Books
  1. William Cheswick, Steven Bellovin, Aviel Rubin, Firewalls and Internet Security, 2nd Edition, Addison Wesley
  2. Richard Bejtlich, The Tao of Network Security Monitoring, Addison Wesley
  3. Bob Toxen, Real World Linux Security, 2nd Edition, Prentice Hall
  4. Bruce Middleton, Cyber Crime Investigator's Field Guide, 2nd Edition, Auerbach Publications
IP Traceback and Attack Attribution
  1. K. Shanmugasundaram, et al, Payload Attribution via Hierarchical Bloom Filters, in Proceedings of the ACM CCS 2004.
  2. A. Belenky and N. Ansari, Ip traceback with deterministic packet marking, IEEE COMMUNICATIONS LETTERS, vol. 7, no. 4, pp. 162每164, Apr. 2003.
  3. Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Beverly Schwartz, Stephen T. Kent, and W. Timothy Strayer, Single-Packet IP Traceback, IEEE/ACM Transactions on Networking (ToN), Volume 10, Number 6, pp. 721-734, December 2002.
  4. Micah Adler, Tradeoffs in Probabilistic Packet Marking for IP Traceback, in Proceedings of 34th ACM Symposium on Theory of Computing (STOC) 2002.
  5. D. Song and A. Perrig, Advanced and authenticated marking schemes for ip traceback, in Proc. of IEEE INFOCOMM 2001, Apr. 2001.
  6. K. Park and H. Lee, On the effectiveness of probabilistic packet marking for ip traceback under denial of service attack, in Proc. of IEEE INFOCOM 2001, Mar. 2001.
  7. X. Wang, D. S. Reeves, S. F. Wu, and J. Yuill, Sleepy watermark tracing: An active network-based intrusion response framework, in Proceedings of 16th InternatConference on Information Security (IFIP/Sec*01), Paris, France, June 2001.
  8. M. F. D. Dean and A. Stubblefield, An algebraic approach to ip traceback, in Network and Distributed System Security Symposium (NDSS *01), Feb. 2001.
  9. K. Yoda and H. Etoh, Finding a connection chain for tracing intruders, in Proceedings of the 6th European Symposium on Research in Computer Security (ESORICS 2000), Toulouse, France, Oct. 2000.
  10. Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, Practical Network Support for IP Traceback, Proceedings of the 2000 ACM SIGCOMM Conference, pp. 295-306, Stockholm, Sweden, August 2000.
  11. Steve Bellovin, ICMP Traceback Messages, Network Working Group Internet Draft, 2000.
  12. A. Blum, D. Song, and S. Venkataraman, Detection of interactive steping stones: Algorithms and confidence bounds, in 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004), Sophia Antipolis, France, Sept. 2004.
  13. W. T. Strayer, C. E. Jones, I. Castineyra, J. B. Levin, and R. R. Hain, An integrated architecture for attack attribution, BBN Technologies, Tech. Rep. BBN REPORT-8384, Dec. 2003.
  14. X. Wang and D. S. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays, in Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), Washington DC, USA, Oct. 2003.
  15. X. Wang, D. S. Reeves, and S. F. Wu, Inter-packet delay based correlation for tracing encrypted connections through stepping stones, in Proceedings of the 7th European Symposium on Research in Computer Security (ESORICS 2002), Zurich, Switzerland, pp. 244每263, Oct. 2002.
  16. D. L. Donoho, A. G. Flesia, U. Shankar, V. Paxson, J. Coit, and S. Staniford, Multiscale stepping-stone detection: Detecting pairs of jittered interactive streams by exploiting maximum tolerable delay, in Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), Zurich, Switzerland, Oct. 2002.
  17. Y. Zhang and V. Paxson, Detecting stepping stones, in Proceedings of the 9th USENIX Security Symposium, Denver, USA, pp. 171每184, Aug. 2000.
