基于Muscle的攻擊特征自動提取方法研究
發(fā)布時間:2018-07-28 07:08
【摘要】:摘要:隨著網(wǎng)絡(luò)攻擊日益增多,各種變形、多態(tài)技術(shù)大量出現(xiàn),單純依靠安全專家根據(jù)事后分析獲取攻擊特征,會造成新攻擊檢測嚴重滯后。攻擊特征自動提取技術(shù)能快速準(zhǔn)確的提取攻擊特征,保障網(wǎng)絡(luò)環(huán)境的安全可靠。本文分析了現(xiàn)有的攻擊特征自動提取方法,總結(jié)特征提取所面臨的問題和發(fā)展方向,對序列比對在攻擊特征自動提取中的應(yīng)用進行了研究。 Needleman-Wunsch (NW)算法應(yīng)用于特征提取時會出現(xiàn)碎片問題,本文提出的INW算法通過改進雙序列比對的相似度得分函數(shù)來減少碎片,獲取更有語義信息的子序列串。NJ算法是一種常用的進化樹構(gòu)建方法,但該算法存在進化樹不確定問題,本文提出了INJ算法,當(dāng)共同擁有最小速率校正距離的序列對間沒有公共序列時則同時加入多組序列對,否則通過對比序列的次最小速率校正距離和序列距離來選擇此次加入進化樹的序列對。實驗結(jié)果表明,INW算法得到的字符特征碎片較少,連續(xù)性更高,而與NJ算法相比,INJ算法能得到唯一、正確的進化樹。 Muscle算法是一種高效的綜合漸進和迭代比對的多序列比對算法,但具體運用到攻擊特征提取時,算法會出現(xiàn)進化樹不確定、產(chǎn)生碎片、不能消除噪聲干擾等問題,本文提出了其改進算法-IMuscle。 IMuscle算法分為粗比對、改進的漸進式比對和迭代改進三個階段。粗比對時,對差異性較大的序列和不滿足有效攻擊數(shù)據(jù)流特點的序列作為噪聲進行消除,減少噪聲對結(jié)果的干擾;將INW和INJ算法運用于雙序列比對和進化樹構(gòu)建中,從而獲得更有意義的攻擊特征;在改進的漸進式比對中,因Kimura距離受生物遺傳模型影響較大,本文用歸一化距離代替Kimura模型重新計算距離矩陣。實驗結(jié)果表明:IMuscle算法具有較好的抗噪能力,得到的比對結(jié)果能更準(zhǔn)確地表達攻擊特征。圖25幅,表12個,參考文獻54篇。
[Abstract]:Absrtact: with the increasing number of network attacks, all kinds of deformation, polymorphic techniques appear in large numbers, relying solely on security experts to obtain attack characteristics according to hindsight analysis, will cause serious delay in new attack detection. Automatic extraction of attack features can extract attack features quickly and accurately, and ensure the security and reliability of the network environment. In this paper, the existing methods of automatic extraction of attack features are analyzed, and the problems and developing directions of feature extraction are summarized. In this paper, the application of sequence alignment in automatic extraction of attack features is studied. When Needleman-Wunsch (NW) algorithm is applied to feature extraction, fragmentation will occur. The INW algorithm proposed in this paper reduces fragments by improving the similarity score function of double sequence alignment. The sub-sequence string. NJ algorithm, which has more semantic information, is a common evolutionary tree construction method, but it has the problem of evolutionary tree uncertainty. In this paper, INJ algorithm is proposed. When there is no common sequence between sequence pairs with minimum rate correction distance, multiple sequence pairs are added at the same time. Otherwise, the sequence pair added to the evolutionary tree is selected by comparing the sub-minimum rate correction distance and the sequence distance of the sequence. The experimental results show that the INW algorithm has less character feature fragments and higher continuity than NJ algorithm. The correct evolutionary tree. Muscle algorithm is an efficient multi-sequence alignment algorithm that synthesizes evolutionary and iterative alignment, but when applied to attack feature extraction, the evolutionary tree is uncertain and fragments are generated. This paper presents an improved algorithm-IMuscle. which can not eliminate noise interference and so on. IMuscle algorithm is divided into three stages: coarse alignment, improved incremental alignment and iterative improvement. In rough alignment, the noise is eliminated for the sequences which are not satisfied with the characteristics of the effective attack data stream, and the INW and INJ algorithms are used in the construction of the double sequence alignment and evolutionary tree. In the improved incremental alignment, the Kimura distance is greatly affected by the biological genetic model, so the normalized distance is used instead of the Kimura model to calculate the distance matrix again in this paper. The experimental results show that the weight IMuscle algorithm has a better ability to resist noise, and the comparison results can express the attack features more accurately. 25 figures, 12 tables, 54 references.
