|
[1] Clam Anti-Virus signature database, http://www.clamav.net.
[2] Clam Anti-Virus 0.90.3 user manual, http://www.clamav.net.
[3] Clam Anti-Virus, http://zh.wikipedia.org/wiki/ClamAV.
[4] D. E. Knuth, J. H. Morris, and V. R. Pratt, “Fast pattern matching in strings,” TR CS-74-440, Stanford University, Stanford, California, 1974.
[5] R. S. Boyer and J. S. Moore, “A fast string searching algorithm,” Communications of the ACM, Vol. 20, October 1977, pp. 762-772.
[6] A. V. Aho and M. J. Corasick, “Efficient String Matching: An Aid to Bibliographic Search,” Communications of the ACM, Vol. 18, June 1975, pp. 333-340.
[7] B. H. Bloom, “Space/time trade-offs in hash coding with allowable errors,” Communications of the ACM, Vol. 13, no. 7, pp. 422-426, July 1970.
[8] S. Wu and U. Manber, “A fast algorithm for multi-pattern searching,” Technical Report, May 1994.
[9] Y. Miretskiy, A. Das, C. P. Wright, and E. Zadok, “Avfs: An On-Access Anti-Virus File System,” proceedings of the 13th USENIX Security Symposium, 2004.
[10] T. H. Lee, ”Generalized Aho-Corasick Algorithm for Signatures Based Anti-Virus Applications,” ICCCN, August 2007.
[11] D. Moore, C. Shannon, and J. Brown, “Code-Red: a case study on the spread and victims of an Internet worm,”in Proc. ACM/USENIX Internet Measurement Workshop, France, Nov. 2002.
[12] CAIDA. Dynamic graphs of the Nimda worm, http://www.caida.org/dynamic/analysis/security/nimda.
[13] D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, “Inside the Slammer worm,” IEEE Security and Privacy, 1(4): 33-39, July 2003.
[14] S. E. Schechter, J. Jung, and A. W. Berger, “Fast Detection of scanning worm infections,” 7th International Symposium on Recent Advances in Intrusion Detection (RAID), French Riviera, September 2004.
[15] D. Seeley, “A tour of the worm,” in Proc. of the Winter Usenix Conference, San Diego, CA, 1989.
[16] S. Dharmapurikar, P. Krishnamurthy, T. Sproull, and J. Lockwood, “Deep packet inspection using parallel bloom filters,” Symposium on High-Performance Interconnect (HotI), Stanford, CA, pp. 44-51, August 2003.
[17] Creating signatures for ClamAV, http://www.clamav.net.
|