel, P.. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems, in: Proceedings of the IFIP/ ACM International Conference on Distributed Systems Platforms, Berlin, 2001. 329-350
[14] Zhao, B.Y., Kubiatowicz, J.D., Joseph, A.D.. Tapestry: An infrastructure for fault-tolerant wide-area location and routing. University of California, Berkeley: Technical Report UCB/CSD20121141, 2000
[15] Plaxton, C.G., Rajaraman, R., Richa, A. W.. Accessing nearby copies of replicated objects in a distributed environment. Theory of Computing Systems, 1999, 32(3): 241-280
[16] 夏春和,石昀平,李肖坚.基于应用识别的P2P蠕虫检测.北京航空航天大学学报,2006,32(8):998-1002
[17] Xia, C., Shi, Y., Li, X. et al. P2P worm detection based on application identification. Frontiers of Computer Science in China, 2007, 1 (1): 114-122
[18] 高长喜,章甫源,辛阳等.P2P网络中蠕虫传播与防治模型的研究.北京邮电大学学报,2006,29(Sup.):49-53
[19] 姜启源,谢金星,叶俊.数学建模.第3版.北京:高等教育出版社,2003.12-15,135-144,184-190
[20] 谢承灏,董健全.P2P文件共享系统中的恶意代码防治策略.计算机工程与应用,2006,(24):152-156
[21] Mark, Jelasity, Maarten, Van Steen. Large-scale newscast computing on the internet. Technical report, Department of. Computer Science, Vrije Universiteit, Amsterdam, Netherlands, 2002
[22] 丁强,徐恪,崔勇等.一种基于d分算法的新型P2P蠕虫防御系统--PPAntiWorm
[23] Ding, Qiang, Xu, Ke, Liu, Hui-shan. Construct Optimal Diameter Network and d-partition Routing Algorithm. in: ISPA Workshops 2005, LNCS 3759, 2005. 74-81.
[24] 徐恪,丁强,崔勇.P2P蠕虫防御系统.中国专利,发明专利申请公开说明书,200510012126.1.2005
[25] 董健全,谢承灏,李超.P2P文件共享系统中恶意代码防治的激励机制.计算机工程与应用,2006,(34):122-126
[26] 罗兴睿,姚羽,高福祥.基于纯P2P原理的蠕虫传播模型的研究.通信学报,2006.27(11A):53-58
[27] Yao, Yu, Luo, Xingrui, Gao, Fuxiang et al. A Potential Approach of Internet Worm Propagation Based on P2P. WUHAN UNIVERSITY JOURNAL OF NATURAL SCIENCES, 2006, 11 (6): 1711-1714
[28] Li, M.Y., Graef, J.R., Wang, L.C. et al. Global dynamics of an SEIR model with a varying total population size. Math. Biosci. v160:119-213
[29] Li, M., Muldowney, J.. Global Stability for the SEIR Model in Epidemiology. Mathematical Biosciences, 1995, 125(2): 155-164
[30] Schwartz, I., Smith, H.. Infinite Subharmonic Bifurcation in an SEIR Epidemic Model. Journal of Mathematical Biology, 1983, 18(3): 233-253
[31] Mudhakar, Srivatsa, Ling, Liu. Vulnerabilities and Security Threats in Structured Overlay. in: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), 2004. 252-261
[32] Kwon, Hyeokchan, Koh, Sunkee, Nah, Jaehoon et al. The Secure Routing Mechanism for DHT-based Overlay Network, in: Proceedings of 10th International Conference on Advanced Communication Technology, 2008. 1300-1303
[33] Huang, Qingfeng, Li, Zhitang, Zhang, Yejiang et al. A Modified Non-sieving Quadratic Sieve for Factoring Simple Blur Integers. in:Kim, Seok-soo, Park, Jong Hyuk, Pissinou, Niki et al. Proceedings of 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE 2007). Piscataway, United States:IEEE Computer Society, 2007. 729-732
[34] Huang, Qingfeng, Li, Zhitang, Lin, Huaiqing et al. A Modified CCC for More Efficient Keyword Search in DHT-Based Peer-to-Peer Network. in: O'Conner, Lisa.Proceedings of 2007 International Conference on Semantics, Knowledge and Grid(SKG 2007). Los Alamitos, United States: IEEE Computer Society, 2007. 462-466
[35] GRizzard, J., Sharma, V., Nunnery, C. et al. Peer-to-Peer Botnets: Overview and Case Study. in: Hotbots '07 conference, 2007. 175-183
[36] Ballard, Josh. An eye on the Storm: Inside the Storm Epidemic.http://www.scribd.com/ doc/2674623/An-Eye-on-the-Storm, 2008
[37] Porras, P., Saidi, H., Yegneswaran, Y.. A Multi-perspective Analysis of the Storm(Peacomm) Worm. http://www.cyber-ta.org/pubs, 2008
[38] Holz, T., Steiner, M., Dahl, F. et al. Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm. in: Proceedings of LEET'08 conference, 2008. 58-65
[39] Gu, Guofei, Perdisci, Roberto, Zhang, Junjie et al. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. in:Proceedings of the 17th USENIX Security Symposium (Security'08), San Jose, CA,2008. 1-16
[40] Schoff, R., Koning, R.. Detecting peer-to-peer botnets. http://staff.science.uva.n1/~delaat/sne-2006-2007/p17/report.pdf, 2007
[41]Sen, S., Wang, J.. Analyzing peer-to-peer traffic across large networks. in:Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment,Marseille, France, 2002. 137-150
[42]Madhukar, A., Williamson, C. A Longitudinal Study of P2P Traffic Classification.in: Proceedings of the 14th IEEE International Symposium on Modeling, Analysis,and Simulation, 2006. 179-188
[43]Sen, S., Spatscheck, O., Wang, D.. Accurate, scalable in-network identification of p2p traffic using application signatures. in: Proceedings of the 13th international conference on World Wide Web, New York, NY, USA, 2004. 512-521
[44]Karagiannis, T., Broido, A., Faloutsos, M. et al. Transport layer identification of P2P traffic. in: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, Taormina, Sicily, Italy, 2004.362-371
[45]Constantinou, F., Mavrommatis, P.. Identifying Known and Unknown Peer-to-Peer Traffic. in: Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications, 2006. 251-258
[46]Xu, P., Liu, Q., Lin, S.. An Improved Transport Layer Identification of Peer-to-Peer Traffic. Journal of Computer Research and Development, 2008, 45(5):794-802
[47]Li, Zhitang, Wang, Weidong, Zhang, Yejiang et al. Source Authentication of Media Streaming Based on Chains of Iso-hash Clusters. in: Yang, Laurence T., Jin, Hai,Ma, Jianhua et al. Proceedings of 2006 International Conference on Autonomic and Trusted Computing (ATC 2006). Heidelberg, Germany: Springer-Verlag Berlin,2006. 398-407
