检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]湖南大学计算机与通信学院,410082 [2]湖南大学软件学院,410082
出 处:《微计算机信息》2011年第1期190-192,共3页Control & Automation
基 金:基金申请人:秦拯;项目名称:基于生物序列比对的攻击特征提取方法;基金颁发部门:湖南省自然科学基金委(09JJ3124)
摘 要:基于特征的入侵检测系统是检测Zero-day多态蠕虫的重要手段,如何快速准确的自动提取出蠕虫特征是防御的关键。针对Needleman-Wunsch算法容易造成局部特征片段损失问题,本文提出一种两阶段多序列比对算法TsMSA(Two-stage Multiple Sequence Alignment)的Zero-day多态蠕虫的特征自动提取方法。该方法对每一类多态蠕虫样本数据利用TsMSA算法进行序列比对,识别出此类蠕虫的保守特征片段,然后将其转化为标准IDS规则,用于后期防御。实验结果表明,基于TsMSA算法的Zero-day多态蠕虫特征自动提取方法,能有效提高提取特征的质量,降低误报率。The most popular and effective approach to detect polymorphic worms is signature-based detection,such as IDS.Consequently,it is crucial to extract signatures quickly and effectively for defending polymorphic worms.In order to?solve the shortage of local effective signature losses during the process of using Needleman-Wunsch algorithm,this paper proposes a new automatic signature generation method for Zero-day polymorphic worms based Two-stage Multiple Sequence Alignment algorithm.The polymorphic worm sample sequence is aligned with each other by the proposed TsMSA algorithm,and then,this method identifies conservative signature segments,and changes it into standard IDS rules for subsequent?defending.Experiment results indicate that the automatic signature generation method for Zero-day polymorphic worms based TsMSA algorithm can improve the quality of worms ' signature highly,and exhibit low false positives.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28