Aiming at the problem of the current polymorphic worm feature extraction method does not handle noise, and the worm features which are extracted can not detect polymorphic worms effectively, this paper proposes an improved feature extraction algorithm. This algorithm extracts the features of the worm from the suspicious flow pool which have k worm series in n series by the Gibbs algorithm, then uses the method of color coding to improve the efficiency of algorithms' run in the process of identifying the worm series. Simulation results show that this approach can reduce the time and space overhead. Compared with the existing feature extraction algorithms, this algorithm can effectively extract the polymorphic worm when there is noise in the suspicious pool.%大多数多态蠕虫特征提取方法不能很好地处理噪音,提取出的蠕虫特征无法对多态蠕虫进行有效检测.为此,提出一种改进的多态蠕虫特征提取算法.采用Gibbs算法从包含n条序列(包括k条蠕虫序列)的可疑流量池中提取出蠕虫特征,在识别蠕虫序列的过程中基于color coding技术提高算法的运行效率.仿真实验结果表明,该算法能够减少时间和空间开销,即使可疑池中存在嗓音,也能有效地提取多态蠕虫.
展开▼
