Concerning that simplified regular expression (SRE) polymorphic worm defense method is not enough to deal with the worm''s invariant parts and distance constraints,the optimization of SRE using sequence alignment detection was proposed.The process of writing a character on another sequence consisted of three steps including the initialization step,the matrix filling,and the backtracking step.Among them,matrix initialization was used for score comparison between two sequences of characters.The maximum number was selected for filling matrix,keeping a pointer pointing to the position of derived parameters previous scoring.Each branch of backtracking represented an optimal alignment.The above steps maximized the total number of matching,rather than matched continuous sub-string.Sequence alignment detection was used for string matching of the longest common string (LCS).The evaluation results show that the optimized SRE method can successfully obtain a continuous sequence,and retain all wild-cards for polymorphic worms.Compared to Autograph,Polygraph and SRE methods,the proposed method is more accurate and efficient for the generation of the feature codes.%针对简化正则表达式(SRE)的多态蠕虫防御方法不足以处理蠕虫的不变部分和距离限制等问题,提出一种利用序列比对检测的优化SRE.比对一个序列在另一个序列上编写字符的过程包括3个步骤,即初始化步骤、矩阵填充和回溯步骤.初始化矩阵用于比较两个序列间字符的得分;填充矩阵选择最大数,保持指针指向导出参数的先前得分位置;回溯的每个分支代表一个最优的比对.考虑到上述步骤最大化了匹配总数量,而非匹配连续子串,采用逐对序列比对检测,对最长公共子串(LCS)的字符串进行匹配.评价结果表明,优化SRE方法能够成功获得连续序列,保留了多态蠕虫的所有通配符,相比于Autograph、Polygraph和SRE方法,其生成的特征码更加精确和高效.
展开▼
