未知病毒的行为分析和防御

Methods of behavior analyzing and system recovery on unknown computer viruses

目前大多数反病毒软件只删除病毒文件,不能恢复受损的系统配置.分析病毒行为可以更精确地得出病毒的工作机理,是修复受损系统的重要途径.该文研究病毒和蠕虫在操作系统中的感染特征,得出了检测和防御未知病毒的普遍、快速而有效的方法.提出清除新病毒的行为逆转(BRB)模型,这种模型可通过分析病毒行为自动修复未知病毒对系统的损坏.

This paper presents how viruses reside and execute on Windows operating systems. Most of current anti-virus software which rely on virus character analysis can be cheated by modifying the virus＇s relative code. They cannot recover system configurations after virus infection, too. To resolve this problem, a general and effective method was proposed to manually detect and clear the virus, which is the only way to repair the system in some eases. The behavior rolling back（BRB） mode can recover the systems after viruses infection by analyzing the behavior of the unknown viruses.