| As the21st century progresses, it has entered a highly information-orientedand digital age, and the internet has become an essential part of people’s lives.Internet, however, is not a harmless environment. It is continually threatened by avariety of malwares, and worm is one of the fastest-spreading and most widelyhazards malwares. That’s because worms have some unique features which othermalwares don’t have. That’s to say, worms can attack vulnerabilities independentand spread it, so the outbreak of worms always bring enormous economic losses.To some extent the emergence of Intrusion Detection System has alleviated thedamage of worms, and many of Intrusion Detection Systems are based on contentinspection. Specifically, Intrusion Detection Systems can detect and control wormsaccording to signature existing in database. However for those worms that are newemerging or whose signature doesn’t exist in database of signatures, detectioncapability of intrusion detection system is very limited. Therefore, it is importantand valuable to do research on the signature extraction technology of worms.This research analyzes the existing technology of worm signature automaticgeneration, and the study carries out a detailed comparative analysis of theeffective generation technique which used bioinformatics sequence alignmentalgorithm, and found the accuracy of some algorithms used to generate wormsignatures need to be improved. According to the shortages, this research makesimprovements. The results of Needleman Wunsch (NW) algorithm which is theclassic global sequence alignment to generate the worm signature are biasedtowards the global strategy of signature and often miss locally continuousfragments which are effective. The results of Smith Waterman (SW) algorithmwhich is the classic local sequence alignment to generate the worm signatures arebiased towards the local strategy of signature and often miss the global strategy ofsignature. Normalized Local Alignment (NLA) algorithm is based on theimprovement of SW algorithm, but they don’t have significant difference at theresults of signature generation. Contiguous Substrings Rewarded (CSR) algorithmis based on the improvement of NW algorithm, and it can generate some localsequence alignment. But there still exists some local sequence alignment that CSRalgorithm cannot extract and the efficiency of CSR algorithm is much lower. Thisstudy proposes Local Alignment with Global Strategy (LAGS), LAGS algorithmnot only takes reward contiguous substrings function about adjacent continuouscharacters of CSR algorithm as lessons, but also adds the penalty function ofadjacent continuous space on the base of SW algorithm. The changes make the study both have the advantage of partial fragment priority and fast backward oflocal algorithms, and the advantage of integrity of the global algorithm. This studyalso make comparison among LAGS algorithm,NW algorithm, SW algorithm,NLA algorithm and CSR algorithm, and choose false positive rate, false negativerate, global integrity and local continuity of signature as evaluation criterion.Experimental results show that the approach of LAGS algorithm works better thanthe other algorithms, because it has better integrity and less fragments. |
PDF Full Text Request