[48]Wang, Weidong, Li, Zhitang, Lu, Chuiwei et al. An Efficient Multicast Source Authentication Protocol. Wuhan University Journal of Natural Sciences, 2006, 11(6) :1831-1834
[49] 张冶江,李之棠,陆垂伟等.P2P蠕虫的分析与对策.华中科技大学学报(自然科学版),2007,35(Sup.Ⅰ):228-231
[50] Zhang, Yejiang, Li, Zhitang, Hu, Zhengbing et al. A P2P E-commerce Related Network Security Issue: P2P Worm. in: Yu, Fei, Luo, Qi, Chen, Yongjun et al. Proceedings of 2008 International Symposium on Electronic Commerce and Security (ISECS 2008). Los Alamitos, United States: IEEE Computer Society, 2008. 114-117
[51] Zhang, Yejiang, Li, Zhitang, Hu, Zhengbing et al. Evolutionary Proactive P2P Worm: Propagation Modeling and Simulation. in: Du, Youfu, Zhao, Ming. Proceedings of 2008 International Conference on Genetic and Evolutionary Computing (WGEC 2008). Los Alamitos, United States: IEEE Computer Society, 2008.261-264
[52] Li, Zhitang, Zhang, Yejiang, Hu, Zhengbing et al. Network-based Detection Method against Proactive P2P Worms Leveraging Application-level Knowledge. in: Hu, Zhengbing, Liu, Qingtang. Proceedings of 2009 International Workshop on Education Technonlogy and Computer Science (ETCS 2009) Volume Ⅲ. Los Alamitos, United States: IEEE Computer Society, 2009. 575-579
[53] Li, Zhitang, Zhang, Yejiang, Hu, Zhengbing et al. Containing Proactive P2P Worm based on its Multicast Characteristic. in: Hu, Zhengbing, Li, Weiming. Proceedings of 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing (NSWCTC 2009) Volume 1. Los Alamitos, United States: IEEE Computer Society, 2009. 762-765
[54] Yu, Hao, Li, Zhitang, Liu, Bin et al. An Efficient Worm Defense System Based Signature Extraction. in: Brooks, R.R., Phoha, V.V., Rao, N.S.V. et al. Proceedings of 2008 International Symposium on Computer and Sensor Networks and Systems (ISCSNS 2008). Salt Lake City, United States: Aardvark Global Publ, Llc, 2008.364-370
[55] Altman, J.E.. PKI Security for JXTA overlay networks. Sun Microsystem Palo Alto TR-I2-03-06, 2003
[56] Khambatti, M., Dasgupta, P., Ryu, K.D.. A role-based trust model for peer-to-peer communities and dynamic coalitions, in: Proceedings of the Second IEEE International Information Assurance Workshop, Charlotte, North Carolina, 2004.141-154
[57] Resnick, P., Zeckhauser, R.. Trust among Strangers in Internet Transactions: Empirical Analysis of eBay's Reputation System. Advances in Applied Microeconomics, 2002, (11): 127-157
[58] Kamvar, S.D., Schlosser, M.T., Hector, Garcia-Molina. EigenRep: Reputation management in P2P networks, in: Proceedings of the 12th international conference on World Wide Web. 2003. 123-134
[59] 窦文,王怀民,贾焰等.构造基于推荐的Peer-to-Peer环境下的Trust模型.软件学报,2004,15(4):571-583
[60] 张骞,张霞,文学志等.Peer-to-Peer环境下多粒度Trust模型构造.软件学报,2006,17(1):96-107
[61] Xiong, L., Liu, L.. PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities. in: IEEE transactions on Knowledge and Data Engineering. 2004, (16): 843-857
[62] Josang, A., Tran, N.. Simulating the Effect of Reputation Systems on E-Markets. in: Proceedings of the First International Conference on Trust Management, Kalimera Kriti, 2003. 179-194
[63] Wang, Y., Vassileva, J.. Bayesian Network-Based Trust Model. in: Proceedings of IEEE/WIC International Conference on Web Intelligence, Halifax, Canada, 2003. 372-378
[64] Song, W.H., Phoha, V.V.. Neural network-based reputation model in a distributed system, in: proceedings of IEEE 2004 CEC, Beijing, China, 2004. 321-324
[65] Hou, M.S., Lu, X.L., Zhou, X. et al. A trust model of p2p system based on confirmation theory. Operating Systems Review, 2005, (39): 56-62
[66] Li, Zhitang, Lin, Huaiqing, Lu, Chuiwei et al. Managing Data for Evaluating Trust in unstructured Peer-to-Peer Networks. in:Wu, Song, Yang, Laurence T., Xu, Tony Li. Proceedings of 2008 International Conference on Grid and Pervasive Computing (GPC 2008). Heidelberg, Germany: Springer-Verlag Berlin, 2008. 308-318
[67] Lin, Huaiqing, Li, Zhitang, Zhang, Yejiang et al. Hierarchical Fuzzy Trust management for Customer-To-Customer in peer-to-peer eCommerce, in:Yu, Fei, Chen, Wen, Chen, Zhigang et al. Proceedings of 2008 International Symposium on Computer Science and Computational Technology (ISCSCT 2008) Volume 2. Los Alamitos, United States: IEEE Computer Society, 2008.175-179
[68] Lin, Huaiqing, Li, Zhitang, Zhang, Yejiang et al. CL-PKC-Based Security for Trust Data Sharing in Hybrid P2P Network. in: Hu, Zhengbing, Li, Weiming. Proceedings of 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing (NSWCTC 2009) Volume 1. Los Alamitos, United States: IEEE Computer Society, 2009. 108-111
[69] Yu, W., Chellappan, S., Wang, X. et al. On Defending Peer-to-Peer System-based Active Worm Attacks. in: GLOBECOM '05. IEEE Global Telecommunications Conference. Piscataway: IEEE Press, 2006. 1757-1761
[70] Kienzle, D.M., Elder, M.C.. Recent worms: A survey and trends, in: Proceedings of the 2003 ACM Workshop on Rapid Malcode. New York: ACM Press, 2003.1-10
[71] 卿斯汉,王超,何建波等.即时通信蠕虫研究与发展.软件学报,2006,17(10):2118-2130
[72] Mannan, M., Van Oorschot, P.C.. On instant messaging worms, analysis and countermeasures, in: Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2005). Fairfax, 2005. 120-130
[73] 史明江,李翔,汪小帆.基于复杂网络理论的即时通讯病毒研究.计算机工程与应用,2006,(11):110-115
[74] Kalafut, Andrew, Acharya, Abhinav, Gupta, Minaxi. A Study of Malware in Peer-to-Peer Networks. in: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, 2006. 275-286
