| 基于种子—扩充的多态蠕虫特征自动提取方法 |
| |
| 引用本文: | 汪洁,何小贤.基于种子—扩充的多态蠕虫特征自动提取方法[J].通信学报,2014,35(9):12-19. |
| |
| 作者姓名: | 汪洁 何小贤 |
| |
| 作者单位: | 中南大学信息科学与工程学院,湖南长沙,410083 |
| |
| 基金项目: | 国家自然科学基金资助项目(61202495) |
| |
| 摘 要: | 提出基于种子扩充的多态蠕虫特征自动提取方法SESG.SESG算法首先按序列的权重大小将其放入一个队列,然后依次对队列中的种子序列进行扩充,从而对各类蠕虫以及噪音序列进行分类,并从分类后的蠕虫序列中提取其特征.测试结果表明,SESG算法能够在包含噪音的可疑池中很好地区分各类蠕虫序列,更易于提取有效的蠕虫特征.
|
| 关 键 词: | 信息安全 种子扩充算法 多态蠕虫 蠕虫检测 蠕虫特征 |
Automated polymorphic worm signature generation
approach based on seed-extending |
| |
| WANG Jie
,
HE Xiao-xian.Automated polymorphic worm signature generation
approach based on seed-extending[J].Journal on Communications,2014,35(9):12-19. |
| |
| Authors: | WANG Jie HE Xiao-xian |
| |
| Affiliation: | School of Information Science and Engineering,Central South University,Changsha 410083,China |
| |
| Abstract: | A polymorphic worm signature generation approach based on seed-extending, SESG, was proposed. Firstly, algorithm SESG puts all sequences into a queue based on their weight. Seed sequence in the queue is extended, and all kinds of worm sequences and noise sequences are classified. Finally, worm signature is generated from classified worm sequences. Experiments are run to test SESG and compared with other approaches. Experiment results show that SESG can classify worm sequences and noise sequences from suspicious flow pool over other existed approaches, which can generate effective worm signature more easily. |
| |
| Keywords: | information security seed-extending algorithm polymorphic worm worm detection worm signature |
|
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|
