【作者】 夏方遒；

【导师】 贾小珠；

【作者基本信息】 青岛大学 ， 计算机软件与理论， 2007， 硕士

【摘要】 计算机病毒出现以来，已对个人计算机系统及网络安全造成了巨大危害。随着计算机应用范围的进一步扩大，计算机病毒数量急增，并一直处于不断进化和高速发展的过程。目前，大多数反病毒软件能够有效地预防已知病毒，但无法很好地预防未知病毒，结果是先有病毒发作后有防护，始终处于被动防御状态，滞后于病毒攻击技术的发展，无法从根本上解决计算机中用户资源的保护问题。计算机病毒检测中遇到的问题与生物免疫系统遇到的问题极为相似，生物免疫系统使用一系列免疫机制有效解决了该问题，所以模拟使用免疫机制的人工免疫系统是解决该问题的一个方向。本课题在这种：背景下开展工作，它借鉴了生物免疫系统的基本原理，将人工免疫技术应用于反病毒的研究中。论文的主要工作包括：1．研究了计算机病毒的最新发展，分析了传统病毒检测技术存在的问题，阐述了计算机免疫的基本原理以及计算机病毒免疫系统的研究现状。2．将传统的反病毒技术与计算机免疫原理相结合，提出了一个基于免疫原理的程序自动保护系统方案，指出了该系统应具有的功能和特性目标，并设计了程序自动保护系统的整体结构。该系统采用层次结构，实施三层防御，具有多种免疫特性，能够预防各种已知和未知病毒，保护计算机中资源的完整性。3．研究了程序保护系统中使用的关键技术，具体包括Self集、Nonself集的构造技术，检测器的构造与检测匹配算法，检测器集的构造技术。其中重点研究了支持恢复原始数据的Self集的构造技术，并提出了一种新的检测器集构造方法。支持恢复原始数据的Self集对于诸如工业现场控制等小规模程序系统的保护具有重要意义，新的检测器集构造方法则大大压缩了检测器的空间存储复杂度，降低了对“非自我”检测的计算复杂度，能够很好地用于实际的程序保护系统。论文的最后，对本课题的研究工作进行了总结，并对下一步工作进行了展望。更多还原

【Abstract】 The appearance of computer viruses has caused huge damage to personal computersystems and network securities. With the expansion of computer applications to newareas, the number of viruses has been increasing rapidly. Virus has been evolving andunder fast development. So far most of the anti-virus software are capable of protectingfrom known viruses effectively, however they can hardly guard against unknownviruses. The result is, protection always comes after the damage caused by virus. Theprotection is always passive, and lags behind the development of attacking techniquesof viruses. This is not a good solution to the problem of protecting computer resources.The problems in computer virus detection are similar to those in biological immunesystem. The immune mechanisms in biological immune system have solved theproblems effectively. Simulating the biological immune system in computer artificialimmune system is one of the ways to solve the problem. This research is conducted onapplying the principle of biological immune system to anti-virus investigation viaartificial immune system.This thesis includes the followings:1. The most recent development of computer virus is investigated. Problems intraditional virus detection techniques are analyzed. The principle on artificialimmune system is explained and present situation in the research is described.2. A proposal on program automatic protection system is suggested based onimmune principle and traditional anti-virus techniques. The functionalities andfeatures of the system are indicated. The overall architecture of the system isdesigned. The system has layered structure with 3 layers’ defense. It has multipleimmune properties and is capable of preventing known and unknown viruses,protecting the resource integrity in computer.3. The key techniques in program protection system are investigated, whichinclude structure of Self set and Nonself set, structure of detector and matchalgorithm, and the structure techniques of detector set. Emphasis is put on theconstruction technology of Self set that supports the recovering of original data,and a new construction method of detector set is proposed. Self set hassignificant importance in the protection of small scale program systems such asindustry worksite control. The construction of new detector set greatly decreasedthe complexity of detector storing space. It also decreases the computingcomplexity on "Nonself" detection. This can be well applied to practicalprogram protection systems.At the end of this paper, it summarizes the work as well as looks ahead about the futureresearch.更多还原