Vigilante: End-to-end containment of Internet worm epidemics
暂无分享,去创建一个
Antony I. T. Rowstron | Jon Crowcroft | Lintao Zhang | Lidong Zhou | Paul Barham | Manuel Costa | Miguel Castro | A. Rowstron | M. Castro | P. Barham | Manuel Costa | J. Crowcroft | Lidong Zhou | Lintao Zhang
[1] Robert K. Cunningham,et al. A taxonomy of computer worms , 2003, WORM '03.
[2] Crispan Cowan,et al. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.
[3] Stephanie Forrest,et al. Architecture for an Artificial Immune System , 2000, Evolutionary Computation.
[4] Weibo Gong,et al. Anomaly detection using call stack information , 2003, 2003 Symposium on Security and Privacy, 2003..
[5] Olatunji Ruwase,et al. A Practical Dynamic Buffer Overflow Detector , 2004, NDSS.
[6] Laurent Massoulié,et al. Efficient Quarantining of Scanning Worms: Optimal Detection and Coordination , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.
[7] Peter Druschel,et al. Pastry: Scalable, distributed object location and routing for large-scale peer-to- , 2001 .
[8] Tzi-cker Chiueh,et al. CTCP: a transparent centralized TCP/IP architecture for network security , 2004, 20th Annual Computer Security Applications Conference.
[9] Eugene H. Spafford,et al. Crisis and aftermath , 1989, Commun. ACM.
[10] John Johansen,et al. PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.
[11] David R. Karger,et al. Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.
[12] Dawson R. Engler,et al. Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.
[13] Jon Crowcroft,et al. Honeycomb , 2004, Comput. Commun. Rev..
[14] A.J. Ganesh,et al. On the Race of Worms, Alerts, and Patches , 2008, IEEE/ACM Transactions on Networking.
[15] David A. Wagner,et al. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.
[16] David Evans,et al. Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.
[17] Andrew Warfield,et al. Practical taint-based protection using demand emulation , 2006, EuroSys.
[18] Stephanie Forrest,et al. A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.
[19] David A. Wagner,et al. Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.
[20] Manuel Costa,et al. Bouncer: securing software by blocking bad input , 2008, WRAITS '08.
[21] Junfeng Yang,et al. Using model checking to find serious file system errors , 2004, TOCS.
[22] R. Sekar,et al. A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.
[23] Michael Vrable,et al. Scalability, fidelity, and containment in the potemkin virtual honeyfarm , 2005, SOSP '05.
[24] Christopher Kruegel,et al. Connection-History Based Anomaly Detection , 2002 .
[25] Herbert W. Hethcote,et al. The Mathematics of Infectious Diseases , 2000, SIAM Rev..
[26] Anil Madhavapeddy,et al. Creating high-performance statically type-safe network applications , 2010 .
[27] Miguel Castro,et al. Preventing Memory Error Exploits with WIT , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[28] Wenke Lee,et al. Polymorphic Blending Attacks , 2006, USENIX Security Symposium.
[29] Jaeyeon Jung,et al. Real-time detection of malicious network activity using stochastic models , 2006 .
[30] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[31] Kevin A. Kwiat,et al. Modeling the spread of active worms , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).
[32] Jon A. Rochlis,et al. With microscope and tweezers: an analysis of the Internet virus of November 1988 , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.
[33] James Newsome,et al. Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).
[34] Mihai Budiu,et al. Control-flow integrity principles, implementations, and applications , 2009, TSEC.
[35] Karl N. Levitt,et al. GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .
[36] Christopher Krügel,et al. Accurate Buffer Overflow Detection via Abstract Payload Execution , 2002, RAID.
[37] Jacob Goldenberg,et al. Distributive immunization of networks against viruses using the ‘honey-pot’ architecture , 2005 .
[38] Hao Wang,et al. Towards automatic generation of vulnerability-based signatures , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[39] John R. Douceur,et al. The Sybil Attack , 2002, IPTPS.
[40] Biswanath Mukherjee,et al. A network security monitor , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.
[41] David Watson,et al. The Blaster worm: then and now , 2005, IEEE Security & Privacy Magazine.
[42] James C. King,et al. Symbolic execution and program testing , 1976, CACM.
