期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Zero-day多态蠕虫特征自动提取技术研究 被引量:2

Research of Automatic Signature Generation Technology for Zero-day Polymorphic Worms
在线阅读 下载PDF
导出
摘要 基于特征的入侵检测系统是检测Zero-day多态蠕虫的重要手段,如何快速准确的自动提取出蠕虫特征是防御的关键。针对Needleman-Wunsch算法容易造成局部特征片段损失问题,本文提出一种两阶段多序列比对算法TsMSA(Two-stage Multiple Sequence Alignment)的Zero-day多态蠕虫的特征自动提取方法。该方法对每一类多态蠕虫样本数据利用TsMSA算法进行序列比对,识别出此类蠕虫的保守特征片段,然后将其转化为标准IDS规则,用于后期防御。实验结果表明,基于TsMSA算法的Zero-day多态蠕虫特征自动提取方法,能有效提高提取特征的质量,降低误报率。 The most popular and effective approach to detect polymorphic worms is signature-based detection,such as IDS.Consequently,it is crucial to extract signatures quickly and effectively for defending polymorphic worms.In order to?solve the shortage of local effective signature losses during the process of using Needleman-Wunsch algorithm,this paper proposes a new automatic signature generation method for Zero-day polymorphic worms based Two-stage Multiple Sequence Alignment algorithm.The polymorphic worm sample sequence is aligned with each other by the proposed TsMSA algorithm,and then,this method identifies conservative signature segments,and changes it into standard IDS rules for subsequent?defending.Experiment results indicate that the automatic signature generation method for Zero-day polymorphic worms based TsMSA algorithm can improve the quality of worms ' signature highly,and exhibit low false positives.
作者 祝仰金 秦拯
机构地区 湖南大学计算机与通信学院 湖南大学软件学院
出处 《微计算机信息》 2011年第1期190-192,共3页 Control & Automation
基金 基金申请人:秦拯 项目名称:基于生物序列比对的攻击特征提取方法 基金颁发部门:湖南省自然科学基金委(09JJ3124)
关键词 入侵检测 特征提取 序列比对 多态蠕虫 intrusion detection signature generation sequence alignment polymorphic worms
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1Z. Li, M. Sanghi, Y. Chen, et al. Chavez. Hamsaz Fast signature generation for zero--day polymorphic worms with provable attack resilience. In: Proceedings - 2006 IEEE S&P. New York, 2006, 32-46.
  • 2曲晶莹,余翔湛,徐锐.基于GTNetS的蠕虫模拟[J].微计算机信息,2009,25(3):31-32. 被引量:1
  • 3C. Kreibich and J. Crowcroft. Honeycomb - creating intrusion detection signatures using honeypots. Computer Communication Review. 2004, 34(1): 51-56.
  • 4Brumley David, Newsome James, Song Dawn, et al. Towards automatic generation of vulnerability-based signatures. In: Proc of the 2006 IEEE S&P. California, 2006, 2-16.
  • 5J. Newsome, B. Karp, and D. Song. Polygraph: automatically generating signatures for polymorphic worms. In: Proc of the 2005 IEEE S&P. Oakland, 2005, 226-241.
  • 6Yong Tan g, Bin Xiao, Xicheng Lu, Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms. Computers & Security. 2009.
  • 7Needleman S. B, Wunsch C. D. A general method applicable to the search for similarities in the amino acid sequence of two proteins. Journal of Molecular Biology, 1970, 48 (3): 443-453.
  • 8Smith F. F, Waterman M. S. Identification of common molecular subsequences. Journal of Molecular Biology, 1981, 147 (1):195-197.
  • 9秦拯,尹毅,陈飞杨,陈薇娜,董锐,王泽平.基于序列比对的攻击特征自动提取方法[J].湖南大学学报(自然科学版),2008,35(6):77-81. 被引量:8
  • 10ADMmutate. http://www.kiwo.ca/ADMmutate-0.8.4.tar.gz, 2009.

二级参考文献21

  • 1王琦,吴冰,云晓春.分布式蠕虫蜜罐部署策略分析[J].微计算机信息,2007,23(3):65-67. 被引量:5
  • 2唐勇,卢锡城,胡华平,朱培栋.基于多序列联配的攻击特征自动提取技术研究[J].计算机学报,2006,29(9):1533-1541. 被引量:25
  • 3GTNetS-Home [EB/OL]. http://www.ece.gatech.edu/research/ labs/MANIACS/GTNetS/index.html
  • 4George F. Riley. The Georgia Tech Network Simulator [A]. Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research[C]. Karlsruhe Germany, 2003.
  • 5George F. Riley, Monirul I. Sharif, Wenke Lee. Simulating Internet worms [A]. Proceedings of IEEE Computer Society's 12th Annual International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems [C]. United States, 2004.
  • 6VINOD Y, JONATHON T, SOMESH J. An architecture for generating semantics-aware signatures[ C]//Proc of Usenix Security Symposium. Baltimore: USENIX Press, 2005 : 97 - 112.
  • 7WATERMAN M S. Introduction to Computational Biology[M].London: Chapman and Hall, 1995:80-81.
  • 8PIOTR K. Automated extraction of threat signatures from network flows[ C]//Proc of the 18th Annual FIRST Conference. Baltimore: CERT, 2006 : 261 - 271.
  • 9KREIBICH C, CROWCROFT J. Honeycomb creating intrusion detection signatures using honeypot[ C]//Proc of the 2nd Workshop on Hot Topics in Networks. Boston: HotNets-Ⅱ, 2003 : 51 -56.
  • 10SMITH F F, WATERMAN M S. Identification of common molecular subsequences [ J ]. Journal of Molecular Biology, 1981, 147 (1) : 195- 197.

共引文献7

同被引文献7

引证文献2

微计算机信息
2011年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部