[1] 国家互联网应急中心. 2017年中国互联网网络安全报告[EB/OL]. [2019-03-25]. http://www.cert.org.cn/publish/main/upload/File/2017annual(1).pdf.
[2] DULLIEN T, ROLLES R. Graph-based comparison of executable objects[J]. Sstic, 2005:1-13.
[3] GAO D, REITER M K, SONG D. BinHunt: Automatically finding semantic differences in binary programs[M]// Information and Communications Security. Springer, 2008:238-255.
[4] MOON D, PAN S B, KIM I. Host-based intrusion detection system for secure human-centric computing[J]. Journal of Supercomputing, 2016,72(7):2520-2536.
[5] CANALI D, LANZI A, BALZAROTTI D, et al. A quantitative study of accuracy in system call-based malware detection[C]// Proceedings of 2012 International Symposium on Software Testing and Analysis. 2012:122-132.
[6] 张瑜,刘庆中,李涛,等. Rootkit研究综述[J]. 电子科技大学学报, 2015,44(4):563-578.
[7] 曹胤超. 基于木马行为特征的动态检测技术研究[D]. 武汉:华中科技大学, 2014.
[8] 邹腾宽,汪钰颖,吴承荣. 网络背景流量的分类与识别研究综述[J]. 计算机应用, 2019,39(3):802-811.
[9] 赵双,陈曙晖. 基于机器学习的流量识别技术综述与展望[J]. 计算机工程与科学, 2018,40(10):34-44.
[10]姚忠将,葛敬国,张潇丹,等. 流量混淆技术及相应识别、追踪技术研究综述[J]. 软件学报, 2018,29(10):313-330.
[11]ROESCH M. Snort-light weight intrusion detection for networks[C]// Usenix Conference on System Administration. 1999:229-238.
[12]PARVAT T J, CHANDRA P. A novel approach to deep packet inspection for intrusion detection[J]. Procedia Computer Science, 2015,45(C):506-513.
[13]VIDAL J M, OROZCO A L S, VILLALBA L J G. Alert correlation framework for malware detection by anomaly-based packet payload analysis[J]. Journal of Network and Computer Applications, 2017,97:11-22.
[14]GU G F, ZHANG J J, LEE W. BotSniffer: Detecting botnet command and control channels in network traffic[C]// Proceedings of the 15th Annual Network and Distributed System Security Symposium. 2008.
[15]李巍,李丽辉,李佳,等. 远控型木马通信三阶段流量行为特征分析[J]. 信息网络安全, 2015(5):10-15.
[16]孙海涛. 基于通信行为分析的木马检测技术研究[D]. 郑州:解放军信息工程大学, 2011.
[17]李世淙,云晓春,张永铮. 一种基于分层聚类方法的木马通信行为检测模型[J]. 计算机研究与发展, 2012,49(S2):9-16.
[18]YAMADA M, MORINAGA M, UNNO Y, et al. RAT-based malicious activities detection on enterprise internal networks[C]// 2015 10th International Conference for Internet Technology and Secured Transactions. 2015:321-325.
[19]兰景宏,刘胜利,李晔,等. 一种基于多层联合分析的HTTP隧道木马检测方法[J]. 计算机应用研究, 2016,33(1):240-244.
[20]罗友强,刘胜利,颜猛,等. 基于通信行为分析的DNS隧道木马检测方法[J]. 浙江大学学报(工学版), 2017,51(9):1780-1787.
[21]JIANG D, OMOTE K. An approach to detect remote access trojan in the early stage of communication[C]// 2015 IEEE 29th International Conference on Advanced Information Networking and Applications. 2015:706-713.
[22]DUSI M, CROTTI M, GRINGOLI F, et al. Tunnel hunter: Detecting application-layer tunnels with statistical fingerprinting[J]. Computer Networks, 2009,53(1):81-97.
[23]彭建芬,周亚建,王枞,等. TCP流量早期识别方法[J]. 应用科学学报, 2011,29(1):73-77.
[24]吴双. 基于时间序列分析的木马网络会话检测技术研究[D]. 郑州:解放军信息工程大学, 2017. |