[1]诸葛建伟, 韩心慧, 周勇林, 等. 僵尸网络研究[J]. 软件学报, 2008, 19(3): 702715[2]江健, 诸葛建伟, 段海新, 等. 僵尸网络机理与防御技术[J]. 软件学报, 2012, 23(1): 8286[3]Stephens K. Malware command and control verview[OL]. [20170625]. http:nsciva.orgWhitePapers20101230Malware%20C2%20OverviewStephens.pdf[4]Symantec. Internet security threat report trends for 2010 [OL]. [20170625]. http:max.book118.comhtml2016032038145060.shtm[5]McDonald G, Doherty S, Chien E. Stuxnet 0.5: The missing link [OL]. [20170625]. http:www.symantec.comcontentenusenterprisemediasecurity_responsewhi tepapersstuxnet_0_5_the_missing_link.pdf[6]Symantec. Zeus: King of the bots [OL]. [20170625]. http:www.symantec.comcontentenusenterprisemediasecurity_responsewhitepaperszeus_king_of_bots.pdf[7]StoneGross B, Cova M, Cavallaro L, et al. Your botnet is my botnet: Analysis of a botnet takeover[C] Proc of the 16th ACM Conf on Computer and Communications Security. New York: ACM, 2009: 635647[8]Schouwenberg R. Inside the duqu command & control servers [OL]. [20170625]. https:cansecwest.comcsw12Kaspersky_Schouw_DuqC&Cu.pdf[9]Pointer R. EggHeads[OL]. [20170625]. http: eggheads.org[10]Micro T. Worm AgoBot[ROL].[20170703]. http:aboutthreats.trendmicro.comArchiveMalware.aspx?language=us&name=WORMAGOBOT.XE[11]Micro T. Worm SDBot[OL]. [20170625]. http:aboutthreats.trendmicro.comArchiveMalware.aspx?language=us&name=WORMSDBOT.AZ[12]Silva S S C, Silva R M P, Pinto R C G, et al. Botnets: A survey[J]. Computer Networks: The International Journal of Computer & Telecommunications Networking, 2013, 57(2): 378403[13]Anselmi D, Boscovich R, Campana T J. Special edition security intelligence report:Battling the rustock threat[OL]. [20170625]. https:www.microsoft.comsecurityportalmmpcresearchresearchpapers.aspx[14]Dittrich D. So you want to take over a botnet [C] Proc of the 5th USENIX Conf on LargeScale Exploits and Emergent Threats. Berkeley: USENIX Association, 2012: 66[15]Piscitello D. Conficker summary and review[OL]. [20170625]. http:icann.orgensecurityconfickersummaryreview07may10en.pdf [16]Kaspersky. TDL4—Top Bot[OL]. [20170625]. http:securelist.comanalysispublications36152tdl4topbot[17]Kerkers M, Santanna J J, Sperotto A. Characterisation of the Kelihos.B botnet[G] LNCS 8508: Proc of the 8th IFIP WG 6.6 Int Conf on Autonomous Infrastructure, Management, and Security, AIMS 2014. Berlin: Springer, 2014: 7991[18]Tillmann Kelihos. C: Same code, new botnet[OL]. [20170625]. https:www.crowdstrike.comblogkelihoscsamecodenewbotnet[19]Zeidanloo H R, Manaf A A. Botnet command and control mechanisms[C] Proc of Int Conf on Computer & Electrical Engineering. Piscataway, NJ: IEEE, 2009: 564568[20]Dittrich D, Dietrich S. P2P as botnet command and control: A deeper insight [OL].[20170703]. https:staff.washington.edudittrichmiscmalware08ddfinal.pdf [21]Rossow C, Christian J. SoK: P2P WNEDModeling and evaluating the resilience of peertopeer botnets[C] Proc of IEEE Symp on Security & Privacy. Piscataway, NJ: IEEE, 2013: 97111[22]Stover S, Dittrich D, Hernandez J, et al. Analysis of the storm and nugache: P2P is here[OL]. [20170625]. http:home.adelphi.edu~spockstoverlogindec2007.pdf[23]Plohmann D, Gerhardspadilla E, Leder F. Botnets: Detection, measurement, disinfection & defence[OL]. [20170625]. https:www.enisa.europa.eupublicationsbotnetsmeasurementdetectiondisinfectionanddefence[24]Greengard S. The war against botnets[J]. Communications of the ACM, 2012, 55(2): 1618[25]Emm D, Unuchek R, Chebyshev V, et al. IT threat evolution Q2 2014[OL].