[43] Stefan Savage,et al. Inside the Slammer Worm , 2003, IEEE Secur. Priv..
[44] Miguel Castro,et al. Securing software by enforcing data-flow integrity , 2006, OSDI '06.
[45] Christopher Krügel,et al. Polymorphic Worm Detection Using Structural Information of Executables , 2005, RAID.
[46] Christopher Krügel,et al. Automating Mimicry Attacks Using Static Binary Analysis , 2005, USENIX Security Symposium.
[47] Yong Tang,et al. Defending against Internet worms: a signature-based approach , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..
[48] Karl N. Levitt,et al. Buttercup: on network-based detection of polymorphic buffer overflow vulnerabilities , 2004, 2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507).
[49] Miguel Castro,et al. Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.
[50] Jeffrey O. Kephart,et al. Blueprint for a Computer Immune System , 1999 .
[51] Daniel M. Roy,et al. Enhancing Server Availability and Security Through Failure-Oblivious Computing , 2004, OSDI.
[52] David Moore,et al. The Spread of the Witty Worm , 2004, IEEE Secur. Priv..
[53] Stephanie Forrest,et al. Automated response using system-call delays , 2000 .
[54] Jun Xu,et al. Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.
[55] Paul V. Mockapetris,et al. Domain names: Concepts and facilities , 1983, RFC.
[56] Samuel T. King,et al. ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.
[57] David A. Wagner,et al. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .
[58] John Wilander,et al. A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention , 2003, NDSS.
[59] Evelyn Duesterwald,et al. Design and implementation of a dynamic optimization framework for windows , 2000 .
[60] Vern Paxson,et al. How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.
[61] T. Holz,et al. Detecting honeypots and other suspicious environments , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.
[62] Angelos D. Keromytis,et al. Software Self-Healing Using Collaborative Application Communities , 2006, NDSS.
[63] Tzi-cker Chiueh,et al. RAD: a compile-time solution to buffer overflow attacks , 2001, Proceedings 21st International Conference on Distributed Computing Systems.
[64] Helen J. Wang,et al. Shield: vulnerability-driven network filters for preventing known vulnerability exploits , 2004, SIGCOMM 2004.
[65] Frederic T. Chong,et al. Minos: Control Data Attack Prevention Orthogonal to Memory Model , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).
[66] Martín Abadi,et al. Control-flow integrity , 2005, CCS '05.
[67] David Moore,et al. Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).
[68] B. Karp,et al. Autograph: Toward Automated, Distributed Worm Signature Detection , 2004, USENIX Security Symposium.
[69] Somesh Jha,et al. An architecture for generating semantics-aware signatures , 2005 .
[70] A. One,et al. Smashing The Stack For Fun And Profit , 1996 .
[71] Fay W. Chang,et al. Operating System I/O Speculation: How Two Invocations Are Faster Than One , 2003, USENIX Annual Technical Conference, General Track.
[72] Helen J. Wang,et al. Shield: vulnerability-driven network filters for preventing known vulnerability exploits , 2004, SIGCOMM.
[73] William R. Bush,et al. A static analyzer for finding dynamic programming errors , 2000, Softw. Pract. Exp..
[74] Yuanyuan Zhou,et al. Rx: treating bugs as allergies---a safe method to survive software failures , 2005, SOSP '05.
[75] Fred Cohen,et al. Computer viruses—theory and experiments , 1990 .
[76] George Varghese,et al. Automated Worm Fingerprinting , 2004, OSDI.
[77] rey O. Kephart,et al. Automatic Extraction of Computer Virus SignaturesJe , 2006 .
[78] K. J. Bma. Integrity considerations for secure computer systems , 1977 .
[79] Eric van den Berg,et al. A Fast Static Analysis Approach to Detect Exploit Code Inside Network Flows , 2005, RAID.
[80] Nathanael Paul,et al. Where's the FEEB? The Effectiveness of Instruction Set Randomization , 2005, USENIX Security Symposium.
[81] Matthew C. Elder,et al. On computer viral infection and the effect of immunization , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).
[82] Vern Paxson,et al. Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.
[83] Peter Szor,et al. HUNTING FOR METAMORPHIC , 2001 .
[84] Robert Morris,et al. Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.
