检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:芦天亮 蔡满春[1,2] 高见 Lu Tianliang;Cai Manchun;Gao Jian(College of Information Technology & Network Security;CIC of Security & Law for Cyberspace,People's Public Security University of China,Beijing 100038,China)
机构地区:[1]中国人民公安大学信息技术与网络安全学院,北京100038 [2]中国人民公安大学网络空间安全与法治协同创新中心,北京100038
出 处:《计算机应用研究》2018年第8期2409-2411,2416,共4页Application Research of Computers
基 金:国家自然科学基金资助项目(61602489);国家重点研发计划"网络空间安全"重点专项资助项目(2017YFB0802804);赛尔网络下一代互联网技术创新项目(NGII20160405)
摘 要:Shellcode是缓冲区溢出漏洞攻击的核心代码部分,往往嵌入到文件和网络流量载体中。针对特征码匹配等检测手段存在时间滞后、准确率低等问题,结合人工免疫理论,提出一种采用实值编码的shellcode检测方法。收集shellcode样本并进行反汇编,利用n-gram模型对汇编指令序列提取特征生成抗原,作为免疫系统未成熟检测器来源,之后经历阴性选择算法的免疫耐受过程生成成熟检测器。对检测器进行克隆和变异,繁衍出更加优良的后代,提高检测器的多样性和亲和度。实验结果表明,该方法对非编码shellcode和多态shellcode均具有较高的检测准确率。Shellcode is the core part of buffer overflow attacks,often is embedded in the files and network traffic.The signature code matching detection means have exposed some problems,such as time delays,low accuracy and so on.According to the artificial immune theory,this paper developed a real valued encoding based detection method for shellcode.As one source of immature detectors,the proposed method disassembled the collected shellcode samples and extracted the features from instruction sequence based on n -gram model.The immature detectors became mature detectors after immune tolerance using negative selection algorithm.To increase the diversity and affinity,the detectors were cloned and mutated to proliferate better offspring.Experimental result shows that the proposed method has higher detection accuracy for both non-encoded shellcode and polymorphic shellcode.
关 键 词:人工免疫系统 shellcode检测 阴性选择算法 克隆选择算法
分 类 号:TP309.2[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15