[1] FANG B, CUI X, WANG W. Survey of botnets[J]. Journal of Computer Research and Development, 2011,48(8):1315-1331.(方滨兴,崔翔,王威.僵尸网络综述[J].计算机研究与发展, 2011,48(8):1315-1331.) [2] YLONEN T, LONVICK C. The Secure Shell (SSH) protocol architecture[EB/OL].[2014-08-02]. http://wenku.baidu.com/view/c4eef092daef5ef7ba0d3c1b.html. [3] HOUMANSADR A, BORISOV N. BotMosaic: collaborative network watermark for the detection of IRC-based botnets[J]. Journal of Systems and Software, 2013,86(3):707-715. [4] HOUMANSADR A, BORISOV N. The need for flow fingerprints to link correlated network flows[M]//de CRISTOFARO E, WRIGHT M. Privacy Enhancing Technologies, LNCS 7981. Berlin: Springer, 2013:205-224. [5] HOUMANSADR A, BORISOV N. Towards improving network flow watermarks using the repeat-accumulate codes[C]//Proceedings of the 2011 IEEE International Conference on Acoustics, Speech and Signal Processing. Piscataway: IEEE, 2011:1852-1855. [6] HOUMANSADR A, BORISOV N. SWIRL: a scalable watermark to detect correlated network flows[EB/OL].[2014-08-04]. http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=6A5F7AEA1BA17DDE3F4915A54D435A7F?doi=10.1.1.300.368&rep=rep1&type=pdf. [7] LUO J, WANG X, YANG M. An interval centroid based spread spectrum watermarking scheme for multi-flow traceback[J]. Journal of Network and Computer Applications, 2012,35(1):60-71. [8] KIYAVASH N, HOUMANSADR A, BORISOV N. Multi-flow attacks against network flow watermarks: analysis and countermeasures[EB/OL].[2014-08-03]. http://arxiv.org/pdf/1203.1390v2.pdf. [9] LUO X, ZHANG J, PERDISCI R, et al. On the secrecy of spread-spectrum flow watermarks[M]//GRITZALIS D, PRENEEL B, THEOHARIDOU M. Computer Security-ESORICS 2010, LNCS 6345. Berlin: Springer, 2010:232-248. [10] PENG P, NING P, REEVES D S. On the secrecy of timing-based active watermarking trace-back techniques[C]//Proceedings of the 2006 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2006:334-349. [11] WEN Q, SUN T, WANG S. Concept and application of zero-watermark[J]. Acta Electronica Sinica, 2003,31(2):214-216.(温泉,孙锬锋,王树勋.零水印的概念与应用[J].电子学报,2003,31(2):214-216.) [12] STANIFORD-CHEN S, HERBERLEIN L T. Holding intruders accountable on the Internet[EB/OL].[2014-08-06]. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.39.724&rep=rep1&type=pdf. [13] YANG J, HUANG S-H S. Correlating temporal thumbprints for tracing intruders[C]//Proceedings of the 2005 3rd International Conference on Computing, Communications and Control Technologies. Austin:[s.n.], 2005:24-29. [14] YANG J, HUANG S-H S. Improved thumbprint and its application for intrusion detection[M]//LU X, ZHAO W. Networking and Mobile Computing, LNCS 3619. Berlin: Springer, 2005:433-442. [15] WANG X, REEVES D S, WU S F, et al. Sleepy watermark tracing: an active network-based intrusion response framework[C]//Proceedings of the 16th International Information Security Conference. Piscataway: IEEE, 2001:369. [16] WANG X, CHEN S, JAJODIA S. Tracking anonymous peer-to-peer VoIP calls on the Internet[C]//Proceedings of the 12th ACM Conference on Computer and Communications Security. New York: ACM, 2005:81. [17] RAMSBROCK D, WANG X, JIANG X. A first step towards live botmaster traceback[C]//Proceedings of the 2008 11th International Symposium on Recent Advances in Intrusion Detection. Berlin: Springer, 2008:59. [18] HOUMANSADR A, KIYAVASH N, BORISOV N. Rainbow: a robust and invisible non-blind watermark for network flows[C]//Proceedings of the 16th Network and Distributed System Security Symposium. Berlin: Springer, 2009:1422. [19] YU W, FU X, GRAHAM S, et al. DSSS-based flow marking technique for invisible traceback[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2007:73-79. [20] ZHANG L, LUO J, YANG M. An improved DSSS-based flow marking technique for anonymous communication traceback[C]//Proceedings of the 2009 Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing. Piscataway: IEEE, 2009:563-567. [21] HUANG J, PAN X, FU X, et al. Long PN code based DSSS watermarking[C]//Proceedings of the 2011 IEEE INFOCOM. Piscataway: IEEE, 2011:2426-2434. [22] ZHANG L, WANG Z, XU J. Watermark technique based on packet reordering[J]. Journal of Software, 2011,22(2):17.(张连成,王振兴,徐静.一种基于包序重排的流水印技术[J].软件学报,2011,22(2):17.) [23] GONG X, RODRIGUES M, KIYAVASH N. Invisible flow watermarks for channels with dependent substitution and deletion errors[C]//Proceedings of the 2012 IEEE International Conference on Acoustics, Speech and Signal Processing. Piscataway: IEEE, 2012:1773-1776. [24] ASSANOVICH B, PUECH W, TKACHENKO I. Use of linear error-correcting subcodes in flow watermarking for channels with substitution and deletion errors[M]//de DECKER B, DITTMANN J, KRAETZER C, et al. Communications and Multimedia Security, LNCS 8099. Berlin: Springer, 2013:105-112. [25] KRAWCZYK H, ERONEN P. HMAC-based extract-and-expand Key Derivation Function (HKDF)[J]. Internet Engineering Task Force, 2010,8(1):113-119. [26] DAS A, ADHIKARI A. An efficient multi-use multi-secret sharing scheme based on hash function[J]. Applied Mathematics Letters, 2010,23(9):993-996. [27] CAYRE F, FONTAINE C, FURON T. Watermarking security: theory and practice[J]. IEEE Transactions on Signal Processing, 2005,53(10):3976-3987. [28] JIANG N, WANG J. The theoretical limits of watermark spread spectrum sequence[J]. The Scientific World Journal, 2014,4(3):97-104. [29] SHANNON C E. Communication theory of secret systems[J]. Bell System Technical Journal, 1949,28(4):656-715. [30] ZHANG Y, PAXSON V. Detecting stepping stones[C]//Proceedings of the 9th USENIX Security Symposium. Denver: USENIX Association, 2000:171-184. [31] WANG X, REEVES D S. Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays[C]//Proceedings of the 10th ACM Conference on Computer and Communications Security. New York: ACM, 2003:20-29. [32] ZHANG L, WANG Z, WANG Q, et al. MSAC and multi-flow attacks resistant spread spectrum watermarks for network flows[C]//Proceedings of the 2010 2nd IEEE International Conference on Information and Financial Engineering. Piscataway: IEEE, 2010:438-441. [33] ZHANG X, WANG S, QIAN Z, et al. Reversible fragile watermarking for locating tampered blocks in JPEG images[J]. Signal Processing, 2010,90(12):3026-3036. [34] PETERSON W W, WELDON E J. Error-correcting codes[M]. Cambridge: MIT Press, 1972:24-60. [35] LEE S, SHORT S L. Spread spectrum CDMA[M]. New York: McGraw-Hill, 2002:53-77. [36] Center for applied Internet data analysis. Passive monitor: equinix-chicago[EB/OL].[2014-09-18]. http://www.caida.org/data/monitors/passive-equinix-chicago.xml. |