  18. L. Zhang, A. Persaud, A. Johnson and Y. Guan, Detection of Stepping Stone Attack under Delay and Chaff Perturbations, in Proceedings of IPCCC, 2006
  19. S. Huang, R. Lychev and J. Yang, Stepping-Stone Detection via Request-Response Traffic Analysis, Autonomic and Trusted Computing (ATC), 2007
VoIP Security
  1. R. Kuhn, T. Walsh, and S. Fries, Security Considerations for Voice Over IP Systems, NIST Special Publication 800-58, January 2005.
  2. X. Wang, S. Chen, and S. Jajodia, Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet, in Proceedings of ACM CCS, 2005.
Multimedia Forensics and Multicast Fingerprinting
  1. H. Chu, L. Qiao, and K Nahrstedt, "A secure multicast protocol with copyright protection," Proceedings IS&T/SPIE Symposium on Electronic Imaging: Science and Technology, San Jose, CA, Jan. 1999.
  2. B. Briscoe and I. Fairman, "Nark: Receiver-based multicast non-repudiation and key management," ACM Conference on Electronic Commerce, Denver, CO, Nov. 1999.
  3. I. Brown, C. Perkins, and J. Crowcroft, "Watercasting: Distributed watermarking of multicast media," Network Group Communication, Pisa, Italy, pp. 286-300, Nov. 1999.
  4. P. Judge and M. Ammar, "WHIM: Watermarking multicast video with a hierarchy of intermediaries," Proc. NOSSDAC, Chapel Hill, NC, Jun. 2000.
  5. R. Parviainen and P. Parnes, "Large scale distributed watermarking of multicast media through encryption," in Proc. of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security Issues of the New Century, vol. 64, pp. 149每158, 2001.
  6. P. Judge and M. Ammar, "Security issues and solutions in multicast content distribution: a survey," IEEE Network, Jan./Feb. 2003.
  7. W. Trappe, M. Wu, Z.J. Wang, and K.J.R. Liu, §Anti-Collusion Fingerprinting for Multimedia§, IEEE Trans. on Signal Processing, vol 51, no 4, pp.1069-1087, special issue on Signal Processing for Data Hiding in Digital Media and Secure Content Delivery, April 2003.
  8. A. Eskicioglu, "Multimedia security in group communications: Recent progress in key management, authentication and watermarking," ACM Multimedia Systems, Special Issue on Multimedia Security 9, pp. 239每248, Sep. 2003.
  9. M. Wu, W. Trappe, Z.J. Wang, and K.J.R. Liu, §Collusion-Resistant Fingerprinting for Multimedia§, IEEE Signal Processing Magazine, Special Issue on Digital Rights: Management, Protection, Standardization, vol 21, no 2, pp.15-27, March 2004.
  10. Z.J.Wang, M.Wu, W. Trappe, and K.J.R. Liu, §Group-Oriented Fingerprinting for Multimedia Forensics§, EURASIP Journal on Applied Signal Processing, Special Issue on Multimedia Security and Rights Management, 2004:14, pp.2142-2162, Nov 2004.
  11. H. Zhao and K. J. R. Liu, "Bandwidth efficient fingerprint multicast for video streaming," IEEE Int. Conf on Acoustics, Speech and Signal Processing, May 2004.
  12. H. Zhao and K. J. R. Liu, "A secure multicast scheme for anti-collusion fingerprinted video," Global Telecommunications Conference, 2004.
  13. H. Zhao, M. Wu, Z.J. Wang, and K.J.R. Liu, §Forensic Analysis of Nonlinear Collusion Attacks for Multimedia Fingerprinting§, IEEE Trans. on Image Processing, vol 14, no 5, pp.646-661, May 2005.
  14. Z.J. Wang, M. Wu, H. Zhao, W. Trappe, and K.J.R. Liu, §Anti-Collusion Forensics of Multimedia Fingerprinting Using Orthogonal Modulation§, IEEE Trans. on Image Processing, June 2005.
  15. H.V. Zhao and K.J.R. Liu, §Fingerprint Multicast for Secure Video Streaming§, to appear, IEEE Trans. on Image Processing.
Intrusion Detection and Response
Survey
  1. H. Debar, M. Dacier, and A. Wespi, A Revised Taxonomy for Intrusion-Detection Systems, Research Report of IBM Zurich Research Lab, 1999.
