网络蠕虫研究与侦测

Research on network worm and detection

跳出传统防病毒技术路线,研制以行为自动监控、行为自动分析、行为自动诊断为新思路的主动防御型系统,从根本上克服现有杀毒软件的重大缺陷,建立主动防御为主、结合现有反病毒技术的综合防范体系。从目前最新的防病毒技术着手,分析并比较行为监视、分析,启发式扫描以及入侵检测技术,结合以上各个技术来对未知的病毒进行主动识别、防御。实验数据证明,CAW(Collaborative Anti-Worm)引擎在不依赖任何病毒库的前提下,能够捕捉到大约60%的蠕虫病毒。

Not following the traditional anti-virus technology, this paper uses the behavior monitor, analysis and detect automatically as the research direction to implement the active prevention system, it overcomes the serious defect about the current system. It adopts the newest anti-virus technology, compares and analysis the detected behavior, associates with Heuristic-based scanning and intrusion detect scanning, to detect and judge the dubious files. Based on the experiment data, CAW （Collaborative Anti-Worm） engine can detect about 60% worm without any virus pattem. If using the virus pattern, it can help to increase the detect rate about 5%.