[1] SPITZNER L.Honeypots:catching the insider threat[C]//Proceedings of the 19th Annual Computer Security Applications Conference.Washington D.C.,USA:IEEE Press,2004:15-26. [2] MCGREW R,VAUGHN R B.Experiences with honeypot systems:development,deployment,and analysis[C]//Proceedings of the 39th Ha-waii International International Conference on Systems Science.Washington D.C.,USA:IEEE Press,2006:256-269. [3] FRAUNHOLZ D,ZIMMERMANN M,HAFNER A,et al.Data mining in long-term honeypot data[C]//Proceedings of IEEE International Conference on Data Mining.Washington D.C.,USA:IEEE Press,2017:588-596. [4] QIAO Yanchen,YUN Xiaochun,ZHANG Yongzheng.How to automatically identify the homology of different malware[C]//Proceedings of 2016 IEEE Trust-com/BigDataSE/ISPA.Washington D.C.,USA:IEEE Press,2016:12-36. [5] WANG Liyan,XUE Jingfeng,CUI Yan,et al.Homology analysis method of worms based on attack and propagation features[M]//AVATANGELOU E,DOMMARCO R F,KLEIN M,et al.Communications in computer and information science.Berlin,Germany:Springer,2017:1-15. [6] Shodan.Shodan is the world's first search engine for Internet-connected devices[EB/OL].[2020-02-15].https://www.shodan.io/. [7] ICS security workspace[EB/OL].[2020-02-15].http://plcscan.org/blog/. [8] SAVAGE S,WETHERALL D,KARLIN A,et al.Practical network support for IP traceback[J].IEEE/ACM Transactions on Networking,2002,9(3):226-237. [9] SNOEREN A C,PARTRIDGE C,SANCHEZ L A,et al.Singlepacket IP traceback[J].IEEE/ACM Transactions on Networking,2002,10(6):721-734. [10] TAO Yaodong,LI Ning,ZENG Guangsheng.Overview of industrial control system security[J].Computer Engineering and Applications,2016,52(13):8-18.(in Chinese)陶耀东,李宁,曾广圣.工业控制系统安全综述[J].计算机工程与应用,2016,52(13):8-18. [11] GUARNIZO J D,TAMBE A,BUNIA S S,et al.SIPHON:to-wards scalable high-interaction physical honeypots[C]//Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security.New York,USA:ACM Press,2017:26-39. [12] KREIBICH C,CROWCROFT J.Honeycomb-creating intrusion detection signatures using honeypots[J].Computer Communication Review,2004,34(1):51-56. [13] YEGNESWARAN V,GIFFIN J T,BARFORD P,et al.An architecture for generating semantics-aware signatures[C]//Proceedings of Conference on Usenix Security Symposium.[S.l.]:USENIX Association,2005:97-112. [14] POUGET F,DACIER M.Honeypot-based forensics[EB/OL].[2020-02-15].http://pdfs.semanticscholar.org/935e/d80c40367c8ccf2155fe66e3e52bc0fcdaad.pdf. [15] JIA Z,CUI X,LIU Q,et al.Micro-honeypot:using browser fingerprinting to track attackers[C]//Proceedings of 2018 IEEE International Conference on Data Science in Cyberspace.Washington D.C.,USA:IEEE Press,2018:197-204. [16] LI K,YOU J,WEN H,et al.Collaborative intelligence analysis for industrial control systems threat profiling[C]//Proceedings of Future Technologies Conference.Berlin,Germany:Springer,2018:152-189. [17] DACIER M,PHAM V H,THONNARD O.The wombat attack attribution method:some results[C]//Proceedings of International Conference on Information Systems Security.Berlin,Germany:Springer,2009:12-26. [18] SHANG Wenli,ZENG Peng,WAN Ming,et al.Intrusion detection algorithm based on OCSVM in industrial control system[J].Security and Communication Networks,2016,9(10):1040-1049. [19] MOORE A W,ZUEV D.Internet traffic classification using Bayesian analysis techniques[J].ACM SIGMETRICS Performance Evaluation Review,2005,33(1):50-56. [20] ZHAO Yonghan,CHEN Bin,LI Mengyu.Parallel K-Medoids improved algorithm based on MapReduce[C]//Proceedings of 2018 International Conference on Advanced Cloud and Big Data.Washington D.C.,USA:IEEE Press,2018:156-168. [21] TAO Jing.Clustering-based and density outlier detection method[D].Guangzhou:South China University of Technology,2014.(in Chinese)陶晶.基于聚类和密度的离群点检测方法[D].广州:华南理工大学,2014. [22] AbuseIPDB.Making the Internet safer,one IP at a time[EB/OL].[2020-02-15].https://www.abuseipdb.com/. [23] IPVOID.IP address tools online[EB/OL].[2020-02-15].https://www.ipvoid.com/ip-blacklist-check/. [24] IBMX-Force Exchange.IBM security[EB/OL].[2020-02-15].https://exchange.xforce.ibmcloud.com. [25] LUKAS K,KRUPP J,MAKITA D,et al.AmpPot:monitoring and defending against amplification DDoS attacks[EB/OL].[2020-02-15].https://christian-rossow.de/publications/amppot-raid2015.pdf. [26] Censys.Actionable security insights about your attack surface[EB/OL].[2020-02-15].https://censys.io/. |