通信学报 ›› 2014, Vol. 35 ›› Issue (9): 12-19.doi: 10.3969/j.issn.1000-436x.2014.09.002
汪洁,何小贤
出版日期:
2014-09-25
发布日期:
2017-06-14
基金资助:
Jie WANG,Xiao-xian HE
Online:
2014-09-25
Published:
2017-06-14
Supported by:
摘要:
提出基于种子—扩充的多态蠕虫特征自动提取方法 SESG。SESG 算法首先按序列的权重大小将其放入一个队列,然后依序 次对队列中的种子序列进行扩充,从而对各类蠕虫以及噪音序列进行分类,并从分类后的蠕虫列中提取其特征。测试结果表明,SESG 算法能够在包含噪音的可疑池中很好地区分各类蠕虫序列,更易于提取有效的蠕虫特征。
汪洁,何小贤. 基于种子——扩充的多态蠕虫特征自动提取方法[J]. 通信学报, 2014, 35(9): 12-19.
Jie WANG,Xiao-xian HE. Automated polymorphic worm signature generation approach based on seed-extending[J]. Journal on Communications, 2014, 35(9): 12-19.
[1] | 文伟平, 卿斯汉, 蒋建春 等. 网络蠕虫研究与进展[J]. 软件学报, 2004,15(8):1208-1219. WENG W P , QING S H , JIANG J C , et al. Research and development of internet worms[J]. Journal of Software, 2004,15(8):1208-1219. |
[2] | 和亮, 冯登国, 王蕊 等. 基于MapReduce的大规模在线社交网络蠕虫仿真[J]. 软件学报, 2013,24(7):1666-1682. HE L , FENG D G , WANG R , et al. Mapreduce-based large-scale online social network worm simulation[J]. Journal of Software, 2013,24(7):1666-1682. |
[3] | 苏飞, 林昭文, 马严 等. IPv6网络环境下的蠕虫传播模型研究[J]. 通信学报, 2011,32(9):51-60. SU F , LIN Z W , MA Y , et al. Research on worm propagation model in IPv6 networks[J]. Journal on Communications, 2011,32(9):51-60. |
[4] | 吴国政, 秦志光 . 大规模对等网络蠕虫仿真技术研究[J]. 通信学报, 2011,32(8):128-135. WU G Z , QIN Z G . Research on large-scale P2P worm simulation[J]. Journal on Communications, 2011,32(8):128-135. |
[5] | 张伟, 王汝传, 李鹏 . 基于云安全环境下的蠕虫传播模型[J]. 通信学报, 2012,33(4):17-24. ZHANG W , WANG R C , LI P . Worm propagation modeling in cloud security[J]. Journal on Communications, 2012,33(4):17-24. |
[6] | 刘波, 王怀民, 肖枫涛 等. 面向异构网络环境下的蠕虫传播模型Enhanced-AAWP[J]. 通信学报, 2011,32(12):103-113. LIU B , WANG H M , XIAO F T , et al. Enhanced-AAWP,a heteroge-neous network oriented worm propagation model[J]. Journal on Communications, 2011,32(12):103-113. |
[7] | 杨峰, 段海新, 李星 . 网络蠕虫扩散中蠕虫和良性蠕虫交互过程建模与分析[J]. 中国科学(E辑), 2004,34(8):841-856. YANG F , DUAN H X , LI X . Modeling and analyzing interaction be-tween network worm and antiworm during the propagation process[J]. Science in China Ser E, 2004,34(8):841-856. |
[8] | 肖枫涛, 胡华平, 刘波 . HPBR:用于蠕虫检测的主机报文行为评级模型[J]. 通信学报, 2008,29(10):108-116. XIAO F T , HU H P , LIU B . HPBR: host packet behavior ranking model used in worm detection[J]. Journal on Communications, 2008,29(10):108-116. |
[9] | COMAR P M , LIU L , SAHA S , et al. Combining supervised and unsupervised learning for zero-day malware detection[A]. Proceedings of 32nd Annual IEEE International Conference on Computer Commu-nications (INFOCOM 2013)[C]. Turin,Italy, 2013.2022-2030. |
[10] | KAUR R. , SINGH M . Efficient hybrid technique for detecting zero-day polymorphic worms[A]. 2014 IEEE International Advance Computing Conference (IACC)[C]. Gurgaon,India, 2014.95-100. |
[11] | 唐勇, 诸葛建伟, 陈曙晖 等. 蠕虫正则表达式特征自动提取技术研究[J]. 通信学报, 2013,34(3):141-147. TANG Y , ZHUGE J W , CHEN S H , et al. Automatic generating regu-lar expression signatures for real network worms[J]. Journal on Communications, 2013,34(3):141-147. |
[12] | 王平, 方滨兴, 云晓春 . 基于自动特征提取的大规模网络蠕虫检测[J]. 通信学报, 2006,27(6):87-93. WANG P , FANG B X , YUN X C . Large scale network worm detection using automatic signature extraction[J]. Journal on Communications, 2006,27(6):87-93. |
[13] | KAUR R , SINGH M . A survey on zero-day polymorphic worm detec-tion techniques[J]. IEEE Communications Surveys & Tutorials, 2014:1-30. |
[14] | PORTOKALIDIS G , BOS H . Sweetbait: zero-hour worm detection and containment using low-and high-interaction honeypots[J]. Computer Networks, 2007,51(5):1256-1274. |
[15] | CAI M , HWANG K , PAN J , et al. Wormshield: fast worm signature generation with distributed fingerprint aggregation[J]. IEEE Transac-tions on Dependable and Secure Computing, 2007,4(2):88-104. |