[75] Chen, Zesheng, Gao, Lixin, Kwiat, Kevin. Modeling the Spread of Active Worms. IEEE, 2003. 320-328
[76] Zou, C., Gong, W., Towsley, D.. Code Red Worm Propagation Modeling and Analysis. in: Proc of ACM Conference on Computer and Communications Security. Washington D C: ACM Press, 2002. 138-147
[77] Provos, N.. A Virtual Honeypot Framework. in: Proceedings of the 13th USENIX Security Symposium, San Diego, CA, Aug. 2004. 175-180
[78] Singer, M.. Benjamin worm plagues KaZaA. http://www.internetnews.com, May 2002
[79] Shin, Seungwon, Jung, Jaeyeon, Balakrishnan, Hari. Malware prevalence in the KaZaA file-sharing network, in: Internet Measurement Conference 2006. 333-338
[80] Saroiu, S., Gummadi, K.P., Gribble, S.D.. Measuring and analyzing the characteristics of Napster and Gnutella hosts. Multimedia Systems, 2003, 9(2): 35-43
[81] Weaver, N, Paxson, V., Staniford, S. et al. A taxonomy of computer worms, in: Proceedings of the 2003 ACM Workshop on Rapid Malcode. New York: ACM Press, 2003.11-18
[82] Moore, D., Shannon, C., Voelker, G.M. et al. Network telescopes: Technical report. Technical report, Cooperative Association for Internet Data Analysis (CAIDA), July 2004
[83] Gray, R.S., Berk, V.. Rapid detection of worms using ICMP-T3 analysis, in: Proceedings of the SPIE 2004 Symposium on Defense and Security (formerly AeroSense), Orlando, Florida, 2004.270-278
[84] Zou, C.C., Gao, L., Gong, W. et al. Monitoring and early warning for internet worms, in: Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC, 2003.129-138
[85] Jung, J., Paxson, V., Berger, A.W. et al. Fast Portscan Detection Using Sequential Hypothesis Testing. in: Proceedings of the 2004 IEEE Symposium on Security and Privacy, Berkeley, CA, May 2004. 128-136
[86] Kim, G.H., Spafford, E.H.. The design and implementation of tripwire: a file system integrity checker, in: Proceedings of the 2nd ACM Conference on Computer and Communications Security, Fairfax, VA, 1994.235-248
[87] Zou, C.C., Towsley, D., Gong, W. On the performance of Internet worm scanning strategies. Performance Evaluation, 2006, 63(7): 700-723
[88] 文伟平,卿斯汉,蒋建春等.网络蠕虫研究与进展.软件学报,2004,15(8):1208-1219
[89] Ma, Jie, Chen, Xinmeng, Xiang, Guangli. Modeling passive worm propagation in peer-to-peer system, in: 2006 International Conference on Computational Intelligence and Security, 2006. 1129-1132
[90] Yhommes, R.W., Coates, M.J.. Modeling virus propagation in peer-to-peer networks, in: Proc of IEEE Int Conf on Information, Comm. and Signal Proc. Bangkok, 2005.981-985
[91] Thommes, R.W., Coates, M.J.. Epidemiological modeling of peer-to-peer viruses and pollution, in: Proc. IEEE Infocom, Barcelona, Spain, 2006.53-65
[92] Ramachandran, K., Sikdar, B.. Modeling malware propagation in Gnutella type peer-to-peer networks, in: 20th International Parallel and Distributed Processing Symposium, 2006. IPDPS 2006.75-81
[93] Collins, M., Gates, C.. A Model for Opportunistic Network Exploits: The Case of P2P Worms. in: Workshop on Economics of Information Security, Cambridge, UK, 2006. 257-263
[94] Malan, D.J., Smith, M.D.. Host-based detection of worms through peer-to-peer cooperation. in: Proceedings of the 2005 ACM Workshop on Rapid Malcode. New York: ACM Press, 2005. 72-80
[95] Singh, S., Estan, C, Varghese, G. et al. The EarlyBird system for real-time detection of unknown worms. Technical Report S2003-0761, CSE Department,UCSD, 2003
[96] Singh, S., Estan, C, Varghese, G. et al. Automated worm ingerprinting. in:Proceedings of OSDI'04, 2004. 45-60
[97] Wu, Kai-Gui, Feng, Yong. Proactive Worm Prevention Based On P2P Networks.International Journal of Computer Science and Network Security. 6(3): 205-210
[98] Lee, Wongoo, Kim, Sijung, Kim, Bonghan. Response against Hacking and Malicious Code in: P2P. ICCSA(5) 2006: 851-857
[99] Shakkottai, S., Srikant, R.. Peer to Peer Networks for Defense Against Internet Worms. in: the Workshop on Interdisciplinary Systems Approach in Performance Evaluation and Design of Computer & Communications Systems (Inter-Perf 2006),Pisa, Italy, 2006. 360-368
[100] Freitas, Filipe, Rodrigues, Rodrigo, Ribeiro, Carlos et al. Verme: Worm Containment in Peer-to-Peer Overlays. ITPTS 2007. 63-75
[101] Voulgaris, S., Van Steen, M.. An Epidemic Protocol for Managing Routing Tables in very large Peer-to-Peer Networks. in: Proc. 14th IFIP/IEEE Workshop on Distributed Systems: Operations and Management (DSOM 2003), Heidelberg,Germany, 2003. 170-181
[102] Sourdis, I., Pnevmatikatos, D.. Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching. in: Proc of 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines. Napa: IEEE Press, 2004. 258-267
[103] Shankar, U., Paxson, V. Active Mapping: Resisting NIDS Evasion without Altering Traffic. in: Proc of IEEE Sympon Security and Privacy . Berkeley: IEEE Press, 2003. 44-61
[104] Boguna, M., Pastor-Satorras, R., Vespignani, A.. Epidemic spreading in complex networks with degree correlations. Lecture Notes in Physics: Statistical Mechanics of Complex Networks, 2003. 307-318
[105] Moreno, Y., Satorras, R.P., Vespignani, A.. Epidemic outbreaks in complex heterogeneous networks. Eur. Phys. J. B, 2002, vol. 26: 120-135
[106] Pastor-Satorras, R., Vespignani, A.. Epidemic spreading in scale-free networks.Phys. Rev. Letters, 2001, vol. 86: 33-50
[107] CERT, CERT/CC advisories. http://www.cert.org/advisories/, 2008