  2. T. Lunt, Detecting Intruders in Computer Systems, 1993.
  3. J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, and E. Stoner, State of the Practice of Intrusion Detection Technologies. 1999.
  4. S. Axelsson, Research in Intrusion Detection Systems: A Survey, 1999.
  5. A. Sundaram, An Introduction to Intrusion Detection, 1996.
  6. R.A. Kemmerer, G. Vigna, An Introduction to Intrusion Detection, 2002.
  7. J. Frank, Artificial Intelligence and Intrusion Detection: Current and Future Directions, 1994.
General Model
  1. D. Denning, An Intrusion-Detection Model, 1986.
  2. P. Helman and G. Liepins, Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse, 1993.
  3. S. Axelsson, The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection, 1998.
  4. W. Lee and D. Xiang, Information-Theoretic Measures for Anomaly Detection, 2001.
  5. R. Maxion and K. M. C Tan, Benchmarking Anomaly-Based Detection Systems, 2000.
Detection Method
  1. U. Lindqvist and P. A. Porras, Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST), 1999.
  2. S. Kumar and E. H. Spafford, An Application of Pattern Matching in Intrusion Detection, 1994.
  3. K. Ilgun, R. A. Kemmerer, and P. A. Porras, State Transition Analysis: A Rule-Based Intrusion Detection Approach, 1995.
  4. C. Y. Chung, M. Gertz, and K. Levitt, DEMIDS: A Misuse Detection System for Database Systems, 1999.
  5. H. S. Javitz and A. Valdes, The SRI IDES Statistical Anomaly Detector, 1991.
  6. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, A Sense of Self for Unix Processes, 1996.
  7. C. Ko, M. Ruschitzka, and K. Levitt, Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach, 1997.
  8. D. Wagner and D. Dean, Intrusion Detection via Static Analysis, 2001.
  9. R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni, A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors, 2001.
Learning (or Data Mining) Based Approaches
  1. C. Warrender, S. Forrest, and B. Perlmutter, Detecting Intrusion Using System Calls: Alternative Data Models, 1999.
  2. A. Valdes and K. Skinner, Probabilistic Alert Correlation, 2000.
  3. W. Lee and S. J. Stolfo, A Framework for Constructing Features and Models for Intrusion Detection Systems, 2000.
  4. C. Ko, Logic Induction of Valid Behavior Specifications for Intrusion Detection, 2000.
  5. T. Lane and C. E. Brodley, Temporal Sequence Learning and Data Reduction for Anomaly Detection, 1999.
Implementation Issues
  1. B. Mukherjee, L. T. Heberlein, and K. N. Levitt, Network Intrusion Detection, 1994.
  2. V. Paxson, Bro: A System for Detecting Network Intruders in Real-Time, 1999.
  3. T. H. Ptacek and T. N. Newsham, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, 1998.
  4. M. Handley and V. Paxson, Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics, 2001.
  5. F. Kerschbaum, E. H. Spafford, and D. Zamboni, Using Embedded Sensors for Detecting Network Attacks, 2000.
  6. P. A. Porras and A. Valdes, Live Traffic Analysis of TCP/IP Gateways, 1998.
  7. J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff, E. H. Spafford, and D. Zamboni, An Architecture for Intrusion Detection Using Autonomous Agents, 1998.
  8. S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, J. Rowe, S. Staniford, R. Yip, D. Zerkle, The Design of GrIDS: A Graph-Based Intrusion Detection System, 1999.
  9. W. Lee, W. Fan, M. Miller, S. Stolfo, and E. Zadok, Toward Cost-Sensitive Modeling for Intrusion Detection and Response, 2001.
  10. G. H. Kim and E. H. Spafford, Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection, 1994.
Evaluation Issues
  1. N. J. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson, A Methodology for Testing Intrusion Detection Systems, 1996.
  2. R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. P. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman, Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation, 2000.
  3. R. P. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, The 1999 DARPA Off-line Intrusion Detection Evaluation, 2000.
