计算机工程 ›› 2012, Vol. 38 ›› Issue (9): 153-154,176.doi: 10.3969/j.issn.1000-3428.2012.09.046

• 安全技术 • 上一篇    下一篇

一种改进的多态蠕虫特征提取算法

秦 燊,劳翠金   

  1. (柳州城市职业学院信息工程系,广西 柳州 545002)
  • 收稿日期:2011-07-08 出版日期:2012-05-05 发布日期:2012-05-05
  • 作者简介:秦 燊(1972-),男,讲师、硕士,主研方向:网络安全; 劳翠金,硕士
  • 基金项目:
    2011年度广西教育厅科研基金资助项目“基于虚拟化技术的校园网络安全研究”(201106LX821)

Improved Feature Extraction Algorithm of Polymorphic Worms

QIN Shen, LAO Cui-jin   

  1. (Department of Information Engineering, Liuzhou City Vocational College, Liuzhou 545002, China)
  • Received:2011-07-08 Online:2012-05-05 Published:2012-05-05

摘要: 大多数多态蠕虫特征提取方法不能很好地处理噪音,提取出的蠕虫特征无法对多态蠕虫进行有效检测。为此,提出一种改进的多态蠕虫特征提取算法。采用Gibbs算法从包含n条序列(包括k条蠕虫序列)的可疑流量池中提取出蠕虫特征,在识别蠕虫序列的过程中基于color coding技术提高算法的运行效率。仿真实验结果表明,该算法能够减少时间和空间开销,即使可疑池中存在噪音,也能有效地提取多态蠕虫。

关键词: 多态蠕虫, 特征提取, 彩色编码, 可疑池, Gibbs算法

Abstract: Aiming at the problem of the current polymorphic worm feature extraction method does not handle noise, and the worm features which are extracted can not detect polymorphic worms effectively, this paper proposes an improved feature extraction algorithm. This algorithm extracts the features of the worm from the suspicious flow pool which have k worm series in n series by the Gibbs algorithm, then uses the method of color coding to improve the efficiency of algorithms’ run in the process of identifying the worm series. Simulation results show that this approach can reduce the time and space overhead. Compared with the existing feature extraction algorithms, this algorithm can effectively extract the polymorphic worm when there is noise in the suspicious pool.

Key words: polymorphic worm, feature extraction, color coding, suspicious pool, Gibbs algorithm

中图分类号: