摘要
指令虚拟机技术是当今反病毒领域采用的核心技术之一,绝大多数杀毒软件的扫描引擎均采用指令虚拟技术来分析文件,以还原这个程序的行为是否会威胁到系统安全,根据这个进程的行为特征判断它是否是病毒或木马。针对杀毒软件中指令虚拟机的特点,研究虚拟环境与真实环境的差异,在深入分析指令虚拟机和计算机病毒木马本质特征的基础上,理论与实践研究相结合,给出目前杀毒软件中指令虚拟机的脆弱性分析。
Instructions virtual machine technology is one of the core technologies used in today's anti-virus field, the vast majority of anti-virus software scan engines use virtualization technology to analyze file and to revert the behavior of this program whether will be a threat to system security or not. According to this process behavioral characteristics,it is determined whether it is a virus or Trojan. Aiming at features of the virtual machine in anti-virus software, the difference between virtual environments and real environment were researched. Based on in-depth analysis of the virtual machine technology and the essential characteristics of a computer virus and Trojan, theory and practice of research were combined and the analysis of virtual machine instructions vulnerability in current anti-virus software was given.
出处
《电信科学》
北大核心
2016年第10期165-174,共10页
Telecommunications Science
关键词
杀毒软件
指令虚拟机
脆弱性
anti-virus software
instructions virtual machine
vulnerability