  4. John McHugh, Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Off-line Intrusion Detection System Evaluation as Performed by Lincoln Laboratory, 2000.
  5. K. Kendall, A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems, 1999.
  6. K. Das, Attack Development for Intrusion Detection Evaluation, 2000.
Stegnography and Stegoanalysis
  1. Ross J. Anderson and Fabien A. P. Petitcolas, INFORMATION HIDING: AN ANNOTATED BIBLIOGRAPHY, 1999.
  2. Ross Anderson, Fabien A.P. Petitcolas, On The Limits of Steganography, 1998.
  3. Christian Cachin, An Information-Theoretic Model for Steganography, 2001.
  4. Niels Provos, Defending Against Statistical Steganalysis, 2001.
  5. S. Voloshynovskiy, F. Deguillaume, O. Koval and T. Pun, Information-Theoretic Data-Hiding for Public Network Security, Services Control and Secure Communications
  6. K. Ahsan and D. Kundur, Practical Data Hiding in TCP/IP, Workshop on Multimedia and Security at ACM Multimedia 2002
  7. D. Kundur and K. Ahsan, Practical Internet Steganography: Data Hiding in IP, 2002
Anonymity
  1. David Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, CACM, v. 24, n. 2, pp. 84-88, 1981.
  2. David Chaum, The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability, Journal of Cryptology 1/1, pp. 65-75, 1988.
  3. Wei Dai, Pipenet, PipeNet 1.1, http:/www.eskimo.com/~weidai/pipenet.txt.
  4. E. Gabber, P. B. Gibbons, Y. Matias, and A. Mayer, How to make personalized web browing simple, secure, and anonymous, Proceedings of Financial Cryptography'97-LNCS 1318. Springer-Verlag, 1997.
  5. I. Goldberg and A. Shostack, Freedom network 1.0 architecture and protocols, http://www.freedom.net/info/freedompapers/index.html, 1999.
  6. Michael Reiter and Aviel Rubin, Anonymous Webtransactions with Crowds, ACM Transactions on Information and System Security, v. 1, n. 1, pp. 66-92, 1998.
  7. Sharad Goel, Mark Robson, Milo Polte, Emin G邦n Sirer. Herbivore: A Scalable and Efficient Protocol for Anonymous Communication. Cornell University Computing and Information Science Technical Report, TR2003-1890, February 2003.
  8. P. Syverson, D. Goldschlag, and M. Reed, Anonymous Connections and Onion Routing, Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, IEEE CS Press, pp. 44-54, May 1997.
  9. Adam Back, Ulf M?ller, and Anton Stiglic, Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems, Lecture Notes in Computer Science, No. 2137, pp. 245, 2001.
  10. Wakaha Ogata, Kaoru Kurosawa, Kazue Sako, and Kazunori Takatani, Fault Tolerant Anonymous Channel, Proceedings of the First International Conference on Information and Communication Security, pp. 440-444, 1997.
  11. Ceki G邦lc邦 and Gene Tsudik, Mixing Email with Babel, Proceedings of the 1996 Symposium on Network and Distributed System Security, 1996..
  12. Clay Shields and Brian Neil Levine, A Protocol for Anonymous Communication Over the Internet, Proceedings of the 7th ACM Conference on Computer and Communication Security, Athens, Greece, Nov. 1-4, 2000.
  13. Rob Sherwood, Bobby Bhattacharjee, and Aravind Srinivasan, P5: A Protocol for Scalable Anonymous Communication, IEEE Symposium on Security and Privacy, 2002.
  14. Michael Freedman, Emil Sit, Josh Cates, and Robert Morris, Introducing Tarzan, a Peer-to-Peer Anonymizing Network Layer, the First International Workshop on Peer-to-Peer Systems, 2002.
  15. Roger Dingledine, A Position Paper for Tarzan: a Decentralized Stream-based Anonymizing Network, 2003.
  16. George Danezis, Roger Dingledine, David Hopwood, and Nick Mathewson, Mixminion: Design of a Type III Anonymous Remailer, 2003 IEEE Symposium on Security and Privacy.
