摘要
近年来,恶意代码日益泛滥,时刻威胁着人们的信息财产安全。经研究,很多新型的恶意代码都是已有恶意代码的变种,并通过加壳、多态、代码扰乱等技术对已有恶意代码进行处理,以躲避传统检测技术。因此,研究恶意代码的同源判定技术,根据静态、动态、动静结合的分类方式,对恶意代码同源判定技术进行总结与归类,阐述各种判定方法的基本原理、实现细节、特点及优缺点,以期有效、快速地解决新型恶意代码的检测与处理问题。最后,为促使研究进一步进行,展望了恶意代码同源判定技术的发展方向。
The proliferation of malicious code threatens the information and property security of the people at all times. The facts indicate that many new types of malicious code are variants of the existing code, and by using the deformation, packing, polymorphism, code disruption and other technologies to modify these existing malicious codes, the scanning from traditional detection technologies could be avoided. For this reason, and based on static mode, dynamic and combination of both modes, the homology judgment technologies of malicious codes are summarized and classified, and their basic principles, implement details, features, strengths and limitations also discussed, expecting to effectively solve the detection and processing of newly-emerging malicious codes. Finally, the development direction of homology judgment technologies is forecasted, thus to promote the further research.
出处
《通信技术》
2017年第7期1484-1492,共9页
Communications Technology
关键词
恶意代码
同源判定
代码结构
行为特征
malware
homology judgment
code structure
behavioral feature