[108] Kesidis, G, Hamadeh, I., Jiwasurat. Coupled kermackmckendrick models for randomly scanning and bandwidth-saturating internet worms. in: Proceedings of 3rd International Workshop on QoS in Multiservice IP Networks (QoS-IP,February 2005. 101-109
[109] Moreno, Y., Gomez, J., Pacheco, A.F.. Epidemic incidence in correlated complex networks. Phys. Rev. E., 2003, vol. 68: 120-135
[110] Ripeanu, M., Foster, I.. Mapping the gnutella network: macroscopic properties of large-scale peer-to-peer systems. in: Proceedings of 1st International Workshop on Peer-to-Peer Systems (IPTPS), Cambridge, MA, 2002. 70-78
[111] Adamic, L.A., Lukose, R.M., Puniyani, A.R. et al. Search in power-law networks,Physical Review E 2001, (64): 135-150
[112] Jovanovic, M., Annexstein, F., Berman, K... Modeling peer-to-peer network topologies through "small-world" models and power laws. in: Proceedings of the Ⅸ.Telecommunications Forum (TELFOR 2001). Belgrade, 2001. 99-108
[113] Silvey, P., Hurwitz, L.. Adapting peer-to-peer topologies to improve system performance. in: Proceedings of the Hawaii International Conference on System Sciences, Hawaii, 2004: 192-200
[114]Bu, T., Towsley, D.. On distingishing between Internet power law topology generators. Proceedings of the IEEE INFOCOM 2002, IEEE Press, New York,2002. 638-647
[115]Newman, M, Jensen, I., Ziff, R.. Percolation and epidemics in a two-dimensional small world. Phys. Rev. E., 2002, (65): 122-138
[116]Mydoom. http://www.f-secure.com/tools, 2008
[117]Leyden, J.. Worm Spreads through KaZaA Network.http://www.theregister.co.uk/2002/08/22/worm_spreads_through_kazaa_network,2002
[118]McGill. Introduction to P2P Security.http://www.mcgill.ca/ncs/products/security/p2p/, 2008
[119]Kephart, J., White, S.. Directed-graph epidemiological models of computer viruses.in: Proceedings of IEEE Symposium on Security and Privacy, 1991. 343-359
[120]Moore, D., Shannon, C, Voelker, G.M. et al. Internet quarantine: Requirements for containing self-propagating code. in: Proceedings of the IEEE INFOCOM, 2003.318-328
[121]Wang, C, Knight, J.C., Elder, M.C.. On viral propagation and the effect of immunization. in: Proceedings of 16th ACM Annual Computer Applications Conference, 2000. 170-190
[122]Veeraraghavan, M.. How long to run simulations - confidence intervals.http://www.ece.virginia.edu/ mv/edu/prob/stat/how-to-simulate.doc, 2008
[123]Watts, D., Strogatz, S.. Collective dynamic of small-world networks. Nature, 1998,vol. 393: 440-442
[124]Albert, R., Jeong, H., Barabasi, A.. Error and attack tolerance of complex networks.Nature, 2000, vol. 406. 378-382
[125]Page, E.S.. Continuous inspection schemes. Biometrika, 1954,41-50
[126]Brodsky, B.E., Darkhovsky, B.S.. Nonparametric Methods in Change Point Problems. Kluwer Academic Publishers, 1993. 120-150
[127] Wang, H., Zhang, D., Shin, K.G.. Detecting SYN flooding attacks. in: Proceedings of IEEE INFOCOM'02, 2002. 217-228
[128] PeerSim P2P Simulator. http://peersim.sourceforge.net/, 2008
[129] Guralnik, V., Srivastava, J.. Event detection from time series data. in: Proceedings of the Fifth ACM International Conference on Knowledge Discovery and Data Mining, 1999. 33-42
[130] Newman, M., Strogatz, S., Watts, D.. Random graphs with arbitrary degree distributions and their applications. Phys. Rev. E., 2001, vol. 64: 75-90
[131] Karypis, G., Kumar, V.. A fast and high quality multilevel scheme for partitioning irregular graphs. In SIAM Journal on Scientific Computing, 1998: 99-109
[132] Anthony,B.,Blelloch,G.http://www.cs.cmu.edu/afs/cs/project/pscicoguyb/realworld, 2008
[133] Kernighan, B., Lin, S.. An efficient heuristic procedure for partitioning graghs. In Bell Systems Technical Journal, 1970:120-130
[134] Guha, S., Khuller, S.. Approximation algorithm for connected dominating sets. In Algorithmica, 1998. 151-168
[135] Garey, M., Johnson, D.. Computers and intractability: A guide to the theory of np-completeness. Freeman, New York, 1979. 179-200
[136] Kutten, S., Peleg, D.. Fast distributed construction of k-dominating sets and applications. in: PODC'95, 1995. 105-114
[137] Chen, Y., Liestman, A.. Approximating minimum size weakly-connected dominating sets for clustering mobile ad hoc networks, in: ACM MOBIHOC'02,2002. 76-90
[138] Ripeanu, M., Foster, I., A. Iamnitchi. Mapping the gnutella network: Properties of large-scale peer-to-peer systems and implications for system design. in: IEEE Internet Computing Journal, 2002: 39-50
[139] Stutzbach, D., Rejaie, R., Sen, S.. Characterizing unstructured overlay topologies in modern p2p file-sharing systems. in: Proceedings of Internet Measurement Conference, 2005. 201-208
[2]Zeitoun, A., Jamin, S.. Rapid Exploration of Internet Live Address Space Using Optimal Discovery Path. in: Proceedings of IEEE Globlecom, 2003. 2885-2890
[3]Staniford, S, Paxson, V, Weaver, N.. How to Own the Internet in Your Spare Time.in: Proc. of the 11th USENIX Security Symposium. San Francisco, CA, Aug. 2002.149-167
[4]Khiat, Nassima, Carlinet, Yannick, Agoulmine, Nazim. The Emerging Threat of Peer-to-Peer Worms. in: MonAM 2006 Workshop. Tuebingen, Germany, 2006.174-175
[5]Kannan, J., Lakshminarayanan, K.. Implications of Peer-to-Peer networks on worm attacks and defenses. California: CS294-4 Project, 2003
[6]Zhou, L., Zhang, L., McSherry, F. et al. A First Look at Peer-to-Peer Worms:Threats and Defenses in: Peer-to-Peer Systems IV. 4th International Workshop,IPTPS 2005. Revised Selected Papers. Berlin: Springer-Verlag, 2005. 24-35
