

Computer Virus Detection Method Based on Program Semantic

【作者】 陈月玲

【导师】 贾小珠;

【作者基本信息】 青岛大学 , 计算机应用技术, 2007, 硕士

【摘要】 近几年计算机病毒以惊人速度蔓延,计算机安全越来越受到人们的重视,计算机反病毒技术也发展的越来越快。当今最新最先进的计算机反病毒技术,有主动内核技术、启发式代码扫描技术、虚拟机技术、基于免疫原理的病毒检测技术等。这些技术各有特点,但是应用起来仍然不够成熟。现有计算机反病毒软件虽然在对抗病毒方面发挥了巨大的作用,但是仍有不尽人意之处,尤其是对付未知病毒缺乏足够有效的方法。本文对Windows操作系统下各种病毒的作用机理及当前病毒采用的各种新技术进行了深入的研究。并提出了基于程序语义的计算机病毒检测方法。首先,深入剖析了不同病毒代码的结构特点,总结出了不同病毒程序传染行为模式的典型语义特征,形成了描述其典型语义特征的语义关系框架。最后,进行了数据结构设计,模式库采用层次化的框架结构。这种存储方法完整、准确地描述了病毒程序传染行为的典型语义特征。具有较好的继承性、可扩展性和知识的一致性。其次,研究了如何抽取蕴涵在程序中的语义,进而形成描述程序语义的语义关系框架。从原程序到语义关系框架转换系统的算法和工作流程进行了详细设计。最后,对病毒检测系统的核心——检测引擎进行了较为详细的设计与分析。最后,进行了病毒检测实验,结果表明该检测方法是一种较为有效的未知病毒检测方法。

【Abstract】 Recently years, the computer viruses spread with astonishing speed. Computersecurity has been paid more attention. And anti-virus techniques are developed morerapidly too. Nowadays there are some new and advanced anti-virus techniques, suchas active kernel technique, heuristic code scanning, virtual machine and the principleof immunity etc. The application of these techniques is not mature enough even ifeach of them has its characteristics. New anti-virus technique is updated as new virusappears constantly. The existing anti-virus software plays an important role to dealwith computer viruses. But it still has not satisfied the security requirements and lackseffective methods to deal with unknown viruses especially.Each kind of virus’s action mechanism and the current virus using of newtechnology are analyzed thoroughly under Windows operating system. And a newvirus detection method was proposed based on program semantic.First, the thesis analyzed the code unique feature of different viruses andsummed up the typical semantic characteristics in the module of infection. Semanticrelations frame, which can describe the semantic characteristics, was formed. Thepattern database uses hierarchical framework. This frame offers full specification ofthe typical semantic characteristics in the module of infection. Its greatest merit lies insuccession, extensibility, uniformity of knowledge.Second, the thesis researched how to extract program semantic that is implied inthe program. Semantic relations frame, which can describe the program semantic, wasformed. Algorithm and the work flow of transformation system from the originalprocedure to the semantic relations frame are given a detailed description. Then thisthesis introduces the virus detection engine which is the most important component inthis system.Last, the experiment of virus detection is carried. The result of the experimentindicates that it is a feasible way for unknown virus detection.

  • 【网络出版投稿人】 青岛大学
  • 【网络出版年期】2008年 01期
  • 【分类号】TP309.5
  • 【被引频次】6
  • 【下载频次】510