For better study and defense polymorphic worms, based on studying the polymorphic and metamorphic techniques, a polymorphic worm generator is designed in the paper aiming at the worms propagating based on overflow vulnerability of buffer stack. The work process of the generator is introduced taking the SQL Slammer worm and the ATPhttp worm as examples. It is found from the design process of the generator and the worm instance analysis that the worms with polymorphic treatment still have the same substring sequence feature, therefore the polymorphic worms can be effectively defended based on such substring sequence feature. Finally, the function of the generator is tested. Test results show that the generator can make polymorphic treatment on programs effectively and provide effective experiment data for researches on polymorphic worm defense and automatic feature extraction.%为了更好地研究和防御多态蠕虫,在研究多态变形技术的基础上,针对基于缓冲区溢出漏洞进行传播的蠕虫,设计了多态蠕虫产生器.以SQL Slammer蠕虫和ATPhttpd蠕虫作为实例介绍产生器的工作过程.从产生器的设计过程和实例分析可以看出,通过多态处理的蠕虫依旧具有相同字符串序列特征,可以依据这些字符串序列对多态蠕虫进行有效防御.最后对产生器的功能进行测试.测试结果表明,该产生器能够对程序进行有效的多态处理,为多态蠕虫防御和特征自动提取等研究工作提供有效的实验数据.
展开▼
