检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]成都东软学院计算机科学与技术系,四川成都611844 [2]四川师范大学计算机学院,四川成都610101
出 处:《计算机工程与设计》2017年第9期2379-2384,共6页Computer Engineering and Design
基 金:四川省教育厅基金项目(14ZA0366);中央高校财政专项校级基金项目(2015NYB03)
摘 要:针对简化正则表达式(SRE)的多态蠕虫防御方法不足以处理蠕虫的不变部分和距离限制等问题,提出一种利用序列比对检测的优化SRE。比对一个序列在另一个序列上编写字符的过程包括3个步骤,即初始化步骤、矩阵填充和回溯步骤。初始化矩阵用于比较两个序列间字符的得分;填充矩阵选择最大数,保持指针指向导出参数的先前得分位置;回溯的每个分支代表一个最优的比对。考虑到上述步骤最大化了匹配总数量,而非匹配连续子串,采用逐对序列比对检测,对最长公共子串(LCS)的字符串进行匹配。评价结果表明,优化SRE方法能够成功获得连续序列,保留了多态蠕虫的所有通配符,相比于Autograph、Polygraph和SRE方法,其生成的特征码更加精确和高效。Concerning that simplified regular expression (SRE) polymorphic worm defense method is not enough to deal with the worm’s invariant parts and distance constraints,the optimization of SRE using sequence alignment detection was proposed. The process of writing a character on another sequence consisted of three steps including the initialization step, the matrix filling, and the backtracking step. Among them, matrix initialization was used for score comparison between two sequences of charac-ters. The maximum number was selected for filling matrix, keeping a pointer pointing to the position of derived parameters pre-vious scoring. Each branch of backtracking represented an optimal alignment. The above steps maximized the total number of matching, rather than matched continuous sub-string. Sequence alignment detection was used for string matching of the longest common string (LCS). The evaluation results show that the optimized SRE method can successfully obtain a continuous sequence,and retain all wild-cards for polymorphic worms. Compared to Autograph, Polygraph and SRE methods, the pro-posed method is more accurate and efficient for the generation of the feature codes.
关 键 词:多态蠕虫 简化正则表达式 匹配 最长公共子串 序列比对检测
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222