

【作者】 蔡志平

【导师】 殷建平;

【作者基本信息】 国防科学技术大学 , 计算机科学与技术, 2001, 硕士

【摘要】 随着计算机病毒越来越猖獗,计算机安全越来越受到人们的重视,计算机反病毒技术也发展得越来越快。当今最新最先进的讨算机反病毒技术,有实时扫描技术、启发式代码扫描技术、虚拟机技术和主动内核技术等。这些技术各有特点,但是应用起来仍然不够成熟。现有计算机反病毒软件虽然在对抗病毒方面发挥了巨大的作用,但是仍有不尽人意之处,尤其是对付未知病毒缺乏足够有效的方法。 本文透彻分析了计算机病毒的本质特征和传播手段,提出了一些未知病毒检测方法。在综合研究了PE文件格式和操作系统Ring 0代码执行技术的基础上,作者提出了一种检测Windows平台下文件型病毒的方案,并给出了具体实现,得到了比较好的测试结果。该方案具有不需要计算机病毒特征库、实时检测和可防范未知病毒等技术特点。 本文还研究了入侵检测技术和程序演化技术等信息安全领域内的其他技术,它们可以为计算机病毒检测和防范提供很好的借鉴。作者总结了两种基本的入侵检测方法,并提出了入侵检测技术所需解决的一些问题;总结了各种程序演化技术,阐述了这项技术应用在信息安全领域的原理,并说明了几个实例,最后指出了它在实际应用中存在的问题。

【Abstract】 With computer viruses being more and more rampant,computer security has been paid more attention. And anti-virus techniques are developed more rapidly too. Nowadays there are some new and advanced anti-virus techniques,such as real-time scanning,heuristic code scanning,virtual machine and active kernel technique etc. The application of these techniques is not mature enough even if each of them has its characteristics. New anti-virus technique is updated as new virus appears constantly. The existing anti-virus software plays an important role to deal with computer viruses. But it still has not satisfied the security requirements and lacks effective methods to deal with unknown viruses especially.The essential characteristics and propagating principles of computer viruses are analyzed thoroughly in this thesis. And some detection methods to unknown viruses are presented. After studying the form of PE files and the execution technique of Ring 0 codes in operating system synthetically,a scheme to detect viruses of file type under Windows platform has been put forward. The implementation and performance are also mentioned here in detail. This scheme does not need the characteristic database of computer viruses,and can take precautions against some unknown viruses in real time.The intrusion detection technique and program evolution technique that can provide reference for the detection and cleaning of viruses have also been studied. There are two kinds of intrusion detection systems used in computer systems and LANs today. Some difficult challenges in intrusion detection systems are pointed out. The program evolution technique and its application in information security are summarized later. And some problems in the practical application of this technique are indicated at last.

  • 【分类号】TP309.5
  • 【被引频次】17
  • 【下载频次】1936