摘要
对形式化语义在启发式病毒检测引擎上的应用进行了研究,在分析了基于虚拟机技术的反病毒检测引擎的效率问题后,又分析了启发式病毒检测引擎,发现其规则的选取对病毒判断的准确率影响很大,提出基于形式化语义的启发式病毒检测引擎。进行了计算机病毒语义关系框架及数据结构的设计,通过深入剖析不同病毒程序传染部分的代码结构,从而总结出病毒程序的典型语义特征,形成描述其典型语义特征的语义关系框架;在检测时抽取蕴涵在待检程序中的语义,进而建立描述程序语义关系框架;计算二者的匹配程度来确定程序是否含有恶意程序,从而达到检测未知病毒的目的。
The efficiency of anti - virus engine based on virtual machine technology and the Heuristic anti - virus engine are analyzed. It is found that rule selection has greatly impact on the virus judgment. Accordingly, a heuristic anti - virus engine based on formal semantics is proposed. The semantic relation frame and data structure of viruses are designed. By deeply analyzing the code structure of the contaminating parts of different viruses, typical semantic characteristics of a virusxare summarized, by which the semantic relationship frame depicting its typical semantic feature is formed. In checking, the semantics embedded in the sample procedure is withdrawn, by which the semantic relation frame describing the procedure is set up. By calculating the matching degree of the two frames, whether it is a procedure including hostile program can be ascertained. Therefore, an unknown virus can be detected.
出处
《辽东学院学报(自然科学版)》
CAS
2008年第3期167-172,共6页
Journal of Eastern Liaoning University:Natural Science Edition
关键词
虚拟机
启发式病毒检测
语义框架
virtual machine
Heuristic anti -virus detection
semantic frame
