| 基于蠕虫攻击模型和语义分析的特征码自动提取 |
| |
| 引用本文: | 王炜,罗代升,王欣,方勇.基于蠕虫攻击模型和语义分析的特征码自动提取[J].计算机工程,2007,33(10):134-135,146. |
| |
| 作者姓名: | 王炜 罗代升 王欣 方勇 |
| |
| 作者单位: | 四川大学电子信息学院,成都,610065;四川大学电子信息学院,成都,610065;四川大学电子信息学院,成都,610065;四川大学电子信息学院,成都,610065 |
| |
| 摘 要: | 传统手工提取蠕虫的特征串需要很长时间,而基于串模式分析自动提取的虚警率和漏警率始终不太理想.该文提出了一种基于蠕虫攻击模型的语义分析特征提取法.该方法基于蠕虫攻击模型先验知识,自动识别蠕虫代码各个功能部分,将蠕虫攻击的必用部分作为蠕虫的特征串,提出了蠕虫攻击的通用模型OSJUMP.基于该模型,证明了基于语义提取蠕虫特征的有效性,给出了一种基于语义的蠕虫特征自动提取算法.对Red Code等各种实际蠕虫进行测试,结果显示自动提取生成的蠕虫特征值和安全厂商手工分析提供的特征值具有很大的可比性.
|
| 关 键 词: | 网络蠕虫 特征码 自动提取 |
| 文章编号: | 1000-3428(2007)10-0134-02 |
| 修稿时间: | 2006-06-26 |
Automatic Extraction of Signature Based on Worm Attack Model and Semantic Analysis |
| |
| WANG Wei,LUO Daisheng,WANG Xin,FANG Yong.Automatic Extraction of Signature Based on Worm Attack Model and Semantic Analysis[J].Computer Engineering,2007,33(10):134-135,146. |
| |
| Authors: | WANG Wei LUO Daisheng WANG Xin FANG Yong |
| |
| Affiliation: | School of Electronic and Information, Sichuan University, Chengdu 610065 |
| |
| Abstract: | Since manual Internet worm signature extraction takes a long time while automatically pattern-based analysis causes high false negatives and false positives, this paper proposes a new worm signature extraction method based on worm attack model and semantic analysis. It contributes a definition of worm attacking model OSJUMP model, proves the preciseness of worm signature based on worm attacking model, and presents a semantic analysis algorithm for automatically extract invariable parts as signature. The evaluation demonstrates that the algorithm produces signature as the same as the one provided by vendors. |
| |
| Keywords: | Internet worm Signature Automatic extraction |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
