浅析恶意代码的机理及其模型

Analysis of Mechanism and Its Model of Malicious Code

本文从操作系统的结构性缺陷角度,阐述产生恶意代码的源头,指出当前通用PC操作系统把设备驱动、文件系统等功能都纳入系统内核,导致内核代码庞大,增加了系统保护工作的难度。并对计算机病毒的传播机理进行了形式化描述,研究了蠕虫程序的模块结构,建立了数据驱动型软件攻击的理论模型,分析了其构成威胁的本质原因。

In view of the structural defects of operating system, the paper explains the source of generating malicious code, points out that in general-purpose PC operating system, the device drivers,file systems and other functions are incorporated into the operating system kernel, resulting in a large kernel code, so that the system is more difficult to protect. The paper also makes a formal description of the spread mechanism of computer viruses, and studies the module structure of worm process sequence. Finally it establishes the theoretical modal of data--driven attack software and aanalyzes its threat nature.