基于统计流形的多态蠕虫自动检测研究

项目名称： 基于统计流形的多态蠕虫自动检测研究

项目编号： No.61272541

项目类型： 面上项目

立项/批准年度： 2013

项目学科： 自动化技术、计算机技术

项目作者： 张运凯

作者单位： 河北师范大学

项目金额： 80万元

中文摘要： 快速而准确的提取蠕虫特征对于检测多态蠕虫至关重要。本课题针对多态蠕虫不变量特征集合中高维、多量特性带来的存储、计算复杂度过高的问题，研究海量不变量特征的高效索引与匹配。不变量特征集合的紧致表示是高效匹配的关键。本课题首次提出运用信息几何学中的统计流形方法，对不变量特征集合建立统计模型，采用费舍尔信息距离匹配概率密度信息，实现统计分布信息的低维流形嵌入，生成不变量特征集合的紧致描述向量。在此基础上，建立从集合整体到局部元素的索引结构和计算模型，实现多态蠕虫特征的高效匹配。统计流形方法能够实现高维统计分布信息的高效表达，而多级矢量量化技术可提高特征的匹配效率和准确度。本课题将二者有机结合，其特色是能够降低蠕虫特征的存储和计算复杂度、提高匹配效率，并且能够满足实际网络环境应用中对检索精度和检索速度的不同需求。

中文关键词： 多态蠕虫；统计流形；特征树；传播模型；稳定性

英文摘要： A fast and accurate generation of worm signature is essential in efficiently detecting polymorphic worms. Aiming at the problems, such as the high storage and the high computation complexity produced by high-dimensional and multiple characteristics in invariant sets, we study the efficient indexing and matching of massive invariants. The compact description of invariant sets is the key of efficient matching. This project provides the first work to use the statistical manifold in information geometry. Firstly, we establish a statistical model of invariant sets. Furthermore, we use the Fisher information distance to match the probability density information, and achieve the low-dimensional manifold embedded of statistical distribution information. Finally, we generate compact description vectors of invariant sets. On this foundation, we establish an indexing structure and computational model from the whole set to the local element, and obtain an efficient signature matching of polymorphic worms. Statistical manifold methods can achieve an efficient expression of high-dimensional statistical information distribution; however, multi-stage vector quantization algorithms can improve the matching efficiency and accuracy of signatures. The combination of the two methods can not only reduce the worm signatures' storage a

英文关键词： polymorphic worm；statistical manifold；signature tree；propagation model；stability