【摘要】：針對(duì)簡(jiǎn)化正則表達(dá)式(SRE)的多態(tài)蠕蟲防御方法不足以處理蠕蟲的不變部分和距離限制等問(wèn)題,提出一種利用序列比對(duì)檢測(cè)的優(yōu)化SRE。比對(duì)一個(gè)序列在另一個(gè)序列上編寫字符的過(guò)程包括3個(gè)步驟,即初始化步驟、矩陣填充和回溯步驟。初始化矩陣用于比較兩個(gè)序列間字符的得分;填充矩陣選擇最大數(shù),保持指針指向?qū)С鰠?shù)的先前得分位置;回溯的每個(gè)分支代表一個(gè)最優(yōu)的比對(duì)�？紤]到上述步驟最大化了匹配總數(shù)量,而非匹配連續(xù)子串,采用逐對(duì)序列比對(duì)檢測(cè),對(duì)最長(zhǎng)公共子串(LCS)的字符串進(jìn)行匹配。評(píng)價(jià)結(jié)果表明,優(yōu)化SRE方法能夠成功獲得連續(xù)序列,保留了多態(tài)蠕蟲的所有通配符,相比于Autograph、Polygraph和SRE方法,其生成的特征碼更加精確和高效。
[Abstract]:In view of the fact that the polymorphic worm defense method based on simplified regular expression (SRE) is not sufficient to deal with the invariant parts and distance limitation of worms, an optimized SRE. based on sequence alignment detection is proposed. The process of comparing one sequence to another includes three steps: initialization step, matrix filling step and backtracking step. The initialization matrix is used to compare the scores of the characters between the two sequences; the fill matrix selects the maximum number and holds the pointer to the previous score position of the derived parameter; each branch of the backtracking represents an optimal alignment. Considering that the above steps maximize the total number of matches, but not match the continuous substrings, a pair by pair sequence alignment detection is used to match the string of the longest common substring (LCS). The evaluation results show that the optimized SRE method can successfully obtain continuous sequences and retain all wildcard characters of polymorphic worms. Compared with Autograph,Polygraph and SRE methods, the signature generated by the optimized SRE method is more accurate and efficient.
【作者單位】： 成都東軟學(xué)院計(jì)算機(jī)科學(xué)與技術(shù)系;四川師范大學(xué)計(jì)算機(jī)學(xué)院;
【基金】：四川省教育廳基金項(xiàng)目(14ZA0366) 中央高校財(cái)政專項(xiàng)校級(jí)基金項(xiàng)目(2015NYB03)
【分類號(hào)】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前3條

1 尹曙明;嚴(yán)曲;聶琨坤;高堅(jiān);;基于序列比對(duì)算法的偽裝入侵檢測(cè)技術(shù)[J];計(jì)算機(jī)工程;2007年24期

2 孫義;胡雨霽;黃皓;;基于序列比對(duì)的SQL注入攻擊檢測(cè)方法[J];計(jì)算機(jī)應(yīng)用研究;2010年09期

3 劉壽強(qiáng),潘春華,桂兵祥,呂國(guó)斌,墻芳躅;基于工作站機(jī)群的PVM系統(tǒng)的序列比對(duì)[J];計(jì)算機(jī)工程;2002年05期

相關(guān)碩士學(xué)位論文 前1條

1 尹毅;基于序列比對(duì)的特征自動(dòng)提取關(guān)鍵技術(shù)研究[D];湖南大學(xué);2008年

，

本文編號(hào)：2411869