Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (4): 302-.
Previous Articles Next Articles
Wang Zichen, Tang Yanjun, and Pan Yiyang#br#
Online:
2024-04-20
Published:
2024-04-21
王子晨汤艳君潘奕扬
通讯作者:
汤艳君
教授,硕士生导师.主要研究方向为电子数据取证.
tangyanjun@cipuc.edu.cn
作者简介:
王子晨
硕士研究生.主要研究方向为网络安全执法技术.
2022110136@cipuc.edu.cn
汤艳君
教授,硕士生导师.主要研究方向为电子数据取证.
tangyanjun@cipuc.edu.cn
潘奕扬
硕士研究生.主要研究方向为网络安全执法技术.
2022110142@cipuc.edu.cn
[1]Gao Zhiqiang, Ansari N. Tracing cyber attacks from the practical perspective[J]. IEEE Communications Magazine, 2005, 43(5): 123131[2]Matsuda S, Baba T, Hayakawa A, et al. Design and implementation of unauthorized access tracing system[C] Proc of 2002 Symp on Applications and the Internet. Piscataway, NJ: IEEE, 2002: 7481[3]Snoeren A C, Partridge C, Sanchez L A, et al. Singlepacket IP traceback[J]. IEEEACM Trans on Networking, 2002, 10(6): 721734[4]Savage S, Wetherall D, Karlin A, et al. Practical network support for IP traceback[C] Proc of the Conf on Applications, Technologies, Architectures, and Protocols for Computer Communication. New York: ACM, 2000: 295306[5]Belenky A, Ansari N. IP traceback with deterministic packet marking[J]. IEEE Communications Letters, 2003, 7(4): 162164[6]Sun YY, Zhang C, Meng SQ, et al. Modified deterministic packet marking for DDoS attack traceback in IPv6 network[C] Proc of the 11th IEEE Int Conf on Computer and Information Technology. Piscataway, NJ: IEEE, 2011: 245248[7]Suresh S, Sankar Ram N. Feasible DDoS attack source traceback scheme by deterministic multiple packet marking mechanism[J]. The Journal of Supercomputing, 2020, 76: 42324246[8]Vijayalakshmi M, Nithya N, Mercy Shalinie S. A novel algorithm on IP traceback to find the real source of spoofed IP packets[C] Proc of Artificial Intelligence and Evolutionary Algorithms in Engineering Systems (ICAEES 2014). Berlin: Springer, 2015: 7987[9]Bellovin S M, Leech M, Taylor T. ICMP traceback messages[EBOL]. 2003 [20230718]. https:academic commons.cocumbia.edudoi10.7916D8FF406R[10]Thing V L, Lee H C, Sloman M, et al. Enhanced ICMP traceback with cumulative path[C] Proc of the 61st IEEE Vehicular Technology Conf. Piscataway, NJ: IEEE, 2005: 24152419[11]Cheng BC, Liao GT, Lin CK, et al. Mibitracecp: An improvement of icmpbased traceback efficiency in network forensic analysis[C] Proc of the 9th IFIP Int Conf on Network and Parallel Computing. Berlin: Springer, 2012: 101109[12]Lee H C, Thing V L, Xu Y, et al. ICMP traceback with cumulative path, an efficient solution for IP traceback[C] Proc of the 5th Int Conf on Information and Communications Security. Berlin: Springer, 2003: 124135[13]Yao G, Bi J, Vasilakos A V. Passive IP traceback: Disclosing the locations of IP spoofers from path backscatter[J]. IEEE Trans on Information Forensics and Security, 2014, 10(3): 471484[14]Burch H, Cheswick B. Tracing anonymous packets to their approximate source[C] Proc of LISA. New York: ACM, 2000: 319327[15]Lai G H, Chen CM, Jeng BC, et al. Antbased IP traceback[J]. Expert Systems with Applications, 2008, 34(4): 30713080[16]姜建国, 王继志, 孔斌, 等. 