[1]Langner R. Stuxnet: Dissecting a cyberwarfare weapon[J]. IEEE Security & Privacy, 2011, 9(3): 4951[2]Whitehead D E, Owens K, Gammel D, et al. Ukraine cyberinduced power outage: Analysis and practical mitigation strategies[C] Proc of the 70th Annual Conf for Protective Relay Engineers (CPRE). Piscataway, NJ: IEEE, 2017: 18 [3]Peisert S, Schneier B, Okhravi H, et al. Perspectives on the solarwinds incident[J]. IEEE Security & Privacy, 2021, 19(2): 713[4]韩雪莹 王泽辉, 刘润时,等. 高级持续性威胁检测技术研究综述 [JOL]. 信息安全学报 [20230905]. https:jcs.iie.ac.cnxxaqxbchreaderview_abstract.aspx?flag=2&file_no=202203020000001&journal_id=xxaqxb[5]GARTNER. Gartner[ROL]. 2023 [20230905]. https:www.gartner.comcn[6]Zhou Y, Sharma A. Automated identification of security issues from commit messages and bug reports[C] Proc of the 11th Joint Meeting on Foundations of Software Engineering. New York: ACM, 2017: 914919[7]Perl H, Dechand S, Smith M, et al. Vccfinder: Finding potential vulnerabilities in opensourceprojects to assist code audits[C] Proc of the 22nd ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2015: 426437[8]Wang X, Wang S, Feng P, et al. PatchRNN: A deep learningbased system for security patch identification[C] Proc of MILCOM 2021—2021 IEEE Military Communications Conf (MILCOM). Piscataway, NJ: IEEE, 2021: 595600 [9]Wu B, Liu S, Feng R, et al. Enhancing security patch identification by capturing structures in commits[J]. IEEE Trans on Dependable and Secure Computing, 2022, 20(2): 115[10]Zhou J, Pacheco M, Wan Z, et al. Finding a needle in a haystack: Automated mining of silent vulnerability fixes[C] Proc of the 36th IEEEACM Int Conf on Automated Software Engineering (ASE). Piscataway, NJ: IEEE, 2021: 705716[11]Steenhoek B, Le W, Gao H. DeepDFA: Dataflow analysisguided efficient graph learning for vulnerability detection [JOL]. CoRR, 2022 [20230905]. https:arxiv.orgpdf2212.08108.pdf[12]Luo Z, Wang P, Wang B, et al. VulHawk: Crossarchitecture vulnerability detection with entropybased binary code search[COL] Proc of Network Distributed System Security Symposium. 2023 [20230905]. https:www.ndsssymposium.orgwpcontentuploads202302/ndss2023_f415_paper.pdf[13]Mamede C, Pinconschi E, Abreu R, et al. Exploring transformers for multilabel classification of Java vulnerabilities[C] Proc of the 22nd IEEE Int Conf on Software Quality, Reliability and Security (QRS). Piscataway, NJ: IEEE, 2022: 4352[14]Zhu X, Chen W, Zheng W, et al. Gemini: A computationcentric distributed graph processing system[C] Proc of the 12th USENIX Symp on Operating Systems Design and Implementation (OSDI 16). Berkeley, CA: USENIX Association, 2016: 301316[15]Wang H, Qu W, Katz G, et al. Jtrans: Jumpaware transformer for binary code similarity detection[C] Proc of the 31st ACM SIGSOFT Int Symp on Software Testing and Analysis. New York: ACM, 2022: 113[16]Godefroid P, Peleg H, Singh R. Learn&fuzz: Machine learning for input fuzzing[C] Proc of the 32nd IEEEACM Int Conf on Automated Software Engineering (ASE). Piscataway, NJ: IEEE, 2017: 5059[17]She D, Pei K, Epstein D, et al. Neuzz: Efficient fuzzing with neural program smoothing[C] Proc of 2019 IEEE Symp on Security and Privacy (SP). Piscataway, NJ: IEEE, 2019: 803817[18]She D, Krishna R, Yan L, et al. MTFuzz: Fuzzing with a multitask neural network[C] Proc of the 28th ACM Joint Meeting on European Software Engineering Conf and Symp on the Foundations of Software Engineering. New York: ACM, 2020: 737749[19]Chen Y, Ahmadi M, Wang B, et al. Meuzz: Smart seed scheduling for hybrid fuzzing[C] Proc of the 23rd Int Symp on Research in Attacks, Intrusions and Defenses (RAID). Berkeley, CA: USENIX Association, 2020: 7792[20]Li X, Liu X, Chen L, et al. FuzzBoost: Reinforcement Compiler Fuzzing[C] Proc of Int Conf on Information and Communications Security. Berlin: Springer, 2022: 359375[21]Lee M, Cha S, Oh H. Learning seedadaptive mutation strategies for greybox fuzzing[C] Proc of the 45th IEEEACM Int Conf on Software Engineering (ICSE). Piscataway, NJ: IEEE, 2023: 384396[22]Wang X, Hu C, Ma R, et al. LAFuzz: Neural network for efficient fuzzing[C] Proc of the 32nd IEEE Int Conf on Tools with Artificial Intelligence (ICTAI). Piscataway, NJ: IEEE, 2020: 603611[23]Liu X, Li X, Prajapati R, et al. Deepfuzz: Automatic generation of syntax valid c programs for fuzz testing[C] Proc of the AAAI Conf on Artificial Intelligence. Menlo Park, CA: AAAI Press, 2019: 10441051[24]Hu Z, Shi J, Huang Y H, et al. GANFuzz: A GANbased industrial network protocol fuzzing framework[C] Proc of the 15th ACM Int Conf on Computing Frontiers.New York: ACM, 2018: 138145[25]冷涛, 蔡利君, 于爱民, 等. 