基于序列比对检测的优化SRE多态蠕虫防御方法
发布时间:2019-01-20 08:49
【摘要】:针对简化正则表达式(SRE)的多态蠕虫防御方法不足以处理蠕虫的不变部分和距离限制等问题,提出一种利用序列比对检测的优化SRE。比对一个序列在另一个序列上编写字符的过程包括3个步骤,即初始化步骤、矩阵填充和回溯步骤。初始化矩阵用于比较两个序列间字符的得分;填充矩阵选择最大数,保持指针指向导出参数的先前得分位置;回溯的每个分支代表一个最优的比对。考虑到上述步骤最大化了匹配总数量,而非匹配连续子串,采用逐对序列比对检测,对最长公共子串(LCS)的字符串进行匹配。评价结果表明,优化SRE方法能够成功获得连续序列,保留了多态蠕虫的所有通配符,相比于Autograph、Polygraph和SRE方法,其生成的特征码更加精确和高效。
[Abstract]:In view of the fact that the polymorphic worm defense method based on simplified regular expression (SRE) is not sufficient to deal with the invariant parts and distance limitation of worms, an optimized SRE. based on sequence alignment detection is proposed. The process of comparing one sequence to another includes three steps: initialization step, matrix filling step and backtracking step. The initialization matrix is used to compare the scores of the characters between the two sequences; the fill matrix selects the maximum number and holds the pointer to the previous score position of the derived parameter; each branch of the backtracking represents an optimal alignment. Considering that the above steps maximize the total number of matches, but not match the continuous substrings, a pair by pair sequence alignment detection is used to match the string of the longest common substring (LCS). The evaluation results show that the optimized SRE method can successfully obtain continuous sequences and retain all wildcard characters of polymorphic worms. Compared with Autograph,Polygraph and SRE methods, the signature generated by the optimized SRE method is more accurate and efficient.
【作者单位】: 成都东软学院计算机科学与技术系;四川师范大学计算机学院;
【基金】:四川省教育厅基金项目(14ZA0366) 中央高校财政专项校级基金项目(2015NYB03)
【分类号】:TP393.08
本文编号:2411869
[Abstract]:In view of the fact that the polymorphic worm defense method based on simplified regular expression (SRE) is not sufficient to deal with the invariant parts and distance limitation of worms, an optimized SRE. based on sequence alignment detection is proposed. The process of comparing one sequence to another includes three steps: initialization step, matrix filling step and backtracking step. The initialization matrix is used to compare the scores of the characters between the two sequences; the fill matrix selects the maximum number and holds the pointer to the previous score position of the derived parameter; each branch of the backtracking represents an optimal alignment. Considering that the above steps maximize the total number of matches, but not match the continuous substrings, a pair by pair sequence alignment detection is used to match the string of the longest common substring (LCS). The evaluation results show that the optimized SRE method can successfully obtain continuous sequences and retain all wildcard characters of polymorphic worms. Compared with Autograph,Polygraph and SRE methods, the signature generated by the optimized SRE method is more accurate and efficient.
【作者单位】: 成都东软学院计算机科学与技术系;四川师范大学计算机学院;
【基金】:四川省教育厅基金项目(14ZA0366) 中央高校财政专项校级基金项目(2015NYB03)
【分类号】:TP393.08
【相似文献】
相关期刊论文 前3条
1 尹曙明;严曲;聂琨坤;高坚;;基于序列比对算法的伪装入侵检测技术[J];计算机工程;2007年24期
2 孙义;胡雨霁;黄皓;;基于序列比对的SQL注入攻击检测方法[J];计算机应用研究;2010年09期
3 刘寿强,潘春华,桂兵祥,吕国斌,墙芳躅;基于工作站机群的PVM系统的序列比对[J];计算机工程;2002年05期
相关硕士学位论文 前1条
1 尹毅;基于序列比对的特征自动提取关键技术研究[D];湖南大学;2008年
,本文编号:2411869
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2411869.html
