摘要
在传播过程中,越来越多的计算机病毒利用加密、多态、变形等技术来改变自身代码形态,提高自我保护能力,以躲避反病毒软件查杀。然而,传统的多态、变形技术存在体积膨胀、实现复杂等严重缺陷。针对这些问题,通过分析PE文件的框架结构,结合PE文件中存在冗余的特点,提出了空间多态的概念,并详细阐述了空间多态技术的工作原理,设计实现了空间多态引擎,最后进一步分析了空间多态技术的鲁棒性。
Many computer viruses use polymorphic and metamorphic techniques to mutate their code on each replication as they propagate,thus protecting themselves from antiviruses.However,there are still some disadvantages existing in traditional polymorphic and metamorphic techniques.These techniques are too difficult to implement.What`s more,it could lead to size expansion,when viruses spreading among computers.In response to these shortcomings,by analyzing the PE file frame structure,according to the characteristics that redundancy existing in the PE file,space polymorphic technique is proposed.Then,the principle of space polymorphic technique is introduced in detail,as well as the design implementation of space polymorphic engine.At last,robustness of space polymorphic technique is analysed for further research.
出处
《计算机科学》
CSCD
北大核心
2014年第S1期347-351,共5页
Computer Science
基金
科技部863计划(2012AA011206)
中国科学院创新基金项目(CXJJ-11-S101)资助