[7]Costa, M., Crowcroft, J., Castro, M. et al. Vigilante: end-to-end containment of internet worms. in: Proc. ACM Symp. Operating Systems Principles (SOSP 05),ACM Press, Dec. 2005. 133-147
[8]Yu, Wei. Analyze the worm-based attack in large scale P2P networks. in: Proc of Eighth IEEE International Symposium on High Assurance Systems Engineering(HASE'04). Florida, 2004. 308-309
[9]Chen. G, Gray, R.S.. Simulating non-Scanning worms on peer-to-peer networks. in:Proc. ACM Conf. Scalable Information Systems (INFOSCALE 06), ACM Press, May. 2006.29-41
[10] 夏春和,石昀平,李肖坚.结构化对等网中的P2P蠕虫传播模型研究.计算机学报,2006,29(6):952-959
[11] Stoica, I., Morris, R., Karger, D. et al. Chord: A scalable peer-to-peer lookup service for internet applications, in: Proceedings of the ACM SIGCOMM 2001, San Diego, 2001. 149-160
[12] Ratnasamy, S., Francis, P., Handley, M. et al. A scalable content-addressable network, in: Proceedings of the ACM SIGCOMM 2001, San Diego, 2001. 161-172
[13] Rowstron, A., Druschel, P.. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems, in: Proceedings of the IFIP/ ACM International Conference on Distributed Systems Platforms, Berlin, 2001. 329-350
[14] Zhao, B.Y., Kubiatowicz, J.D., Joseph, A.D.. Tapestry: An infrastructure for fault-tolerant wide-area location and routing. University of California, Berkeley: Technical Report UCB/CSD20121141, 2000
[15] Plaxton, C.G., Rajaraman, R., Richa, A. W.. Accessing nearby copies of replicated objects in a distributed environment. Theory of Computing Systems, 1999, 32(3): 241-280
[16] 夏春和,石昀平,李肖坚.基于应用识别的P2P蠕虫检测.北京航空航天大学学报,2006,32(8):998-1002
[17] Xia, C., Shi, Y., Li, X. et al. P2P worm detection based on application identification. Frontiers of Computer Science in China, 2007, 1 (1): 114-122
[18] 高长喜,章甫源,辛阳等.P2P网络中蠕虫传播与防治模型的研究.北京邮电大学学报,2006,29(Sup.):49-53
[19] 姜启源,谢金星,叶俊.数学建模.第3版.北京:高等教育出版社,2003.12-15,135-144,184-190
[20] 谢承灏,董健全.P2P文件共享系统中的恶意代码防治策略.计算机工程与应用,2006,(24):152-156
[21] Mark, Jelasity, Maarten, Van Steen. Large-scale newscast computing on the internet. Technical report, Department of. Computer Science, Vrije Universiteit, Amsterdam, Netherlands, 2002
[22] 丁强,徐恪,崔勇等.一种基于d分算法的新型P2P蠕虫防御系统--PPAntiWorm
[23] Ding, Qiang, Xu, Ke, Liu, Hui-shan. Construct Optimal Diameter Network and d-partition Routing Algorithm. in: ISPA Workshops 2005, LNCS 3759, 2005. 74-81.
[24] 徐恪,丁强,崔勇.P2P蠕虫防御系统.中国专利,发明专利申请公开说明书,200510012126.1.2005
[25] 董健全,谢承灏,李超.P2P文件共享系统中恶意代码防治的激励机制.计算机工程与应用,2006,(34):122-126
[26] 罗兴睿,姚羽,高福祥.基于纯P2P原理的蠕虫传播模型的研究.通信学报,2006.27(11A):53-58
[27] Yao, Yu, Luo, Xingrui, Gao, Fuxiang et al. A Potential Approach of Internet Worm Propagation Based on P2P. WUHAN UNIVERSITY JOURNAL OF NATURAL SCIENCES, 2006, 11 (6): 1711-1714
[28] Li, M.Y., Graef, J.R., Wang, L.C. et al. Global dynamics of an SEIR model with a varying total population size. Math. Biosci. v160:119-213
[29] Li, M., Muldowney, J.. Global Stability for the SEIR Model in Epidemiology. Mathematical Biosciences, 1995, 125(2): 155-164
[30] Schwartz, I., Smith, H.. Infinite Subharmonic Bifurcation in an SEIR Epidemic Model. Journal of Mathematical Biology, 1983, 18(3): 233-253
[31] Mudhakar, Srivatsa, Ling, Liu. Vulnerabilities and Security Threats in Structured Overlay. in: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), 2004. 252-261
[32] Kwon, Hyeokchan, Koh, Sunkee, Nah, Jaehoon et al. The Secure Routing Mechanism for DHT-based Overlay Network, in: Proceedings of 10th International Conference on Advanced Communication Technology, 2008. 1300-1303
[33] Huang, Qingfeng, Li, Zhitang, Zhang, Yejiang et al. A Modified Non-sieving Quadratic Sieve for Factoring Simple Blur Integers. in:Kim, Seok-soo, Park, Jong Hyuk, Pissinou, Niki et al. Proceedings of 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE 2007). Piscataway, United States:IEEE Computer Society, 2007. 729-732
[34] Huang, Qingfeng, Li, Zhitang, Lin, Huaiqing et al. A Modified CCC for More Efficient Keyword Search in DHT-Based Peer-to-Peer Network. in: O'Conner, Lisa.Proceedings of 2007 International Conference on Semantics, Knowledge and Grid(SKG 2007). Los Alamitos, United States: IEEE Computer Society, 2007. 462-466
[35] GRizzard, J., Sharma, V., Nunnery, C. et al. Peer-to-Peer Botnets: Overview and Case Study. in: Hotbots '07 conference, 2007. 175-183
[36] Ballard, Josh. An eye on the Storm: Inside the Storm Epidemic.http://www.scribd.com/ doc/2674623/An-Eye-on-the-Storm, 2008
[37] Porras, P., Saidi, H., Yegneswaran, Y.. A Multi-perspective Analysis of the Storm(Peacomm) Worm. http://www.cyber-ta.org/pubs, 2008
[38] Holz, T., Steiner, M., Dahl, F. et al. Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm. in: Proceedings of LEET'08 conference, 2008. 58-65
[39] Gu, Guofei, Perdisci, Roberto, Zhang, Junjie et al. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. in:Proceedings of the 17th USENIX Security Symposium (Security'08), San Jose, CA,2008. 1-16
[40] Schoff, R., Koning, R.. Detecting peer-to-peer botnets. http://staff.science.uva.n1/~delaat/sne-2006-2007/p17/report.pdf, 2007
[41]Sen, S., Wang, J.. Analyzing peer-to-peer traffic across large networks. in:Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment,Marseille, France, 2002. 137-150
[42]Madhukar, A., Williamson, C. A Longitudinal Study of P2P Traffic Classification.in: Proceedings of the 14th IEEE International Symposium on Modeling, Analysis,and Simulation, 2006. 179-188
[43]Sen, S., Spatscheck, O., Wang, D.. Accurate, scalable in-network identification of p2p traffic using application signatures. in: Proceedings of the 13th international conference on World Wide Web, New York, NY, USA, 2004. 512-521
