基于Muscle的攻击特征自动提取方法研究

发布时间：2018-07-28 07:08

【摘要】：摘要：随着网络攻击日益增多,各种变形、多态技术大量出现,单纯依靠安全专家根据事后分析获取攻击特征,会造成新攻击检测严重滞后。攻击特征自动提取技术能快速准确的提取攻击特征,保障网络环境的安全可靠。本文分析了现有的攻击特征自动提取方法,总结特征提取所面临的问题和发展方向,对序列比对在攻击特征自动提取中的应用进行了研究。 Needleman-Wunsch (NW)算法应用于特征提取时会出现碎片问题,本文提出的INW算法通过改进双序列比对的相似度得分函数来减少碎片,获取更有语义信息的子序列串。NJ算法是一种常用的进化树构建方法,但该算法存在进化树不确定问题,本文提出了INJ算法,当共同拥有最小速率校正距离的序列对间没有公共序列时则同时加入多组序列对,否则通过对比序列的次最小速率校正距离和序列距离来选择此次加入进化树的序列对。实验结果表明,INW算法得到的字符特征碎片较少,连续性更高,而与NJ算法相比,INJ算法能得到唯一、正确的进化树。 Muscle算法是一种高效的综合渐进和迭代比对的多序列比对算法,但具体运用到攻击特征提取时,算法会出现进化树不确定、产生碎片、不能消除噪声干扰等问题,本文提出了其改进算法-IMuscle。 IMuscle算法分为粗比对、改进的渐进式比对和迭代改进三个阶段。粗比对时,对差异性较大的序列和不满足有效攻击数据流特点的序列作为噪声进行消除,减少噪声对结果的干扰；将INW和INJ算法运用于双序列比对和进化树构建中,从而获得更有意义的攻击特征；在改进的渐进式比对中,因Kimura距离受生物遗传模型影响较大,本文用归一化距离代替Kimura模型重新计算距离矩阵。实验结果表明：IMuscle算法具有较好的抗噪能力,得到的比对结果能更准确地表达攻击特征。图25幅,表12个,参考文献54篇。
[Abstract]:Absrtact: with the increasing number of network attacks, all kinds of deformation, polymorphic techniques appear in large numbers, relying solely on security experts to obtain attack characteristics according to hindsight analysis, will cause serious delay in new attack detection. Automatic extraction of attack features can extract attack features quickly and accurately, and ensure the security and reliability of the network environment. In this paper, the existing methods of automatic extraction of attack features are analyzed, and the problems and developing directions of feature extraction are summarized. In this paper, the application of sequence alignment in automatic extraction of attack features is studied. When Needleman-Wunsch (NW) algorithm is applied to feature extraction, fragmentation will occur. The INW algorithm proposed in this paper reduces fragments by improving the similarity score function of double sequence alignment. The sub-sequence string. NJ algorithm, which has more semantic information, is a common evolutionary tree construction method, but it has the problem of evolutionary tree uncertainty. In this paper, INJ algorithm is proposed. When there is no common sequence between sequence pairs with minimum rate correction distance, multiple sequence pairs are added at the same time. Otherwise, the sequence pair added to the evolutionary tree is selected by comparing the sub-minimum rate correction distance and the sequence distance of the sequence. The experimental results show that the INW algorithm has less character feature fragments and higher continuity than NJ algorithm. The correct evolutionary tree. Muscle algorithm is an efficient multi-sequence alignment algorithm that synthesizes evolutionary and iterative alignment, but when applied to attack feature extraction, the evolutionary tree is uncertain and fragments are generated. This paper presents an improved algorithm-IMuscle. which can not eliminate noise interference and so on. IMuscle algorithm is divided into three stages: coarse alignment, improved incremental alignment and iterative improvement. In rough alignment, the noise is eliminated for the sequences which are not satisfied with the characteristics of the effective attack data stream, and the INW and INJ algorithms are used in the construction of the double sequence alignment and evolutionary tree. In the improved incremental alignment, the Kimura distance is greatly affected by the biological genetic model, so the normalized distance is used instead of the Kimura model to calculate the distance matrix again in this paper. The experimental results show that the weight IMuscle algorithm has a better ability to resist noise, and the comparison results can express the attack features more accurately. 25 figures, 12 tables, 54 references.
【学位授予单位】：中南大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】