基于公共特征集合的网络蠕虫特征码自动提取

Automatic extraction of Internet worm signature based on common feature set

作为连接检测与遏制的桥梁,特征码的自动提取在蠕虫对抗中发挥着重要作用。介绍了传统的网络蠕虫特征码提取算法,分析了它们的工作机理和主要缺陷,提出了一种基于公共特征集合的提取算法,它支持低复杂度提取与优化,也支持灵敏性和特异性之间的权衡,在应对背景噪声和交叉传染方面具有显著优势。

Serving as the bridge that links detection and containment, automatic signature extraction has played an important role in anti-worm. Traditional Internet worm signature extraction algorithms were introduced. Based on the analysis of their mechanisms and major defections, an extraction algorithm based on common feature set was presented. It supported low complexity extraction and optimization, as well as the tradeoff between sensitivity and specialization, and had remarkable superiority in dealing with background noise and cross infection.