[44]Karagiannis, T., Broido, A., Faloutsos, M. et al. Transport layer identification of P2P traffic. in: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, Taormina, Sicily, Italy, 2004.362-371
[45]Constantinou, F., Mavrommatis, P.. Identifying Known and Unknown Peer-to-Peer Traffic. in: Proceedings of the Fifth IEEE International Symposium on Network Computing and Applications, 2006. 251-258
[46]Xu, P., Liu, Q., Lin, S.. An Improved Transport Layer Identification of Peer-to-Peer Traffic. Journal of Computer Research and Development, 2008, 45(5):794-802
[47]Li, Zhitang, Wang, Weidong, Zhang, Yejiang et al. Source Authentication of Media Streaming Based on Chains of Iso-hash Clusters. in: Yang, Laurence T., Jin, Hai,Ma, Jianhua et al. Proceedings of 2006 International Conference on Autonomic and Trusted Computing (ATC 2006). Heidelberg, Germany: Springer-Verlag Berlin,2006. 398-407
[48]Wang, Weidong, Li, Zhitang, Lu, Chuiwei et al. An Efficient Multicast Source Authentication Protocol. Wuhan University Journal of Natural Sciences, 2006, 11(6) :1831-1834
[49] 张冶江,李之棠,陆垂伟等.P2P蠕虫的分析与对策.华中科技大学学报(自然科学版),2007,35(Sup.Ⅰ):228-231
[50] Zhang, Yejiang, Li, Zhitang, Hu, Zhengbing et al. A P2P E-commerce Related Network Security Issue: P2P Worm. in: Yu, Fei, Luo, Qi, Chen, Yongjun et al. Proceedings of 2008 International Symposium on Electronic Commerce and Security (ISECS 2008). Los Alamitos, United States: IEEE Computer Society, 2008. 114-117
[51] Zhang, Yejiang, Li, Zhitang, Hu, Zhengbing et al. Evolutionary Proactive P2P Worm: Propagation Modeling and Simulation. in: Du, Youfu, Zhao, Ming. Proceedings of 2008 International Conference on Genetic and Evolutionary Computing (WGEC 2008). Los Alamitos, United States: IEEE Computer Society, 2008.261-264
[52] Li, Zhitang, Zhang, Yejiang, Hu, Zhengbing et al. Network-based Detection Method against Proactive P2P Worms Leveraging Application-level Knowledge. in: Hu, Zhengbing, Liu, Qingtang. Proceedings of 2009 International Workshop on Education Technonlogy and Computer Science (ETCS 2009) Volume Ⅲ. Los Alamitos, United States: IEEE Computer Society, 2009. 575-579
[53] Li, Zhitang, Zhang, Yejiang, Hu, Zhengbing et al. Containing Proactive P2P Worm based on its Multicast Characteristic. in: Hu, Zhengbing, Li, Weiming. Proceedings of 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing (NSWCTC 2009) Volume 1. Los Alamitos, United States: IEEE Computer Society, 2009. 762-765
[54] Yu, Hao, Li, Zhitang, Liu, Bin et al. An Efficient Worm Defense System Based Signature Extraction. in: Brooks, R.R., Phoha, V.V., Rao, N.S.V. et al. Proceedings of 2008 International Symposium on Computer and Sensor Networks and Systems (ISCSNS 2008). Salt Lake City, United States: Aardvark Global Publ, Llc, 2008.364-370
[55] Altman, J.E.. PKI Security for JXTA overlay networks. Sun Microsystem Palo Alto TR-I2-03-06, 2003
[56] Khambatti, M., Dasgupta, P., Ryu, K.D.. A role-based trust model for peer-to-peer communities and dynamic coalitions, in: Proceedings of the Second IEEE International Information Assurance Workshop, Charlotte, North Carolina, 2004.141-154
[57] Resnick, P., Zeckhauser, R.. Trust among Strangers in Internet Transactions: Empirical Analysis of eBay's Reputation System. Advances in Applied Microeconomics, 2002, (11): 127-157
[58] Kamvar, S.D., Schlosser, M.T., Hector, Garcia-Molina. EigenRep: Reputation management in P2P networks, in: Proceedings of the 12th international conference on World Wide Web. 2003. 123-134
[59] 窦文,王怀民,贾焰等.构造基于推荐的Peer-to-Peer环境下的Trust模型.软件学报,2004,15(4):571-583
[60] 张骞,张霞,文学志等.Peer-to-Peer环境下多粒度Trust模型构造.软件学报,2006,17(1):96-107
[61] Xiong, L., Liu, L.. PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities. in: IEEE transactions on Knowledge and Data Engineering. 2004, (16): 843-857
[62] Josang, A., Tran, N.. Simulating the Effect of Reputation Systems on E-Markets. in: Proceedings of the First International Conference on Trust Management, Kalimera Kriti, 2003. 179-194
[63] Wang, Y., Vassileva, J.. Bayesian Network-Based Trust Model. in: Proceedings of IEEE/WIC International Conference on Web Intelligence, Halifax, Canada, 2003. 372-378
[64] Song, W.H., Phoha, V.V.. Neural network-based reputation model in a distributed system, in: proceedings of IEEE 2004 CEC, Beijing, China, 2004. 321-324
[65] Hou, M.S., Lu, X.L., Zhou, X. et al. A trust model of p2p system based on confirmation theory. Operating Systems Review, 2005, (39): 56-62
[66] Li, Zhitang, Lin, Huaiqing, Lu, Chuiwei et al. Managing Data for Evaluating Trust in unstructured Peer-to-Peer Networks. in:Wu, Song, Yang, Laurence T., Xu, Tony Li. Proceedings of 2008 International Conference on Grid and Pervasive Computing (GPC 2008). Heidelberg, Germany: Springer-Verlag Berlin, 2008. 308-318
[67] Lin, Huaiqing, Li, Zhitang, Zhang, Yejiang et al. Hierarchical Fuzzy Trust management for Customer-To-Customer in peer-to-peer eCommerce, in:Yu, Fei, Chen, Wen, Chen, Zhigang et al. Proceedings of 2008 International Symposium on Computer Science and Computational Technology (ISCSCT 2008) Volume 2. Los Alamitos, United States: IEEE Computer Society, 2008.175-179
[68] Lin, Huaiqing, Li, Zhitang, Zhang, Yejiang et al. CL-PKC-Based Security for Trust Data Sharing in Hybrid P2P Network. in: Hu, Zhengbing, Li, Weiming. Proceedings of 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing (NSWCTC 2009) Volume 1. Los Alamitos, United States: IEEE Computer Society, 2009. 108-111
