[1] 王永杰,刘京菊.基于DNS协议的隐蔽通道原理及性能分析[J].计算机工程,2014,40(7):102-105.(WANG Y J, LIU J J. DNS-based covert channel principle and performance analysis[J]. Computer Engineering, 2014,40(7):102-105.) [2] CNCERT/CC. 2014中国互联网网络安全报告[EB/OL].[2015-08-15]. http://www.cert.org.cn/publish/main/upload/File/2014%20secirity%20situation%20report.pdf.(CNCERT/CC. The 2014 Internet security report in China[EB/OL].[2015-08-15]. http://www.cert.org.cn/publish/main/upload/File/2014%20secirity%20situation%20report.pdf.) [3] BILGE L, KIRDA E, KRUEGEL C, et al. EXPOSURE:finding malicious domains using passive DNS analysis[EB/OL].[2015-07-06]. http://seclab.ccs.neu.edu/static/publications/ndss2011dns.pdf. [4] 洪博,耿光刚,王利明,等.一种基于 DNS 主动检测钓鱼攻击的系统[J].计算机应用研究,2013,30(12):3771-3774.(HONG B, GENG G G, WANG L M, et al. System to discover phishing attacks actively based on DNS[J]. Application Research of Computers, 2013, 30(12):3771-3774.) [5] ZHANG Y, HONG J I, CRANOR L F. Cantina:a content-based approach to detecting phishing Web sites[C]//Proceedings of the 2007 16th International Conference on World Wide Web. New York:ACM, 2007:639-648. [6] WEIMER F. Passive DNS replication[EB/OL].[2015-07-06]. http://www.first.org/conference/2005/papers/florian-weimer-paper-1.pdf. [7] PAN Y, DING X. Anomaly based Web phishing page detection[C]//Proceedings of the 22nd Annual Computer Security Applications Conference. Washington, DC:IEEE Computer Society, 2006:381-392. [8] HOLZ T, GORECKI C, RIECK K, et al. Measuring and detecting fast-flux service networks[EB/OL].[2015-07-12]. http://user.informatik.uni-goettingen.de/~krieck/docs/2008-ndss.pdf. [9] ZHOU C V, LECKIE C, KARUNASEKERA S, et al. A self-healing, self-protecting collaborative intrusion detection architecture to trace-back fast-flux phishing domains[C]//Proceedings of the 2008 IEEE Network Operations and Management Symposium Workshops. Piscataway, NJ:IEEE, 2008:321-327. [10] BASNET R, MUKKAMALA S, SUNG A H. Detection of phishing attacks:a machine learning approach[M]//PRASAD B. Soft Computing Applications in Industry. Berlin:Springer, 2008, 226:373-383. [11] PASSERINI E, PALEARI R, MARTIGNONI L, et al. FluXOR:detecting and monitoring fast-flux service networks[M]//ZAMBONI D. Detection of Intrusions and Malware, and Vulnerability Assessment, LNCS 5137. Berlin:Springer, 2008:186-206. [12] PERDISCI R, CORONA I, DAGON D, et al. Detecting malicious flux service networks through passive analysis of recursive DNS traces[C]//Proceedings of the 2009 Annual Computer Security Applications Conference. Washington, DC:IEEE Computer Society, 2009:311-320. [13] CHAU D H, NACHENBERG C, WILHELM J, et al. Polonium:Tera-scale graph mining for malware detection[EB/OL].[2015-07-12]. http://epubs.siam.org/doi/pdf/10.1137/1.9781611972818.12. [14] MANADHATA P, YADAV S, RAO P, et al. Detecting malicious domains via graph inference[C]//Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop. New York:ACM, 2014:59-60. |