摘要
病毒检测与防御是计算机安全中的一个很重要的研究课题。目前,计算机病毒的花样不断地翻新,并大量使用了多重加密壳、变形、多态,传统的恶意代码查杀技术很难进行正确的查杀,这是因为病毒代码被感染后,为了躲避检测会对自己本身的代码修改替换。即使是针对未知的恶意代码,如果只是运用简单的模式匹配算法,也会被恶意代码欺骗而逃避检测。本文介绍了一种能够检测以上未知恶意代码的方法。具体来说,首先将病毒的二进制代码进行反汇编,在汇编代码层次上进行检出以及通过汇编层次检测出的模式学习和根据学习结果的分类判定来进行检测。
It is a very important research topic to detect and prevent virus in computer security.At present,computer virus types increased and upgraded constantly,most of virus used encryption shell technology and had formation,polymorphism characteristics.Thus traditional malware killing technology is difficult to correctly check kill,because the virus code can avoid detecting after infection of the modified code itself to replace.Even for the unknown malicious code,if just simple pattern matching algorithm,will also be cheated by the malicious code and escape the detection.This paper puts forward a method which can improve detection rate of malicious code unknown.Firstly,the binary code of virus is disassembled.Secondly,the disassembled code is to detect by pattern study,and according to the judgment of study result classified to detect.
出处
《科技广场》
2012年第1期147-149,共3页
Science Mosaic
基金
湖南省永州市科技计划项目:数据挖掘在未知病毒检测的应用研究(09XKYTC007)
关键词
病毒检测
未知病毒
汇编语言
Viruses Detecting
Unknown Viruses
Assembly Language