[69] Yu, W., Chellappan, S., Wang, X. et al. On Defending Peer-to-Peer System-based Active Worm Attacks. in: GLOBECOM '05. IEEE Global Telecommunications Conference. Piscataway: IEEE Press, 2006. 1757-1761
[70] Kienzle, D.M., Elder, M.C.. Recent worms: A survey and trends, in: Proceedings of the 2003 ACM Workshop on Rapid Malcode. New York: ACM Press, 2003.1-10
[71] 卿斯汉,王超,何建波等.即时通信蠕虫研究与发展.软件学报,2006,17(10):2118-2130
[72] Mannan, M., Van Oorschot, P.C.. On instant messaging worms, analysis and countermeasures, in: Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2005). Fairfax, 2005. 120-130
[73] 史明江,李翔,汪小帆.基于复杂网络理论的即时通讯病毒研究.计算机工程与应用,2006,(11):110-115
[74] Kalafut, Andrew, Acharya, Abhinav, Gupta, Minaxi. A Study of Malware in Peer-to-Peer Networks. in: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, 2006. 275-286
[75] Chen, Zesheng, Gao, Lixin, Kwiat, Kevin. Modeling the Spread of Active Worms. IEEE, 2003. 320-328
[76] Zou, C., Gong, W., Towsley, D.. Code Red Worm Propagation Modeling and Analysis. in: Proc of ACM Conference on Computer and Communications Security. Washington D C: ACM Press, 2002. 138-147
[77] Provos, N.. A Virtual Honeypot Framework. in: Proceedings of the 13th USENIX Security Symposium, San Diego, CA, Aug. 2004. 175-180
[78] Singer, M.. Benjamin worm plagues KaZaA. http://www.internetnews.com, May 2002
[79] Shin, Seungwon, Jung, Jaeyeon, Balakrishnan, Hari. Malware prevalence in the KaZaA file-sharing network, in: Internet Measurement Conference 2006. 333-338
[80] Saroiu, S., Gummadi, K.P., Gribble, S.D.. Measuring and analyzing the characteristics of Napster and Gnutella hosts. Multimedia Systems, 2003, 9(2): 35-43
[81] Weaver, N, Paxson, V., Staniford, S. et al. A taxonomy of computer worms, in: Proceedings of the 2003 ACM Workshop on Rapid Malcode. New York: ACM Press, 2003.11-18
[82] Moore, D., Shannon, C., Voelker, G.M. et al. Network telescopes: Technical report. Technical report, Cooperative Association for Internet Data Analysis (CAIDA), July 2004
[83] Gray, R.S., Berk, V.. Rapid detection of worms using ICMP-T3 analysis, in: Proceedings of the SPIE 2004 Symposium on Defense and Security (formerly AeroSense), Orlando, Florida, 2004.270-278
[84] Zou, C.C., Gao, L., Gong, W. et al. Monitoring and early warning for internet worms, in: Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC, 2003.129-138
[85] Jung, J., Paxson, V., Berger, A.W. et al. Fast Portscan Detection Using Sequential Hypothesis Testing. in: Proceedings of the 2004 IEEE Symposium on Security and Privacy, Berkeley, CA, May 2004. 128-136
[86] Kim, G.H., Spafford, E.H.. The design and implementation of tripwire: a file system integrity checker, in: Proceedings of the 2nd ACM Conference on Computer and Communications Security, Fairfax, VA, 1994.235-248
[87] Zou, C.C., Towsley, D., Gong, W. On the performance of Internet worm scanning strategies. Performance Evaluation, 2006, 63(7): 700-723
[88] 文伟平,卿斯汉,蒋建春等.网络蠕虫研究与进展.软件学报,2004,15(8):1208-1219
[89] Ma, Jie, Chen, Xinmeng, Xiang, Guangli. Modeling passive worm propagation in peer-to-peer system, in: 2006 International Conference on Computational Intelligence and Security, 2006. 1129-1132
[90] Yhommes, R.W., Coates, M.J.. Modeling virus propagation in peer-to-peer networks, in: Proc of IEEE Int Conf on Information, Comm. and Signal Proc. Bangkok, 2005.981-985
[91] Thommes, R.W., Coates, M.J.. Epidemiological modeling of peer-to-peer viruses and pollution, in: Proc. IEEE Infocom, Barcelona, Spain, 2006.53-65
[92] Ramachandran, K., Sikdar, B.. Modeling malware propagation in Gnutella type peer-to-peer networks, in: 20th International Parallel and Distributed Processing Symposium, 2006. IPDPS 2006.75-81
[93] Collins, M., Gates, C.. A Model for Opportunistic Network Exploits: The Case of P2P Worms. in: Workshop on Economics of Information Security, Cambridge, UK, 2006. 257-263
[94] Malan, D.J., Smith, M.D.. Host-based detection of worms through peer-to-peer cooperation. in: Proceedings of the 2005 ACM Workshop on Rapid Malcode. New York: ACM Press, 2005. 72-80
[95] Singh, S., Estan, C, Varghese, G. et al. The EarlyBird system for real-time detection of unknown worms. Technical Report S2003-0761, CSE Department,UCSD, 2003
[96] Singh, S., Estan, C, Varghese, G. et al. Automated worm ingerprinting. in:Proceedings of OSDI'04, 2004. 45-60
[97] Wu, Kai-Gui, Feng, Yong. Proactive Worm Prevention Based On P2P Networks.International Journal of Computer Science and Network Security. 6(3): 205-210
[98] Lee, Wongoo, Kim, Sijung, Kim, Bonghan. Response against Hacking and Malicious Code in: P2P. ICCSA(5) 2006: 851-857
[99] Shakkottai, S., Srikant, R.. Peer to Peer Networks for Defense Against Internet Worms. in: the Workshop on Interdisciplinary Systems Approach in Performance Evaluation and Design of Computer & Communications Systems (Inter-Perf 2006),Pisa, Italy, 2006. 360-368
[100] Freitas, Filipe, Rodrigues, Rodrigo, Ribeiro, Carlos et al. Verme: Worm Containment in Peer-to-Peer Overlays. ITPTS 2007. 63-75
[101] Voulgaris, S., Van Steen, M.. An Epidemic Protocol for Managing Routing Tables in very large Peer-to-Peer Networks. in: Proc. 14th IFIP/IEEE Workshop on Distributed Systems: Operations and Management (DSOM 2003), Heidelberg,Germany, 2003. 170-181
