[1]应凌云,杨轶,冯登国,等. 恶意软件网络协议的语法和行为语义分析方法 [J]. 软件学报, 2011, 22(7):1676-1689.[2]WILLEMS C, HOLZ T, FREILING F C. Toward automated dynamic malware analysis using CWSandbox [J]. IEEE Security Privacy, 2007, 5(2): 32-39.[3]CUI W D, PEINADO M, CHEN K, et al. Tupni: automatic reverse engineering of input formats [C]// CCS 2008:Proceedings of the 15th ACM Conference on Computer and Communications Security. New York: ACM, 2008: 391-402.[4]MA J, LEVCHENKO K, KREIBICH C, et al. Unexpected means of protocol inference [C]// Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement. New York: ACM, 2006:313-326.[5]SMALL S, MASON J, MONROSE F, et al. To catch a predator: A natural language approach for eliciting malicious payloads [C]// Security 2008: Proceedings of the 17th USENIX Security Symposium. Berkeley: USENIX Association, 2008: 171-183.[6]KRUEGEL C, ROBERTSON W, VALEUR F, et al. Static disassembly of obfuscated binaries[C] // Proceedings of the 13th Conference on USENIX Security Symposium. New York:ACM, 2004:18.[7]NEWSOME J, SONG D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software[EB/OL]. [ 2012-10-01]. http://valgrind.org/docs/newsome2005.pdf.[8]NICHOLAS N. Dynamic binary analysis and instrumentation or building tools is easy [D]. Trinity Lane, Cambridge: University of Cambridge, 2004.[9]周侃. 基于数据流跟踪和库函数识别检测溢出攻击[D]. 上海:上海交通大学, 2011.[10]王卓. 基于符号执行的二进制代码动态污点分析[D]. 上海:上海交通大学, 2010.[11]潘璠,吴礼发,杜有翔,等.协议逆向工程研究进展[J].计算机应用研究, 2011, 28(8): 2801-2806.[12]何永君,舒辉,熊小兵.基于动态二进制分析的网络协议逆向解析 [J].计算机工程,2010, 36(9): 268-270.[13]COMPARETTI P M, WONDRACEK G, KRUEGEL C, et al. Prospex: Protocol specification extraction [C]// SP'09: Proceedings of the 30th IEEE Symposium on Security & Privacy. Washington,DC: IEEE Computer Society, 2009:110-125.[14]CABALLERO J, YIN H, LIANG Z K, et al. Polyglot: Automatic extraction of protocol message format using dynamic binary analysis[C]// CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security. New York: ACM, 2007:317-329. |