[16] | RANJAN S , SHAH S , NUCCI A , et al. Dowitcher: effective worm detection and containment in the internet core[A]. IEEE INFOCOM 2007[C]. Alaska,USA, 2007.2541-2545. |
[17] | MOHAMMED MMZE , CHAN H A , VENTURA N , et al. An auto-mated signature generation method for zero-day polymorphic worms based on multilayer perceptron model[A]. 2013 International Confer-ence on Advanced Computer Science Applications and Technologies (ACSAT)[C]. Zhengzhou,China, 2013.450-455. |
[18] | YEGNESWARAN V , GIFFIN J T , BARFORD P , et al. An architecture for generating semantics-aware signatures[A]. Proceedings of the 14th Conference on USENIX Security Symposium[C]. Baltimore, 2005. |
[19] | NEWSOME J , KARP B , SONG D . Polygraph: automatically generat-ing signatures for polymorphic worms[A]. Proceedings of 2005 IEEE Symposium on Security and Privacy Symposium[C]. Oakland,California, 2005.226-241. |
[20] | LI Z , SANGHI M , CHEN Y , et al. Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience[A]. Proceedings of IEEE Symposium on Security and Privacy[C]. Berkeley/Oakland,California, 2006.32-47. |
[21] | CAVALLARO L , LANZI A , MAYER L , et al. LISABETH: automated content-based signature generator for zero-day polymorphic worms[A]. Proceedings of the Fourth International Workshop on Software Engi-neering for Secure Systems[C]. Berlin,Germany, 2008.41-48. |
[22] | BAYOGLU B , SOGUKPINAR I . Polymorphic worm detection using token-pair signatures[A]. Proceedings of the 4th International Work-shop on Security,Privacy and Trust in Pervasive and Ubiquitous Com-putting[C]. New York,USA, 2008.7-12. |
[23] | MOHAMMED MMZE , CHAN H A , VENTURA N . Honeycyber:automated signature generation for zero-day polymorphic worms[A]. IEEE Military Communications Conference,MILCOM 2008[C]. New York,USA, 2008.1-6. |
[24] | WANG J , WANG J X , CHEN J E , et al. An automated signature gen-eration approach for polymorphic worm based on color coding[A]. IEEE ICC 2009[C]. Dresden,Germany, 2009.1-6. |
[25] | TANG Y , XIAO B , LU X , et al. Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms[J]. Computers & Security, 2009,28(8):827-842. |
[26] | TANG Y , CHEN S . An automated signature-based approach against polymorphic internet worms[J]. IEEE Transactions on Parallel and Distributed Systems, 2007,18(7):879-892. |
[27] | BAYOGLU B , SOGUKPINAR L . Graph based signature classes for detecting polymorphic worms via content analysis[J]. Computer Networks, 2012,56(2):832-844. |
[28] | 汪洁, 王建新, 刘绪崇 . 基于近邻关系特征的多态蠕虫防御方法[J]. 通信学报, 2011,32(8):150-158. WANG J , WANG J X , LIU X C . Novel approach based on neighbor-hood relation signature against polymorphic Internet worms[J]. Journal on Communications, 2011,32(8):150-158. |
[1] | 陈炜宇, 骆俊杉, 王方刚, 丁海洋, 王世练, 夏国江. 无线隐蔽通信容量限与实现技术综述[J]. 通信学报, 2022, 43(8): 203-218. |
[2] | 张晗,胡永进,郭渊博,陈吉成. 信息安全领域内实体共指消解技术研究[J]. 通信学报, 2020, 41(2): 165-175. |
[3] | 印曦,黄伟庆. 基于混沌理论的彩色QR编码水印技术研究[J]. 通信学报, 2018, 39(7): 50-58. |
[4] | 王秦,朱建明. 基于Gordon-Loeb模型的信息安全投资博弈研究[J]. 通信学报, 2018, 39(2): 174-182. |
[5] | 冯涛,鲁晔,方君丽. 工业以太网协议脆弱性与安全防护技术综述[J]. 通信学报, 2017, 38(Z2): 185-196. |
[6] | 汤光明,孙艺,徐潇雨,王宇. 动态更新失真代价的自适应JPEG隐写算法[J]. 通信学报, 2017, 38(9): 1-8. |
[7] | 刘牧洲,仇剑书,张云勇,严斌峰,张思遥,汤雅妃. 基于标识密钥技术的证书集成管理平台[J]. 通信学报, 2016, 37(Z1): 197-203. |
[8] | 温涛,张玉清,刘奇旭,杨刚. UVDA:自动化融合异构安全漏洞库框架的设计与实现[J]. 通信学报, 2015, 36(10): 235-244. |
[9] | 张玉清,武倩如,刘奇旭,董颖. 第三方追踪的安全研究[J]. 通信学报, 2014, 35(9): 1-11. |
[10] | 丁宇新,肖 骁,吴美晶,张逸彬,董 丽. 基于半监督学习的社交网络用户属性预测[J]. 通信学报, 2014, 35(8): 3-22. |
[11] | 李 晖,李凤华,曹 进,牛 犇,孙文海,耿 魁. 移动互联服务与隐私保护的研究进展[J]. 通信学报, 2014, 35(11): 1-8. |
[12] | 董婵,范修斌,李有文,王建荣. 应用规律下的BLP模型密级赋值方法[J]. 通信学报, 2013, 34(9): 142-149. |
[13] | 李卫卫. 平衡H布尔函数的相关免疫性研究[J]. 通信学报, 2013, 34(8): 82-87. |
[14] | 李卫卫. 平衡H布尔函数的相关免疫性研究[J]. 通信学报, 2013, 34(8): 11-87. |
[15] | 刘奇旭,张翀斌,张玉清,张宝峰. 安全漏洞等级划分关键技术研究[J]. 通信学报, 2012, 33(Z1): 79-87. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|