[102] Sourdis, I., Pnevmatikatos, D.. Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching. in: Proc of 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines. Napa: IEEE Press, 2004. 258-267
[103] Shankar, U., Paxson, V. Active Mapping: Resisting NIDS Evasion without Altering Traffic. in: Proc of IEEE Sympon Security and Privacy . Berkeley: IEEE Press, 2003. 44-61
[104] Boguna, M., Pastor-Satorras, R., Vespignani, A.. Epidemic spreading in complex networks with degree correlations. Lecture Notes in Physics: Statistical Mechanics of Complex Networks, 2003. 307-318
[105] Moreno, Y., Satorras, R.P., Vespignani, A.. Epidemic outbreaks in complex heterogeneous networks. Eur. Phys. J. B, 2002, vol. 26: 120-135
[106] Pastor-Satorras, R., Vespignani, A.. Epidemic spreading in scale-free networks.Phys. Rev. Letters, 2001, vol. 86: 33-50
[107] CERT, CERT/CC advisories. http://www.cert.org/advisories/, 2008
[108] Kesidis, G, Hamadeh, I., Jiwasurat. Coupled kermackmckendrick models for randomly scanning and bandwidth-saturating internet worms. in: Proceedings of 3rd International Workshop on QoS in Multiservice IP Networks (QoS-IP,February 2005. 101-109
[109] Moreno, Y., Gomez, J., Pacheco, A.F.. Epidemic incidence in correlated complex networks. Phys. Rev. E., 2003, vol. 68: 120-135
[110] Ripeanu, M., Foster, I.. Mapping the gnutella network: macroscopic properties of large-scale peer-to-peer systems. in: Proceedings of 1st International Workshop on Peer-to-Peer Systems (IPTPS), Cambridge, MA, 2002. 70-78
[111] Adamic, L.A., Lukose, R.M., Puniyani, A.R. et al. Search in power-law networks,Physical Review E 2001, (64): 135-150
[112] Jovanovic, M., Annexstein, F., Berman, K... Modeling peer-to-peer network topologies through "small-world" models and power laws. in: Proceedings of the Ⅸ.Telecommunications Forum (TELFOR 2001). Belgrade, 2001. 99-108
[113] Silvey, P., Hurwitz, L.. Adapting peer-to-peer topologies to improve system performance. in: Proceedings of the Hawaii International Conference on System Sciences, Hawaii, 2004: 192-200
[114]Bu, T., Towsley, D.. On distingishing between Internet power law topology generators. Proceedings of the IEEE INFOCOM 2002, IEEE Press, New York,2002. 638-647
[115]Newman, M, Jensen, I., Ziff, R.. Percolation and epidemics in a two-dimensional small world. Phys. Rev. E., 2002, (65): 122-138
[116]Mydoom. http://www.f-secure.com/tools, 2008
[117]Leyden, J.. Worm Spreads through KaZaA Network.http://www.theregister.co.uk/2002/08/22/worm_spreads_through_kazaa_network,2002
[118]McGill. Introduction to P2P Security.http://www.mcgill.ca/ncs/products/security/p2p/, 2008
[119]Kephart, J., White, S.. Directed-graph epidemiological models of computer viruses.in: Proceedings of IEEE Symposium on Security and Privacy, 1991. 343-359
[120]Moore, D., Shannon, C, Voelker, G.M. et al. Internet quarantine: Requirements for containing self-propagating code. in: Proceedings of the IEEE INFOCOM, 2003.318-328
[121]Wang, C, Knight, J.C., Elder, M.C.. On viral propagation and the effect of immunization. in: Proceedings of 16th ACM Annual Computer Applications Conference, 2000. 170-190
[122]Veeraraghavan, M.. How long to run simulations - confidence intervals.http://www.ece.virginia.edu/ mv/edu/prob/stat/how-to-simulate.doc, 2008
[123]Watts, D., Strogatz, S.. Collective dynamic of small-world networks. Nature, 1998,vol. 393: 440-442
[124]Albert, R., Jeong, H., Barabasi, A.. Error and attack tolerance of complex networks.Nature, 2000, vol. 406. 378-382
[125]Page, E.S.. Continuous inspection schemes. Biometrika, 1954,41-50
[126]Brodsky, B.E., Darkhovsky, B.S.. Nonparametric Methods in Change Point Problems. Kluwer Academic Publishers, 1993. 120-150
[127] Wang, H., Zhang, D., Shin, K.G.. Detecting SYN flooding attacks. in: Proceedings of IEEE INFOCOM'02, 2002. 217-228
[128] PeerSim P2P Simulator. http://peersim.sourceforge.net/, 2008
[129] Guralnik, V., Srivastava, J.. Event detection from time series data. in: Proceedings of the Fifth ACM International Conference on Knowledge Discovery and Data Mining, 1999. 33-42
[130] Newman, M., Strogatz, S., Watts, D.. Random graphs with arbitrary degree distributions and their applications. Phys. Rev. E., 2001, vol. 64: 75-90
[131] Karypis, G., Kumar, V.. A fast and high quality multilevel scheme for partitioning irregular graphs. In SIAM Journal on Scientific Computing, 1998: 99-109
[132] Anthony,B.,Blelloch,G.http://www.cs.cmu.edu/afs/cs/project/pscicoguyb/realworld, 2008
[133] Kernighan, B., Lin, S.. An efficient heuristic procedure for partitioning graghs. In Bell Systems Technical Journal, 1970:120-130
[134] Guha, S., Khuller, S.. Approximation algorithm for connected dominating sets. In Algorithmica, 1998. 151-168
[135] Garey, M., Johnson, D.. Computers and intractability: A guide to the theory of np-completeness. Freeman, New York, 1979. 179-200
[136] Kutten, S., Peleg, D.. Fast distributed construction of k-dominating sets and applications. in: PODC'95, 1995. 105-114
[137] Chen, Y., Liestman, A.. Approximating minimum size weakly-connected dominating sets for clustering mobile ad hoc networks, in: ACM MOBIHOC'02,2002. 76-90
[138] Ripeanu, M., Foster, I., A. Iamnitchi. Mapping the gnutella network: Properties of large-scale peer-to-peer systems and implications for system design. in: IEEE Internet Computing Journal, 2002: 39-50
[139] Stutzbach, D., Rejaie, R., Sen, S.. Characterizing unstructured overlay topologies in modern p2p file-sharing systems. in: Proceedings of Internet Measurement Conference, 2005. 201-208