[85] EvansDavid,et al. Improving Security Using Extensible Lightweight Static Analysis , 2002 .
[86] Ellen W. Zegura,et al. How to model an internetwork , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.
[87] Ravishankar K. Iyer,et al. Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..
[88] Galen C. Hunt,et al. Detours: binary interception of Win32 functions , 1999 .
[89] Yoichi Shinoda,et al. Vulnerabilities of Passive Internet Threat Monitors , 2005, USENIX Security Symposium.
[90] Mary K. Vernon,et al. Mapping Internet Sensors with Probe Response Attacks , 2005, USENIX Security Symposium.
[91] Salvatore J. Stolfo,et al. Anomalous Payload-Based Worm Detection and Signature Generation , 2005, RAID.
[92] Angelos D. Keromytis,et al. Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.
[93] William R. Bush,et al. A static analyzer for finding dynamic programming errors , 2000 .
[94] Samuel T. King,et al. Detecting past and present intrusions through vulnerability-specific predicates , 2005, SOSP '05.
[95] Miguel Castro,et al. Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.
[96] Daniel C. DuVarney,et al. Efficient Techniques for Comprehensive Protection from Memory Error Exploits , 2005, USENIX Security Symposium.
[97] Thomas Henry Ptacek,et al. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .
[98] Navjot Singh,et al. Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.
[99] Edsger W. Dijkstra,et al. Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.
[100] Ravishankar K. Iyer,et al. Defeating memory corruption attacks via pointer taintedness detection , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).
[101] Andrew C. Myers,et al. JFlow: practical mostly-static information flow control , 1999, POPL '99.
[102] James Cheney,et al. Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.
[103] Vern Paxson,et al. The top speed of flash worms , 2004, WORM '04.
[104] Tal Garfinkel,et al. Understanding data lifetime via whole system simulation , 2004 .
[105] Daniel C. DuVarney,et al. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.
[106] Vern Paxson,et al. Very Fast Containment of Scanning Worms , 2004, USENIX Security Symposium.
[107] Karl N. Levitt,et al. SELECT—a formal system for testing and debugging programs by symbolic execution , 1975 .
[108] Jeffrey S. Fenton. Information Protection Systems , 1973 .
[109] David Zhang,et al. Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.
[110] Mark Handley,et al. A scalable content-addressable network , 2001, SIGCOMM '01.
[111] David H. Ackley,et al. Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.
[112] Max Crochemore,et al. The Computer Science and Engineering Handbook , 2004 .
[113] Glynn Winskel,et al. The formal semantics of programming languages - an introduction , 1993, Foundation of computing series.
[114] Niels Provos,et al. A Virtual Honeypot Framework , 2004, USENIX Security Symposium.
[115] Sanjay Bhansali,et al. Framework for instruction-level tracing and analysis of program executions , 2006, VEE '06.
[116] Gregory R. Ganger,et al. Self-Securing Network Interfaces: What, Why and How (CMU-CS-02-144) , 2002 .
[117] Derek Bruening,et al. Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.
[118] George C. Necula,et al. CCured: type-safe retrofitting of legacy code , 2002, POPL '02.
[119] Miguel Castro,et al. Security for Structured Peer-to-peer Overlay Networks , 2004 .
[120] G. Winskel. The formal semantics of programming languages , 1993 .
[121] Herbert Bos,et al. Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.
[122] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .
[123] Zhendong Su,et al. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits , 2005, CCS '05.
[124] Donald F. Towsley,et al. Monitoring and early warning for internet worms , 2003, CCS '03.
[125] David W. Binkley,et al. Program slicing , 2008, 2008 Frontiers of Software Maintenance.
[126] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.
[127] Stefan Savage,et al. Network Telescopes: Technical Report , 2004 .
[128] Stuart Staniford-Chen,et al. Practical Automated Detection of Stealthy Portscans , 2002, J. Comput. Secur..
[129] Andrew C. Myers,et al. Using replication and partitioning to build secure distributed systems , 2003, 2003 Symposium on Security and Privacy, 2003..
[130] Ozalp Babaoglu,et al. ACM Transactions on Computer Systems , 2007 .
[131] Somesh Jha,et al. Efficient Context-Sensitive Intrusion Detection , 2004, NDSS.