网络攻击源追踪技术研究综述[J]. 信息安全学报, 2018, 3(1): 111131[17]Song D X, Perrig A. Advanced and authenticated marking schemes for IP traceback[C] Proc of IEEE Conf on Computer Communications, the 12th Annual Joint Conf of the IEEE Computer and Communications Society (INFOCOM 2001). Piscataway, NJ: IEEE, 2001: 878886[18]杨泽明, 李强, 刘俊荣, 等. 面向攻击溯源的威胁情报共享利用研究[J]. 信息安全研究, 2015, 1(1): 3136[19]Dingledine R, Mathewson N, Syverson P. Tor: The secondgeneration onion router[R]. Washington DC: Naval Research Lab, 2004[20]陈周国, 蒲石, 祝世雄. 匿名网络追踪溯源综述[J]. 计算机研究与发展, 2012, 49(S2): 111117[21]Yu W, Fu X, Graham S, et al. DSSSbased flow marking technique for invisible traceback[C] Proc of 2007 IEEE Symp on Security and Privacy (SP’07). Piscataway, NJ: IEEE, 2007: 1832[22]Ling Z, Luo J, Wu K, et al. Torward: Discovery, blocking, and traceback of malicious traffic over tor[J]. IEEE Trans on Information Forensics and Security, 2015, 10(12): 25152530[23]卓中流. 匿名网络追踪溯源关键技术研究[D]. 成都: 电子科技大学, 2018[24]何高峰, 杨明, 罗军舟, 等. 洋葱路由追踪技术中时间特征的建模与分析[J]. 计算机学报, 2014, 37(2): 356372[25]Pries R, Yu W, Fu X, et al. A new replay attack against anonymous communication networks[C] Proc of 2008 IEEE Int Conf on Communications. Piscataway, NJ: IEEE, 2008: 15781582[26]Qin Y, Wu J, Zou F, et al. Breaking Tor’s anonymity by modifying cell’s command[C] Proc of 2022 IEEE Symp on Computers and Communications (ISCC). Piscataway, NJ: IEEE, 2022: 17[27]Dingledine R. Tor security advisory:“relay early” traffic confirmation attack[EBOL]. [20230718]. https:lists.torproject.orgpipermailtorannounce2014July000094.html[28]Pei Y, Oida K. Tracing website attackers by analyzing onion Routers’ log files[J]. IEEE Access, 2020, 8: 133190133203[29]方滨兴, 崔翔, 王威. 僵尸网络综述[J]. 计算机研究与发展, 2011, 48(8): 13151331[30]郭晓军, 何磊, 赵江波. 僵尸网络流量检测与控制追踪技术研究[J]. 计算机技术与发展, 2013, 23(9): 135138[31]于晓聪, 董晓梅, 于戈, 等. 僵尸网络在线检测技术研究[J]. 武汉大学学报: 信息科学版, 2010, 35(5): 578581[32]Takemori K, Fujinaga M, Sayama T, et al. Hostbased traceback, tracking bot and C&C server[C] Proc of the 3rd Int Conf on Ubiquitous Information Management and Communicatio. New York: ACM, 2009: 400405[33]Ramsbrock D, Wang X, Jiang X. A first step towards live botmaster traceback[C] Proc of the 11th Int Symp on Recent Advances in Intrusion Detection (RAID 2008). Berlin: Springer, 2008: 5977[34]夏秦, 王志文, 刘璐. 基于域名共现行为的僵尸网络行为追踪[J]. 西安交通大学学报, 2012, 46(4): 712[35]Lin W, Lee D. Traceback attacks in cloud—Pebbletrace botnet[C] Proc of the 32nd Int Conf on Distributed Computing Systems Workshops. Piscataway, NJ: IEEE, 2012: 417426[36]Yi Z, Pan L, Wang X, et al. IP traceback using digital watermark and honeypot[C] Proc of the 5th Int Conf on Ubiquitous Intelligence and Computing (UIC 2008). Berlin: Springer, 2008: 426438[37]Chen S S, Heberlein L T. Holding intruders accountable on the internet[C] Proc of 1995 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 1995: 3949[38]Zhang Y, Paxson V. Detecting stepping stones[C] USENIX Security Symposium. Berkeley: USENIX, 2000: 173184[39]孙奕, 林杨东, 刘臻, 等. 