针对多态技术下变形蠕虫的特征与自动提取算法的问题,提出一种多态蠕虫特征描述方法,并给出特征码自动提取算法。这种结合了 PADS 和 Polygraph 优点的 MS-PADS 特征提取方法,能在强噪声下快速提取高质量的多态蠕虫特征,具有低误报率、检测精度高和通用性好等特点。%This paper researches the feature description and automatic signature generation algorithm of polymorphic worms. It proposes a new signature generation approach for polymorphic worms - MS-PADS (multiple separated string position-aware distribution signature), which integrate the advantage of PADS and Polygraph. It solved the problem of PADS signature width determination under strong background noise conditions. This method could generate high quality signatures of polymorphic worms with low false-positive rate and high detection precision rate.
展开▼