基于系统溯源图的威胁发现与取证分析综述[J]. 通信学报, 2022, 43(7): 172188[26]徐嘉涔, 王轶骏, 薛质. 网络空间威胁狩猎的研究综述[J]. 通信技术, 2020, 53(1): 18[27]Yang C. Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment[J]. Cluster Computing, 2019, 22(4): 83098317[28]Dong C, Lu Z, Cui Z, et al. MBTree: Detecting encryption RATs communication using malicious behavior tree[J]. IEEE Trans on Information Forensics and Security, 2021, 16: 35893603[29]Zhang J, Yang L, Yu S, et al. A DNS tunneling detection method based on deep learning models to prevent data exfiltration[C] Proc of the 13th Int Conf on Network and System Security. Berlin: Springer, 2019: 520535[30]Ilgun K. USTAT: A realtime intrusion detection system for UNIX[C] Proc of 1993 IEEE Computer Society Symp on Research in Security and Privacy. Piscataway, NJ: IEEE, 1993: 1628[31]Yang L, Chen J, Wang Z, et al. Semisupervised logbased anomaly detection via probabilistic label estimation[C] Proc of the 43rd IEEEACM Int Conf on Software Engineering (ICSE). Piscataway, NJ: IEEE, 2021: 14481460[32]Hossain M N, Milajerdi S M, Wang J, et al. SLEUTH: Realtime attack scenario reconstruction from {COTS} audit data[C] Proc of the 26th USENIX Security Symp (USENIX Security 17). Berkeley, CA: USENIX Association, 2017: 487504[33]Le V H, Zhang H. Logbased anomaly detection with deep learning: How far are we?[C] Proc of the 44th Int Conf on Software Engineering. New York: ACM, 2022: 13561367[34]Virustotal. Virustotal’s 2021 Malware Trends Report[MOL]. 2021 [20230905]. https:assets.virustotal.comreports2021trends.pdf[35]Santos I, Laorden C, Bringas P G. Collective classification for unknown malware detection[C] Proc of the Int Conf on Security and Cryptography. Piscataway, NJ: IEEE, 2011: 251256[36]Ye Y, Chen L, Wang D, et al. SBMDS: An interpretable string based malware detection system using SVM ensemble with bagging[J]. Journal in Computer Virology, 2009, 5(4): 28393[37]Anderson B, StorlieC, Lane T. Improving malware classification: bridging the staticdynamic gap[C] Proc of the 5th ACM Workshop on Security and Artificial Intelligence. New York: ACM, 2012: 314[38]Santos I, Penya Y K, Devesa J, et al. Ngramsbased file signatures for malware detection[C] Proc of Int Conf on Enterprise Information Systems. Berlin: Springer, 2009: 317320[39]Liu L, Wang B. Malware classification using grayscale images and ensemble learning[C] Proc of the 3rd Int Conf on Systems and Informatics (ICSAI). Piscataway, NJ: IEEE, 2016: 10181022[40]Islam R, Tian R, Batten L, et al. Classification of malware based on string and function feature selection[C] Proc of the 2nd Cybercrime and Trustworthy Computing Workshop. Piscataway, NJ: IEEE, 2010: 917[41]Mavroeidis V, Bromander S. Cyber threat intelligence model: An evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence[C] Proc of 2017 European Intelligence and Security Informatics Conf (EISIC). Piscataway, NJ: IEEE, 2017: 9198[42]刘亮, 赵倩崇, 郑荣锋, 等. 基于威胁情报的自动生成入侵检测规则方法[J]. 计算机工程与设计, 2022, 43(1): 18[43]Guarascio M, Cassavia N, Pisani F S, et al. Boosting cyberthreat intelligence via collaborative intrusion detection[J] Future Generation Computer Systems, 2022, 135(1): 3043[44]Mahmoud M, Mannan M, Youssef A. APTHunter: Detecting Advanced Persistent Threats in Early Stages[J]. Digital Threats, 2023, 4(1): Article 11[45]Gao P, Shao F, Liu X, et al. Enabling efficient cyber threat hunting with cyber threat intelligence[C] Proc of the 37th IEEE Int Conf on Data Engineering (ICDE). Piscataway, NJ: IEEE, 2021: 193204[46]Riebe T, Wirth T, Bayer M, et al. Cysecalert: An alert generation system for cyber security events using open source intelligence data[C] Proc of Int Conf on Information and Communications Security. Berlin: Springer, 2021: 429446[47]Nagai T, Takita M, Furumoto K, et al. Understanding attack trends from security blog posts using guidedtopic model[J]. Journal of Information Processing, 2019, 27(1): 802809[48]GonzáLezGranadillo G, Faiella M, Medeiros I, et al. ETIP: An enriched threat intelligence platform for improving OSINT correlation, analysis, visualization and sharing capabilities[J]. Journal of Information Security, 2021, 58(3): 102715 |