摘要： 现有蠕虫检测系统的误报率较高。为此，提出未知蠕虫自动检测技术。利用多维蠕虫异常检测方法发现未知蠕虫，使用跳跃式多特征串提取方法得到未知蠕虫的特征串集合，并生成相应的特征检测规则，实现未知蠕虫的自动检测。实验结果证明，该技术能够成功发现新型蠕虫，具有较高的蠕虫检测率和较低的误报率。

关键词: 未知蠕虫, 蠕虫检测, 特征提取, 异常检测

Abstract: Facing fast-spreading worms, existing detecting systems have lots of defects, such as high false alarm rate. For this reason, this paper proposes an automatic unknown worm detection technology, which uses multidimensional worm ab- normal detection method to discover unknown worms and uses salutatory multiple signatures extraction method to get the set of unknown worms’ signatures. It generates feature detection rules from signature set. It realizes automation of unknown worm detection using new rules. Experiments prove that, this technology can find the unknown worm, and has high detection rate and low false positive rate.

Key words: unknown worm, worm detection, feature extraction, abnormal detection

中图分类号: 

• TP393.08