[132] Benjamin Livshits,et al. Improving software security with a C pointer analysis , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..
[133] Dorothy E. Denning,et al. A lattice model of secure information flow , 1976, CACM.
[134] David Moore,et al. Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.
[135] Miguel Castro,et al. Can we contain Internet worms , 2004 .
[136] Antony I. T. Rowstron,et al. Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.
[137] D. Avots,et al. Improving software security with a C pointer analysis , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..
[138] Zhenkai Liang,et al. Fast and automated generation of attack signatures: a basis for building self-protecting servers , 2005, CCS '05.
[139] Wenke Lee,et al. Misleading worm signature generators using deliberate noise injection , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[140] John F. Shoch,et al. The “worm” programs—early experience with a distributed computation , 1982, CACM.
[141] Stefan Savage,et al. Inferring Internet denial-of-service activity , 2001, TOCS.
[142] Miguel Castro,et al. Bouncer: securing software by blocking bad input , 2007, SOSP.
[143] David A. Wagner,et al. Finding User/Kernel Pointer Bugs with Type Inference , 2004, USENIX Security Symposium.
[144] Jeffrey S. Fenton. Memoryless Subsystems , 1974, Comput. J..
[145] Stuart E. Schechter,et al. Fast Detection of Scanning Worm Infections , 2004, RAID.
[146] Angelos D. Keromytis,et al. Building a Reactive Immune System for Software Services , 2005, USENIX Annual Technical Conference, General Track.
[147] George C. Necula,et al. Safe kernel extensions without run-time checking , 1996, OSDI '96.
[148] Ronald L. Rivest,et al. Introduction to Algorithms , 1990 .
[149] Bill Cheswick,et al. Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.
[150] Matthew M. Williamson,et al. Throttling viruses: restricting propagation to defeat malicious mobile code , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..
[151] David H. Ackley,et al. Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).
[152] David Evans,et al. Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..
[153] Jeffrey O. Kephart,et al. Directed-graph epidemiological models of computer viruses , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.
[154] Hari Balakrishnan,et al. Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.
[155] Zhenkai Liang,et al. Automatic generation of buffer overflow attack signatures: an approach based on program behavior models , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).
[156] William Cheswick,et al. Firewalls and Internet Security , 1994 .
[157] Paul H. J. Kelly,et al. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs , 1997, AADEBUG.
[158] Nicholas Nethercote,et al. Valgrind: A Program Supervision Framework , 2003, RV@CAV.
[159] Daniel P. W. Ellis,et al. Worms vs. perimeters: the case for hard-LANs , 2004, Proceedings. 12th Annual IEEE Symposium on High Performance Interconnects.
[160] Evangelos Kranakis,et al. DNS-based Detection of Scanning Worms in an Enterprise Network , 2005, NDSS.
[161] Mark Santcroos,et al. Providing Active Measurements as a Regular Service for ISP's , 2001 .
[162] Tzi-cker Chiueh,et al. DIRA: Automatic Detection, Identification and Repair of Control-Hijacking Attacks , 2005, NDSS.
[163] Crispin Cowan,et al. FormatGuard: Automatic Protection From printf Format String Vulnerabilities , 2001, USENIX Security Symposium.
[164] Mark Handley,et al. Exploit hijacking: side effects of smart defenses , 2006, LSAD '06.
[165] Sencun Zhu,et al. SigFree: A Signature-Free Buffer Overflow Attack Blocker , 2010, IEEE Transactions on Dependable and Secure Computing.
[166] Eugene H. Spafford,et al. The internet worm: crisis and aftermath , 1989 .
[167] Thomas W. Reps,et al. Precise interprocedural chopping , 1995, SIGSOFT FSE.
[168] Alexander Aiken,et al. Scalable error detection using boolean satisfiability , 2005, POPL '05.
[169] Murray Hill,et al. Lint, a C Program Checker , 1978 .
[170] Hovav Shacham,et al. On the effectiveness of address-space randomization , 2004, CCS '04.
[171] L. Alvisi,et al. A Survey of Rollback-Recovery Protocols , 2002 .
[172] Alfred V. Aho,et al. Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.
[173] Miguel Castro,et al. Performance and dependability of structured peer-to-peer overlays , 2004, International Conference on Dependable Systems and Networks, 2004.