Research Of Attack Signature Automatic Generation Based On Multiple Hierarchy And Sequence Alignment

With the increase of network attacks, how to keep network work correctly, safely and smoothly has been a major challenge in the information age. Intrusion detection system based on attack signature database is very efficient, but attack signature database is builded manually by security experts. For the current complex and high-speed network environment, traditional signature generation methods are not suitable. Attack signature automatic generation without artificial help can generate signatures for intrusion detection system quickly and accurately.According to current automatic attack signature generation methods, an universal framework and evaluation criterions are proposed, then principles and characteristics of methods are analyzed comparatively, and problems of current research and issues to be further studied are discuss-ed. Sequence aligment faces fragments, shadow effect and mosaic effect when it used for attack signatures generation. an improved Normalized Local Alignment(INLA) is used to get more substring with semantic information by introducing continuous matching characters awards, and linear gap penalty is presented to eliminate the effect of continuous gap. To resolve the mosaic effect dynamic gap penalty is designed to process the conserved region quickly if the aligment is staying in conserved region. The results show INLA algorithm can generate substring with less fragments and more continuous matching characters.Aiming at the fact that current approaches for attack signature automatic generation have problems in noise-tolerance and the accuracy of attack signatures, an approach based on hierarchically pruning strategy (HPS) is presented. Hierarchical structure makes the pair-wise alignment between layers run independently and proceed at the same time to increase computational efficiency. The noise sequences are judged by the pruning criterion and confidence interval, and compared with the results of other sequence alignment to eliminate noise interference in the final result. The experimental results show that this approach have better noise-tolerance and generate more accurate signatures.