【摘要】：摘要：隨著網(wǎng)絡(luò)攻擊日益增多,各種變形、多態(tài)技術(shù)大量出現(xiàn),單純依靠安全專家根據(jù)事后分析獲取攻擊特征,會(huì)造成新攻擊檢測(cè)嚴(yán)重滯后。攻擊特征自動(dòng)提取技術(shù)能快速準(zhǔn)確的提取攻擊特征,保障網(wǎng)絡(luò)環(huán)境的安全可靠。本文分析了現(xiàn)有的攻擊特征自動(dòng)提取方法,總結(jié)特征提取所面臨的問題和發(fā)展方向,對(duì)序列比對(duì)在攻擊特征自動(dòng)提取中的應(yīng)用進(jìn)行了研究。 Needleman-Wunsch (NW)算法應(yīng)用于特征提取時(shí)會(huì)出現(xiàn)碎片問題,本文提出的INW算法通過改進(jìn)雙序列比對(duì)的相似度得分函數(shù)來減少碎片,獲取更有語義信息的子序列串。NJ算法是一種常用的進(jìn)化樹構(gòu)建方法,但該算法存在進(jìn)化樹不確定問題,本文提出了INJ算法,當(dāng)共同擁有最小速率校正距離的序列對(duì)間沒有公共序列時(shí)則同時(shí)加入多組序列對(duì),否則通過對(duì)比序列的次最小速率校正距離和序列距離來選擇此次加入進(jìn)化樹的序列對(duì)。實(shí)驗(yàn)結(jié)果表明,INW算法得到的字符特征碎片較少,連續(xù)性更高,而與NJ算法相比,INJ算法能得到唯一、正確的進(jìn)化樹。 Muscle算法是一種高效的綜合漸進(jìn)和迭代比對(duì)的多序列比對(duì)算法,但具體運(yùn)用到攻擊特征提取時(shí),算法會(huì)出現(xiàn)進(jìn)化樹不確定、產(chǎn)生碎片、不能消除噪聲干擾等問題,本文提出了其改進(jìn)算法-IMuscle。 IMuscle算法分為粗比對(duì)、改進(jìn)的漸進(jìn)式比對(duì)和迭代改進(jìn)三個(gè)階段。粗比對(duì)時(shí),對(duì)差異性較大的序列和不滿足有效攻擊數(shù)據(jù)流特點(diǎn)的序列作為噪聲進(jìn)行消除,減少噪聲對(duì)結(jié)果的干擾；將INW和INJ算法運(yùn)用于雙序列比對(duì)和進(jìn)化樹構(gòu)建中,從而獲得更有意義的攻擊特征；在改進(jìn)的漸進(jìn)式比對(duì)中,因Kimura距離受生物遺傳模型影響較大,本文用歸一化距離代替Kimura模型重新計(jì)算距離矩陣。實(shí)驗(yàn)結(jié)果表明：IMuscle算法具有較好的抗噪能力,得到的比對(duì)結(jié)果能更準(zhǔn)確地表達(dá)攻擊特征。圖25幅,表12個(gè),參考文獻(xiàn)54篇。
[Abstract]:Absrtact: with the increasing number of network attacks, all kinds of deformation, polymorphic techniques appear in large numbers, relying solely on security experts to obtain attack characteristics according to hindsight analysis, will cause serious delay in new attack detection. Automatic extraction of attack features can extract attack features quickly and accurately, and ensure the security and reliability of the network environment. In this paper, the existing methods of automatic extraction of attack features are analyzed, and the problems and developing directions of feature extraction are summarized. In this paper, the application of sequence alignment in automatic extraction of attack features is studied. When Needleman-Wunsch (NW) algorithm is applied to feature extraction, fragmentation will occur. The INW algorithm proposed in this paper reduces fragments by improving the similarity score function of double sequence alignment. The sub-sequence string. NJ algorithm, which has more semantic information, is a common evolutionary tree construction method, but it has the problem of evolutionary tree uncertainty. In this paper, INJ algorithm is proposed. When there is no common sequence between sequence pairs with minimum rate correction distance, multiple sequence pairs are added at the same time. Otherwise, the sequence pair added to the evolutionary tree is selected by comparing the sub-minimum rate correction distance and the sequence distance of the sequence. The experimental results show that the INW algorithm has less character feature fragments and higher continuity than NJ algorithm. The correct evolutionary tree. Muscle algorithm is an efficient multi-sequence alignment algorithm that synthesizes evolutionary and iterative alignment, but when applied to attack feature extraction, the evolutionary tree is uncertain and fragments are generated. This paper presents an improved algorithm-IMuscle. which can not eliminate noise interference and so on. IMuscle algorithm is divided into three stages: coarse alignment, improved incremental alignment and iterative improvement. In rough alignment, the noise is eliminated for the sequences which are not satisfied with the characteristics of the effective attack data stream, and the INW and INJ algorithms are used in the construction of the double sequence alignment and evolutionary tree. In the improved incremental alignment, the Kimura distance is greatly affected by the biological genetic model, so the normalized distance is used instead of the Kimura model to calculate the distance matrix again in this paper. The experimental results show that the weight IMuscle algorithm has a better ability to resist noise, and the comparison results can express the attack features more accurately. 25 figures, 12 tables, 54 references.
【學(xué)位授予單位】：中南大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前8條

1 于志宏;趙闊;胡亮;;基于協(xié)議分析的入侵檢測(cè)規(guī)則智能匹配[J];吉林大學(xué)學(xué)報(bào)(信息科學(xué)版);2008年02期

2 鄒權(quán);郭茂祖;王曉凱;張濤濤;;基于關(guān)鍵字樹的DNA多序列星比對(duì)算法[J];電子學(xué)報(bào);2009年08期

3 秦拯;尹毅;陳飛楊;陳薇娜;董銳;王澤平;;基于序列比對(duì)的攻擊特征自動(dòng)提取方法[J];湖南大學(xué)學(xué)報(bào)(自然科學(xué)版);2008年06期

4 趙旭;何聚厚;;基于NLA的Polymorphic蠕蟲特征自動(dòng)提取算法研究[J];計(jì)算機(jī)工程與應(yīng)用;2012年08期

5 唐勇;盧錫城;胡華平;朱培棟;;基于多序列聯(lián)配的攻擊特征自動(dòng)提取技術(shù)研究[J];計(jì)算機(jī)學(xué)報(bào);2006年09期

6 蔣建春,馬恒太,任黨恩,卿斯?jié)h;網(wǎng)絡(luò)安全入侵檢測(cè):研究綜述[J];軟件學(xué)報(bào);2000年11期

7 霍紅衛(wèi);肖智偉;;基于最大權(quán)值路徑算法的DNA多序列比對(duì)方法[J];軟件學(xué)報(bào);2007年02期

8 諸葛建偉;韓心慧;周勇林;宋程昱;郭晉鵬;鄒維;;HoneyBow:一個(gè)基于高交互式蜜罐技術(shù)的惡意代碼自動(dòng)捕獲器[J];通信學(xué)報(bào);2007年12期

，

本文編號(hào)：2149300