  17. Amos Beimel and Shlomi Dolev, Buses for Anonymous Message Delivery, Second International Conference on FUN with Algorithms, pages 1--13, 2001.
  18. Ian Goldberg and David Wagner, TAZ Servers and the Rewebber Network. Enabling Anonymous Publishing on the World Wide Web, First Monday, vol 3 no 4, available at http://www.firstmonday.dk/issues/issue3_4/goldberg/index.html, 1998.
  19. Yong Guan, Xinwen Fu, Riccardo Bettati, and Wei Zhao, "An Optimal Strategy for Anonymous Communication Protocols," in Proceedings of the 22nd IEEE International Conference on Distributed Computing Systems (ICDCS 2002), accepted.
  20. D. Chaum, The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability, Journal of Cryptology , 1/1, 1988, pp. 65-75.
  21. Michael Waidner and Birgit Pfitzmann. Unconditional sender and recipient untraceability in spite of active attacks---some remarks. Technical report, Fakultat fur Informatik, Universitat Karlsruhe, 1989.
  22. H. Kikuchi, A. Fujioka, K. Seo, Anonymous Communication Using Secret Sharing Scheme, In Proc. of the 1998 Symposium on Cryptography and Information Security , SCIS 98-5.3.F, Jan 1998.
  23. H. Kikuchi, Sender and Recipient Anonymous Communication without Public Key Encryption, In IPSJ SIG Notes, 98-CSEC-1, pp.41-46, May 1998.
  24. Michael Waidner. Unconditional sender and recipient untraceability in spite of active attacks. In Eurocrypt '89, volume Lecture Notes in Computer Science of 434, pages 302--319. Springer-Verlag, 1989.
  25. J. Bos and B. den Boer. Detection of disrupters in the DC protocol. In Lecture Notes in Computer Science 434 (Eurocrypt '89). Springer-Verlag, 1989.
  26. M. Waidner and B. Pfitzmann, The dining cryptographers in the disco: Unconditional sender and recipient untraceability with computationally secure serviceability, in Eurocrypt'89, vol. 434, LNCS, Springer-Vertag, 1990.
  27. B. N. Levine, M. K. Reiter, C. Wang and M. Wright, Timing attacks in low-latency mix systems, In Financial Cryptography: 8th International Conference, FC 2004.
  28. Michael K. Reiter and Xiaofeng Wang, Fragile Mixing, ACM CCS 2004.
Pseudonymity, P3P, and Various Camouflaging Techniques
  1. L. Cranor, M. Arjula and P. Guduru, Use of a P3P User Agent by Early Adopters. in Proceedings of the ACM Workshop on Privacy in the Electronic Society, November 21, 2002, Washington, DC.
  2. Platform for Privacy Preferences (P3P) Project, http://www.w3.org/P3P/, 2002.
  3. Anna Lysyanskaya, Ronald L. Rivest, Amit Sahai, Stefan Wolf, Pseudonym Systems, Selected Areas in Cryptography 1999, Lecture Notes in Computer Science.
  4. Yong Guan, Xinwen Fu, Dong Xuan, Prashanth Shenoy, Riccardo Bettati, and Wei Zhao, ``NetCamo: Camouflaging Network Traffic for QoS-Guaranteed Mission Critical Applications," in IEEE Transactions on System, Man, and Cybernetics, Special Issue on Information Assurance, Vol. 31, No. 4, July 2001.
  5. Xinwen Fu, Yong Guan, Riccardo Bettati, and Wei Zhao, "Hiding Role Assignment for Mission Critical Collaborative Systems," in Quality and Reliability Engineering International, Special Issue on Computer Network Security, 2002.
Miscellany
  1. Jason Beckett, Jill Slay and Benjamin Turnbull, Forensics Computing: Developing the Specialist Expertise within the CS Curriculum , Proceedings of the 10th Colloquium for Information Systems Security Education, Adelphi, MD 2006 (link)
  2. Alex Yasinsac, Robert Erbacher, Donald Marks, Mark Pollitt and Peter Sommer, Computer Forensics Education (link)