[1] 汤红波,郑林浩,葛国栋,等.CCN中基于节点状态模型的缓存污染攻击检测算法[J].通信学报,2016,37(9):1-9.(TANG H B, ZHENG L H, GE G D, et al. Detection algorithm for cache pollution attacks based on node state model in content centric networking[J]. Journal on Communications, 2016, 37(9):1-9.) [2] 贾岩,王鹤,吕少卿,等.HTML5应用程序缓存中毒攻击研究[J].通信学报,2016,37(10):149-157.(JIA Y, WANG H, LYU S Q, et al. Research on HTML5 application cache poison attack[J]. Journal on Communications, 2016, 37(10):149-157.) [3] LI M. Persistent JavaScript poisoning in Web browser's cache[EB/OL]. (2015-12-12)[2017-07-14]. http://www.cs.tufts.edu/comp/116/archive/fall2015/mli.pdf. [4] KLEIN A. Web cache poisoning attacks[M]//Encyclopedia of Cryptography and Security. Boston, MA:Springer, 2011:1373-1373. [5] HAY R, SHARABANI A. Protection against cache poisoning:U.S. Patent 8,806,133[P]. 2014-08-12. [6] VALLENTIN M, BEN-DAVID Y. Quantifying persistent browser cache poisoning[EB/OL]. (2010-04-21)[2017-07-04]. http://matthias.vallentin.net/course-work/cs294-50-s10.pdf. [7] VALLENTIN M, BEN-DAVID Y. Persistent browser cache poisoning[EB/OL].[2017-07-20]. https://people.eecs.berkeley.edu/~yahel/papers/Browser-Cache-Poisoning.Song.Spring10.attack-project.pdf. [8] JIA Y, CHEN Y, DONG X, et al. Man-in-the-browser-cache:persisting HTTPS attacks via browser cache poisoning[J]. Computers & Security, 2015, 55:62-80. [9] KUPPAN L. Attacking with HTML5[EB/OL].[2017-04-01]. https://www.techylib.com/en/view/victorious/attacking_with_html5. [10] 方慧鹏,应凌云,苏璞睿,等.移动智能终端的SSL实现安全性分析[J].计算机应用与软件,2015,32(7):272-276.(FANG H P, YING L Y, SU P R, et al. Securiy analysis on SSL implementation of smart mobile terminals[J]. Computer Applications and Software, 2015, 32(7):272-276.) [11] JOHNS M, LEKIES S, STOCK B. Eradicating DNS rebinding with the extended same-origin policy[C]//SEC'13:Proceedings of the 22nd USENIX Conference on Security. Berkeley, CA:USENIX Association, 2013:621-636. [12] SALTZMAN R, SHARABANI A. Active man in the middle attacks[EB/OL].[2017-03-03]. http://www.security-science.com/pdf/active-man-in-the-middle.pdf. [13] JIA Y, DONG X, LIANG Z, et al. I know where you've been:Geo-inference attacks via the browser cache[J]. IEEE Internet Computing, 2015, 19(1):44-53. [14] LEKIES S, JOHNS M. Lightweight integrity protection for Web storage-driven content caching[EB/OL].[2017-04-11]. http://www.w2spconf.com/2012/papers/w2sp12-final8.pdf. [15] KARAPANOS N, CAPKUN S. On the effective prevention of TLS man-in-the-middle attacks in Web applications[C]//Proceedings of the 23rd USENIX Conference on Security Symposium. Berkeley, CA:USENIX Association, 2014:671-686. [16] ALEXA.CN. Alexa[DB/OL] (2017)[2017-08-01]. http://www.alexa.cn/siterank/. [17] 黎松,段海新,李星.域间路由中间人攻击的实时检测系统[J].清华大学学报(自然科学版),2015,55(11):1229-1234.(LI S, DUAN H X, LI X. Real-time system for detecting inter-domain routing man-in-the-middle attacks[J]. Journal of Tsinghua University (Science and Technology), 2015, 55(11):1229-1234.) [18] CLARK J, van OORSCHOT P C. SoK:SSL and HTTPS:Revisiting past challenges and evaluating certificate trust model enhancements[C]//Proceedings of 2013 IEEE Symposium on Security and Privacy. Washington, DC:IEEE Computer Society, 2013:511-525. [19] PRANDINI M, RAMILLI M, CERRONI W, et al. Splitting the HTTPS stream to attack secure Web connections[J]. IEEE Security and Privacy, 2010, 8(6):80-84. [20] 汪定,马春光,翁臣,等.强健安全网络中的中间人攻击研究[J].计算机应用,2012,32(1):42-44.(WANG D, MA C G, WENG C, et al. Research of man-in-the-middle attack in robust security network[J]. Journal of Computer Applications, 2012, 32(1):42-44.) [21] NAYAK G N, SAMADDAR S G. Different flavours of man-in-the-middle attack, consequences and feasible solutions[C]//Proceedings of the 20103rd IEEE International Conference on Computer Science and Information Technology. Piscataway, NJ:IEEE, 2010, 5:491-495. |