[20170703]. http:securelist.comanalysisquarterlymalwarereports65340itthreatevolutionq22014[26]Skoudis Ed. The six most dangerous new attack techniques and whats coming next[OL]. [20170625]. http:www.rsaconference.comeventsus12agendasessions855thesixmostdangerousnewattacktechniquesand#sthash.O6i4dJdH.dpuf [27]Xu Kui, Butler P, Saha S, et al. DNS for massivescale command and control[J]. IEEE Trans on Dependable & Secure Computing, 2013, 10(3): 143153[28]Leder F, Werner T. Know your enemy: Containing conficker[OL]. [20170625]. http:honeynet.orgfilesKYEConficker.pdf[29]Antonakakis M, Perdisci R, Nadji Y, et al. From throwaway traffic to bots:Detecting the rise of DGAbased malware[C] Proc of the 21st USENIX Conf on Security Symp. Berkeley: USENIX Association, 2011: 2424[30]Zhang Junjie. Detecting stealthy P2P botnets using statistical traffic fingerprints[C] Proc of IEEEIFIP Int Conf on Dependable Systems & Networks (DSN). Piscataway, NJ: IEEE, 2011: 121132[31]Narang P, Ray S, Hota C, et al. PeerShark: Detecting peertopeer botnets by tracking conversations[J]. Medical & Biological Engineering & Computing, 2014, 51(10): 11051119[32]Rossow C, Dietrich C J. PROVEX: Detecting botnets with encrypted command and control channels[G] LNCS 7967: Proc of Int Conf on Detection of Intrusions & Malware. Berlin: Springer, 2013: 2140[33]Bilge L, Balzarotti D, Robertson W, et al. DISCLOSURE: Detecting botnet command and control servers through largescale NetFlow analysis[C] Proc of the 28th Annual Computer Security Applications Conf. New York: ACM, 2012: 129138[34]Andriesse D, Rossow C, Stonegross B. Highly resilient peertopeer botnets are here: An analysis of gameover Zeus [C] Proc of the 8th Int Conf on Malicious and Unwanted Software. Piscataway, NJ: IEEE, 2013: 116123[35]ESET. The evolution of TDL: Conquering x64[OL]. [20170625]. https:wenku.baidu.comview6585b6d6e 53a580216fcfef5.html [36]Anselmi D, Boscovich R, Campana T J. Special edition security intelligence report: Battling the rustock threat[OL]. [20170625]. https:www.microsoft.comsecurityportalmmpcresearchresearchpapers.aspx[37]Baltazar J, Costoya J, Flores R. Infiltrating WALEDAC botnets covert operations [OL]. [20170625]. https:www.trendmicro.decloudcontentuspdfssecurityintelligencewhitepaperswp_infiltrating_the_waledac_botnet_v2.pdf[38]Hamandi K, et al. Android SMS botnet: A new perspective[C] Proc of the 10th ACM Int Symp on Mobility Management and Wireless Access. New York: ACM, 2012: 125130 [39]Zeng Yuanyuan, Kang G S, Hu Xin. Design of SMS commandedandcontrolled and P2Pstructured mobile botnets[C] Proc of the 5th ACM Conf on Security & Privacy in Wireless & Mobile Networks. New York: ACM, 2012: 137148[40]Grossman J, Johansen M. Million browser botnet [OL]. [20170625]. http:www.blackhat.comus13briefings.html#Grossman[41]Monica D, Ribeiro C. Leveraging honest users: Stealth commandandcontrol of botnets[C] Proc of the 7th USENIX Conf on Offensive Technologies. Berkeley: USENIX Association, 2013: 77[42]Williams J. Post exploitation operations with cloud synchronization services [OL]. 2013 [20170625]. http:www.blackhat.comus13briefings.html#Williams[43]Ragan R, Salazaris O. Cloudbots:Harvesting crypto coins like a botnet farmer[OL]. 2014 [20170625]. https:www.blackhat.comus14briefings.html#cloudbotsharvestingcryptocoinslikeabotnetfarmer[44]Brown D. Resilient botnet command and control with TOR[OL]. [20170625]. https:www.defcon.orgimagesdefcon18dc18presentationsD.BrownDEFCON18BrownTorCnC.pdf[45]Kaspersky. The inevitable move64bit Zeus enhanced with TOR[OL]. [20170625]. http:securelist.comblogevents58184theinevitablemove64bitzeusenhancedwithtor[46]Kaspersky Lab. IT threat evolution Q1 2014 [OL]. [20170625]. http:securelist.comanalysisquarterlymalwarereports59417itthreatevolutionq12014[47]Coppola M. Owning the network: Adventures in router rootkits [OL]. [20170625]. https:www.defcon.orghtmldefcon20dc20speakers.html[48]Purviance P, Brashars J. Blended threats and JavaScript: A plan for permanent network compromise [OL]. [20170625]. http:www.hakim.wsBHUSA12materialsBriefingsPurvianceBH_US_12_Purviance_Blended_Threats_Slides.pdf
|