节点文献
反变形病毒技术研究及策略分析
Thinking in Virus’s Polymorphism Technology and Antivirus Strategy Design
【作者】 张勐;
【导师】 杨大全;
【作者基本信息】 沈阳工业大学 , 计算机应用技术, 2004, 硕士
【摘要】 随着人们对计算机安全要求的不断提高,计算机病毒作为计算机安全的主要威胁,正在受到人们广泛的关注。同时,目前的计算机病毒技术与十几年前的计算机病毒技术已经有了很大变化,其中一个主要区别就是计算机病毒变形技术的出现,而且更为严重的是,在过去的几年里,病毒变形技术已经越来越走向成熟,几乎每天都有新的变形病毒出现,而且其复杂程度也是同益增加。本课题正是针对这种情况,致力于全面剖析变形病毒的特征,确定反病毒策略,并编制相应的病毒检测软件。 本课题首先对变形病毒的概念进行了深入的研究,在和其它分类方法进行比较的基础上提出了代码演化式的分类方法。对典型的变形病毒Win98.BlackBat进行了深入剖析,特别是其病毒体的自我保护技术,并总结出了病毒的基本特征。考虑到传统的反病毒手段对于变形病毒已经基本失效,因此确定了利用PE格式文件头信息通过行为检测技术来对病毒进行检测的动态的反病毒策略。同时,本课题还总结了十条与PE格式文件文件头信息相关的病毒特征。为了提高检测的精度,提出了扫描引擎的准确性校正方案,设计了总体校正与局部校正相结合的算法。根据所确定的反病毒策略及所设计的算法,实现了一个病毒检测软件,并在实际应用中取得了良好的效果。 本课题主要解决的难点问题包括:分析变形病毒的自我保护机制及其实现;总结用于病毒检测的检测规则,提出针对变形病毒的基于行为检测的动态的病毒检测技术;解决病毒检测软件在病毒扫描过程中系统的安全性问题;提出一个动态的扫描引擎的校正方案。
【Abstract】 Nowadays, computer system’s security is becoming more and more significant in people’s daily lives. As a result, people pay more attention to computer viruses because of their threaten to the computer system. Especially, virus’s polymorphism technology is almost pervasive in every comer of the PE file virus technology. By analyzing some typical virus samples, this dissertation mainly deals with the analysis on the polymorphic virus technology and antivirus strategy design. As a main difference between today’s computer virus and the ones of ten more years ago, polymorphism is becoming not only more and more popular and serious but also more and more advanced. The polymorphic viruses are changing their codes every minute. As a result, new virus can be discovered every day in our life. The purpose of this dissertation is to tackle this problem by designing a strategy and developing a scanner to detect the polymorphic virus.In the first place, this dissertation takes an overall look on the polymorphic virus technology and gives a complete concept of polymorphic virus which bases on the evolution of code. In the second place, this dissertation analyzes Win98.BlackBat computer virus that is a most typical polymorphic virus, especially the self-protection mechanism of the virus, and tries to make an access to the gate of tackling the problem of polymorphic virus. In the third place, even though the polymorphic viruses are extremely hard to detect, this dissertation tries best to find a way to deal with them. By concluding ten rules of virus detect based on the analysis of virus and PE files’ information, this dissertation designs a strategy of virus detect. In the fourth place, this dissertation develops an arithmetic combined by overall correct and part correct which can amend the virus detect engine. Most important, every rule has its own unique revised system that can help the scanner to be more and more accurate. The last but not the least, basedon the above strategy and arithmetic, this dissertation develops a virus detection scanner that is usable and effective.In this dissertation, it tackles the following problems. Firstly, analyze the virus’ self-protect ion mechanism and its methods. Secondly, make a strategy of virus detect based on ten detect rules which calls heuristic analysis. Thirdly, tackle the security problem when detecting the virus. Fourthly, develop a arithmetic of correcting the detect scanner engine.
【Key words】 Polymorphic virus technology; Polymorphism; Heuristic Analysis; Scanner;
- 【网络出版投稿人】 沈阳工业大学 【网络出版年期】2004年 04期
- 【分类号】TP309.5
- 【被引频次】4
- 【下载频次】303