【學(xué)位授予單位】:中南大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
本文編號:2149300
[Abstract]:Absrtact: with the increasing number of network attacks, all kinds of deformation, polymorphic techniques appear in large numbers, relying solely on security experts to obtain attack characteristics according to hindsight analysis, will cause serious delay in new attack detection. Automatic extraction of attack features can extract attack features quickly and accurately, and ensure the security and reliability of the network environment. In this paper, the existing methods of automatic extraction of attack features are analyzed, and the problems and developing directions of feature extraction are summarized. In this paper, the application of sequence alignment in automatic extraction of attack features is studied. When Needleman-Wunsch (NW) algorithm is applied to feature extraction, fragmentation will occur. The INW algorithm proposed in this paper reduces fragments by improving the similarity score function of double sequence alignment. The sub-sequence string. NJ algorithm, which has more semantic information, is a common evolutionary tree construction method, but it has the problem of evolutionary tree uncertainty. In this paper, INJ algorithm is proposed. When there is no common sequence between sequence pairs with minimum rate correction distance, multiple sequence pairs are added at the same time. Otherwise, the sequence pair added to the evolutionary tree is selected by comparing the sub-minimum rate correction distance and the sequence distance of the sequence. The experimental results show that the INW algorithm has less character feature fragments and higher continuity than NJ algorithm. The correct evolutionary tree. Muscle algorithm is an efficient multi-sequence alignment algorithm that synthesizes evolutionary and iterative alignment, but when applied to attack feature extraction, the evolutionary tree is uncertain and fragments are generated. This paper presents an improved algorithm-IMuscle. which can not eliminate noise interference and so on. IMuscle algorithm is divided into three stages: coarse alignment, improved incremental alignment and iterative improvement. In rough alignment, the noise is eliminated for the sequences which are not satisfied with the characteristics of the effective attack data stream, and the INW and INJ algorithms are used in the construction of the double sequence alignment and evolutionary tree. In the improved incremental alignment, the Kimura distance is greatly affected by the biological genetic model, so the normalized distance is used instead of the Kimura model to calculate the distance matrix again in this paper. The experimental results show that the weight IMuscle algorithm has a better ability to resist noise, and the comparison results can express the attack features more accurately. 25 figures, 12 tables, 54 references.
【學(xué)位授予單位】:中南大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
【參考文獻】
相關(guān)期刊論文 前8條
1 于志宏;趙闊;胡亮;;基于協(xié)議分析的入侵檢測規(guī)則智能匹配[J];吉林大學(xué)學(xué)報(信息科學(xué)版);2008年02期
2 鄒權(quán);郭茂祖;王曉凱;張濤濤;;基于關(guān)鍵字樹的DNA多序列星比對算法[J];電子學(xué)報;2009年08期
3 秦拯;尹毅;陳飛楊;陳薇娜;董銳;王澤平;;基于序列比對的攻擊特征自動提取方法[J];湖南大學(xué)學(xué)報(自然科學(xué)版);2008年06期
4 趙旭;何聚厚;;基于NLA的Polymorphic蠕蟲特征自動提取算法研究[J];計算機工程與應(yīng)用;2012年08期
5 唐勇;盧錫城;胡華平;朱培棟;;基于多序列聯(lián)配的攻擊特征自動提取技術(shù)研究[J];計算機學(xué)報;2006年09期
6 蔣建春,馬恒太,任黨恩,卿斯?jié)h;網(wǎng)絡(luò)安全入侵檢測:研究綜述[J];軟件學(xué)報;2000年11期
7 霍紅衛(wèi);肖智偉;;基于最大權(quán)值路徑算法的DNA多序列比對方法[J];軟件學(xué)報;2007年02期
8 諸葛建偉;韓心慧;周勇林;宋程昱;郭晉鵬;鄒維;;HoneyBow:一個基于高交互式蜜罐技術(shù)的惡意代碼自動捕獲器[J];通信學(xué)報;2007年12期
,本文編號:2149300
本文鏈接:http://www.sikaile.net/guanlilunwen/ydhl/2149300.html
最近更新
教材專著