基于网络回声的跳板检测系统的设计与实现[J]. 信息网络安全, 2013 (9): 4148[40]Wang X, Reeves D S, Wu S F, et al. Sleepy watermark tracing: An active networkbased intrusion response framework[C] Proc of Trusted Information: The New Decade Challenge 16. Berlin: Springer, 2001: 369384[41]殷树刚, 李祉岐, 刘晓蕾, 等. 基于APT组织攻击行为的网络安全主动防御方法研究[J]. 信息安全研究, 2023, 9(5): 423432[42]Cohen M I. Source attribution for network address translated forensic captures[J]. Digital Investigation, 2009, 5(34): 138145[43]Hazeyama H, Oe M, Kadobayashi Y. A layer2 extension to hashbased IP traceback[J]. IEICE Trans on Information and Systems, 2003, 86(11): 23252333[44]Chen Y, Liu Z, Liu B, et al. Identifying mobiles hiding behind wireless routers[C] Proc of 2011 IEEE INFOCOM. Piscataway, NJ: IEEE, 2011: 26512659[45]Wang J, Chen Y, Fu X, et al. 3DLoc: Three dimensional wireless localization toolkit[C] Proc of the 30th IEEE Int Conf on Distributed Computing Systems. Piscataway, NJ: IEEE, 2010: 3039[46]张宇翔, 韩久江, 刘建, 等. ATT&CK框架下基于事件序列关联的网络高级威胁检测系统[J]. 计算机科学, 2023, 50(S1): 710716[47]Lemay A, Calvet J, Menet F, et al. Survey of publicly available reports on advanced persistent threat actors[J]. Computers & Security, 2018, 72: 2659[48]陈周国, 蒲石, 郝尧, 等. 网络攻击追踪溯源层次分析[J]. 计算机系统应用, 2014, 23(1): 17[49]Cohen D, Narayanaswamy K. Attack attribution in noncooperative networks[C] Proc of the 5th Annual IEEE SMC Information Assurance Workshop. Piscataway, NJ: IEEE, 2004: 436437[50]刘潮歌, 方滨兴, 刘宝旭, 等. 定向网络攻击追踪溯源层次化模型研究[J]. 信息安全学报, 2019, 4(4): 118[51]Caltagirone S, Pendergast A, Betz C. The diamond model of intrusion analysis[EBOL]. (20130704) [20230718]. https:apps.dtic.micsticitationsADA586960[52]Pahi T, Skopik F. Cyber attribution 2.0: Capture the false flag[C] Proc of the 18th European Conf on Cyber Warfare and Security (ECCWS 2019). Coimbra: ACI, 2019: 338345[53]Rid T, Buchanan B. Attributing cyber attacks[J]. Journal of Strategic Studies, 2015, 38(12): 437[54]刘雪花, 丁丽萍, 郑涛, 等. 面向网络取证的网络攻击追踪溯源技术分析[J]. 软件学报, 2021, 32(1): 194217[55]宋文纳, 彭国军, 傅建明, 等. 恶意代码演化与溯源技术研究[J]. 软件学报, 2019, 30(8): 22292267[56]Nikolopoulos S D, Polenakis I. A graphbased model for malware detection and classification using systemcall groups[J]. Journal of Computer Virology and Hacking Techniques, 2017, 13(1): 2946[57]Alazab M. Profiling and classifying the behavior of malicious codes[J]. Journal of Systems and Software, 2015, 100(10): 91102[58]Nataraj L, Karthikeyan S, Jacob G, et al. Malware images: Visualization and automatic classification[C] Proc of the 8th Int Symp on Visualization for Cyber Security. New York: ACM, 2011: 17[59]Sree Lakshmi T, Govindarajan M, Sreenivasulu A. Malware visual resemblance analysis with minimum losses using Siamese neural networks[J]. Theoretical Computer Science, 2023, 943: 219229[60]乔延臣, 云晓春, 庹宇鹏, 等. 