摘要
特征代码检测方法是一种严谨的病毒检测解决方法,在病毒防杀领域应用很广泛,具有较大的研究价值。对几种病毒检测技术分析研究,并且以文件过滤驱动的方法对特征代码检测方法进行了实现,针对这种方法的缺点提出了优化方案,添加专门的内核线程负责处理规则匹配。经过测试表明,优化方案比原有的方法处理速度更快。
Characteristic code detection is a conscientious and careful solution of virus detection, which is used widely in virus defence and killing area, and is highly valuable to research. In the paper we analyzed and studied a couple of virus detection technologies, and realized the characteristic code detection based on file filter driver. We proposed to optimise this method in allusion to its disadvantages by adding special kernel thread to deal with the rule matching. According to the test, the method can work faster than the original one.
出处
《计算机应用与软件》
CSCD
2010年第8期286-288,共3页
Computer Applications and Software
基金
国家自然科学基金项目(60473030)
四川省科技厅科技攻关项目(05GG007-008)
关键词
文件过滤驱动
特征代码
内核线程
File filter driver Characteristic code Kernel thread
