基于改进蚁群算法的多态蠕虫特征提取

多态蠕虫特征提取是基于特征的入侵检测的难点，快速提取出精确程度更高的多态蠕虫特征对于有效防范蠕虫的快速传播有着重要的作用。针对层次式的多序列匹配(HMSA)算法进行多序列比对的时间效率较低和由迭代方法提取出的特征不够精确等问题，提出了基于改进蚁群算法的多态蠕虫特征提取方法antMSA。该方法首先对蚁群的搜索策略进行了相应的改进，并将改进后的蚁群算法引入到奖励相邻匹配的全局联配(CMENW)算法中，利用蚁群算法快速收敛能力，在全局范围内快速生成较好解，提取出多态蠕虫的特征片段；然后将其转化为标准入侵检测系统(IDS)规则，用于后期防御。实验表明，改进后的蚁群算法能够较好地克服基本蚁群算法的停滞现象，扩大搜索空间，能够有效提高特征提取的效率和质量，降低误报率。

Polymorphic worms signature extraction based on improved ant colony algorithm

Polymorphic worms signature extraction is a critical part of signature-based intrusion detection. Extracting precise signatures quickly plays an important role in preventing the spread of the worms. Since the classical Hierarchical Multi-Sequence Alignment (HMSA) algorithm has bad time performance in extracting signatures when multiple sequences alignment was used and the extracted signatures were not precise enough, a new automatic signature extraction method called antMSA was proposed based on the improved ant optimal algorithm. The search strategy of the ant group was improved, and then it was introduced to the Contiguous Matches Encouraging Needleman-Wunsch (CMENW) algorithm to get a better solution quickly in global range by using the rapid convergence ability of ant colony algorithm. The signature fragments were extracted and converted into the standard rules of the intrusion detection system for subsequent defense. The experimental results show that the new method solves the stagnation problem of the classical ant optimal algorithm, extends the search space, extracts signatures more efficiently and precisely, and reduces the false positive rate and the false negative rate.