摘要： 针对传统陷阱网络系统对未知蠕虫行为分析能力的不足，提出了一种基于遗传算法的优化解决方案。通过自定义行为向量构造准确描述网络蠕虫行为的项目集，并利用遗传算法优化未知蠕虫行为模式挖掘结果。对比研究表明，上述方案对行为模式挖掘在两个方面有显著改进：(1)提高了未知蠕虫行为项目集描述的完备性和预测性；(2)提高了既定行为模式的支持度与置信度。论文给出了运用模式相似度对系统感染特定蠕虫后的行为进行检测的统计比较结果，实验结果表明，和现有基于知识工程的方法相比，该方案能有效提高基于陷阱网络的蠕虫行为模式挖掘的精度。

关键词: 行为模式挖掘, 遗传算法, 陷阱网络, 蠕虫

Abstract: Because of the deficiency of unknown worms behavior analysis in traditional honeynet, an optimized solution based on genetic algorithms is proposed. The worms’ behavior item collection is described accurately by defining behavior vector structure, and the unknown worm behavior profile mining is optimized using genetic algorithms. The contrast research indicates that the solution has the remarkable improvement in two aspects, that is, the integrality and prediction of unknown worm behavior items are enhanced, and the support degree and confidence rate to the behavior pattern are increased. Using pattern familiarity comparison, statistical and experimental results on the behavior detection of the system infected specific worm’s are illustrated and analyzed, which indicate that the algorithm is more intelligent and adaptive than those using the pure knowledge engineering approaches.

Key words: Behavior profile mining, Genetic algorithm, Honeynet, Worms