基于simhash与倒排索引的复用代码快速溯源方法[J]. 通信学报, 2016, 37(11): 104113[61]Liu J, Shen Y, Yan H. Functionsbased CFG embedding for malware homology analysis[C] Proc of the 26th Int Conf on Telecommunications (ICT). Piscataway, NJ: IEEE, 2019: 220226[62]梅瑞, 严寒冰, 沈元, 等. 二进制代码切片技术在恶意代码检测中的应用研究[J]. 信息安全学报, 2021, 6(3): 125140[63]Alrabaee S, Wang L, Debbabi M. BinGold: Towards robust binary analysis by extracting the semantics of binary code as semantic flow graphs (SFGs)[J]. Digital Investigation, 2016, 18(S1): S11S22[64]Hu X, Chiueh TC, Shin K G. Largescale malware indexing using functioncall graphs[C] Proc of the 16th ACM Conf on Computer and Communications Security. New York: ACM, 2009: 611620[65]Hassen M, Chan P K. Scalable function call graphbased malware classification[C] Proc of the 7th ACM on Conf on Data and Application Security and Privacy. New York: ACM, 2017: 239248[66]赵炳麟, 孟曦, 韩金, 等. 基于图结构的恶意代码同源性分析[J]. 通信学报, 2017, 38(S2): 8693[67]CaliskanIslam A, Harang R, Liu A, et al. Deanonymizing programmers via code stylometry[C] Proc of the 24th USENIX Security Symp. Berkeley: USENIX, 2015: 255270[68]罗文华. 基于逆向技术的恶意程序分析方法[J]. 计算机应用, 2011, 31(11): 29752978[69]杨轶, 苏璞睿, 应凌云, 等. 基于行为依赖特征的恶意代码相似性比较方法[J]. 软件学报, 2011, 22(10): 24382453[70]Wu S, Wang P, Li X, et al. Effective detection of android malware based on the usage of data flow APIs and machine learning[J]. Information and Software Technology, 2016, 75: 1725[71]Cho I K, Kim T, Shim Y J, et al. Malware similarity analysis using API sequence alignments[J]. Journal of Internet Services and Information Security, 2014, 4(4): 103114[72]谭杨, 刘嘉勇, 张磊. 基于混合特征的深度自编码器的恶意软件家族分类[J]. 信息网络安全, 2020, 20(12): 7282[73]Zhang M, Duan Y, Yin H, et al. Semanticsaware android malware classification using weighted contextual API dependency graphs[C] Proc of the 2014 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2014: 11051116[74]白波, 冯云, 刘宝旭, 等. 基于网络行为的攻击同源分析方法研究[J]. 信息安全学报, 2023, 8(2): 6680[75]Vmel S, Freiling F C. A survey of main memory acquisition and analysis techniques for the windows operating system[J]. Digital Investigation, 2011, 8(1): 322[76]Sihwail R, Omar K, Ariffin K Z. A survey on malware analysis techniques: Static, dynamic, hybrid and memory analysis[J]. International Journal on Advanced Science Engineering Information Technology, 2018, 8(42): 16621671[77]王津, 叶晓虎, 肖岩军, 等. 基于上下文感知计算的网络攻击组织追踪方法[J]. 广州大学学报: 自然科学版, 2021, 20(3): 2029[78]Li Q, Yang Z, Jiang Z, et al. Association analysis of cyberattack attribution based on threat intelligence[C] Proc of the 2nd Joint Int Information Technology, Mechanical and Electronic Engineering Conf. Chongqing: Atlantis Press, 2017: 222230 |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||