期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于可疑行为识别的PE病毒检测方法 被引量:6

Detection Method Against PE Virus Based on Suspicious Behavior Identification
下载PDF
导出
摘要 针对当前PE病毒难以防范及查杀的现象,对PE病毒关键技术进行分析,提取病毒典型特征的可疑行为,在此基础上提出一种Windows平台下的静态检测方法。该方法在对程序反编译处理的基础上,以指令序列与控制流图的分析为行为识别依据,完成基于可疑行为识别的病毒检测方法的设计。实验结果证明,该检测方法能有效检测混淆变换病毒。 It is difficult to defend, detect and remove PE virus, in view of this complexion, the analysis of the key techniques of PE virus is presented to distill typical suspicious behaviors of virus. Based on it, a static detection method under Windows platform is introduced. This method, using the decompilation of program, identifies behaviors according to the analysis of instruction sequence and control flow graph, so as to complete the design of virus detection method founded on the identify of suspicious behaviors. Experimental results prove that the method is effective to detect virus with obfuscation.
作者 王成 庞建民 赵荣彩 王强
机构地区 解放军信息工程大学信息工程学院
出处 《计算机工程》 CAS CSCD 北大核心 2009年第15期132-134,共3页 Computer Engineering
基金 国家"863"计划基金资助项目(2006AA01Z408)
关键词 PE病毒 可疑行为 指令序列 控制流图 PE virus suspicious behavior instruction sequence control flow graph
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献4

  • 1Skoudis E,Zehser L.Malware:Fighting Malicious Code[M].[S.l.]:Prentice Hall,2003.
  • 2戴超,庞建民,赵荣彩.采用条件跳转混淆技术的恶意代码反汇编[J].计算机工程,2008,34(8):153-155. 被引量:5
  • 3Kruegel C,Robertson W,Valeur F,et al.Static Disassembly of Obfuscatod Binaries[D].Santa Barbara,CA,USA:Reliable Software Group,Computer Science Department,University of California,2004.
  • 4Christodorescu M,Jha S.Static Analysis of Executables to Detect Malicious Patterns[C]//Proceedings of the 12th USENIX Security Symposium.BerKeley,CA,USA:[s.n.],2003.

二级参考文献4

  • 1McGraw G, Morisett G. Attacking Malicious Code: A Report to the Infosec Research Council[J]. IEEE Software, 2000, 17(5): 33-41.
  • 2Lakhotia A, Singh P K. Challenges in Getting Formal with Viruses[EB/OL]. (2003-09-01). http://www.virusbtn. com/magazine/ archives/200309/
  • 3Linn C, Debray S. Obfuscation of Executable Code to Improve Resistance to Static Disassembly[C]//Proc. of the 10th ACM Conference on Computer and Communications Security. Washington, D. C., USA: [s. n.], 2003: 290-299.
  • 4Kruegel C, Robertson W, Valeur F, et al. Static Disassembly of Obfuscated Binaries[C]//Proceedings of the 13th Conference on USENIX Security Symposium. San Diego, CA, USA: [s. n.], 2004.

共引文献4

同被引文献26

  • 1李闻天.基于贝叶斯过滤算法的反垃圾邮件策略[J].昆明理工大学学报(理工版),2005,30(3):68-71. 被引量:5
  • 2张铭锋,李云春,李巍.垃圾邮件过滤的贝叶斯方法综述[J].计算机应用研究,2005,22(8):14-19. 被引量:23
  • 3CHEN Dan-wei,LIU Jian-ping,SUN Guo-zi,et al.One formalized method of virus detection[C] //Proc of International Symposium on Computer Network and Multimedia Technology.2009:667-670.
  • 4王硕,周激流,彭博.基于API序列分析和支持向量机的未知病毒检测[J].计算机应用,2007,27(8):1942-1943. 被引量:21
  • 5Moretti E,Chanteperdrix G,Osorio A.New Algorithms for Control-flow Graph Structuring[C] //Proc.of CSMR'01.Washington,USA:[s.n.] ,2001.
  • 6Tao Wei,Mao Jian,Zou Wei,et al.A New Algorithm for Identifying Loops in Decompilation[Z].(2007-08-22).http://www.springerlink.com/content/yt2h26666k63g04q/.
  • 7Tao Wei,Mao Jian,Zou Wei,et al.Structuring 2-way Branches in Binary Executables[C] //Proc.of the 31st Annual International Computer Software and Applications Conference.Beijing,China:[s.n.] ,2007.
  • 8Cristina C,Mike V E.Recovery of Jump Table Case Statements from Binary Code[J].Science of Computer Programming,2001,40(2/3):171-188.
  • 9Nwokedi I, Mathur A P. A Survey of Malware Detection Tech- niques[EB/OL]. (2007-02-02). http://www.cs.purdue.edu/homes/ nidika/serc-tr286.pdf.
  • 10Lee W, Stolfo S J, Chan P K. Learning Patterns from Unix Process Execution Traces for Intrusion Detection[C] //Proc. of AAAI’97 Workshop on AI Approaches to Fraud Detection and Risk Management. Providence, USA: [s. n.] , 1997.

引证文献6

二级引证文献5

计算机工程
2009年 第15期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部