| 基于可疑行为识别的PE病毒检测方法 |
| |
| 引用本文: | 王成,庞建民,赵荣彩,王强.基于可疑行为识别的PE病毒检测方法[J].计算机工程,2009,35(15):132-134. |
| |
| 作者姓名: | 王成 庞建民 赵荣彩 王强 |
| |
| 作者单位: | 解放军信息工程大学信息工程学院,郑州,450002 |
| |
| 基金项目: | 国家"863"计划基金资助项目 |
| |
| 摘 要: | 针对当前PE病毒难以防范及查杀的现象,对PE病毒关键技术进行分析,提取病毒典型特征的可疑行为,在此基础上提出一种Windows平台下的静态检测方法。该方法在对程序反编译处理的基础上,以指令序列与控制流图的分析为行为识别依据,完成基于可疑行为识别的病毒检测方法的设计。实验结果证明,该检测方法能有效检测混淆变换病毒。
|
| 关 键 词: | PE病毒 可疑行为 指令序列 控制流图 |
| 修稿时间: | |
Detection Method Against PE Virus Based on Suspicious Behavior Identification |
| |
| WANG Cheng,PANG Jian-min,ZHAO Rong-cai,WANG Qiang.Detection Method Against PE Virus Based on Suspicious Behavior Identification[J].Computer Engineering,2009,35(15):132-134. |
| |
| Authors: | WANG Cheng PANG Jian-min ZHAO Rong-cai WANG Qiang |
| |
| Affiliation: | Institute of Information Engineering;PLA Information Engineering University;Zhengzhou 450002 |
| |
| Abstract: | It is difficult to defend,detect and remove PE virus,in view of this complexion,the analysis of the key techniques of PE virus is presented to distill typical suspicious behaviors of virus.Based on it,a static detection method under Windows platform is introduced.This method,using the decompilation of program,identifies behaviors according to the analysis of instruction sequence and control flow graph,so as to complete the design of virus detection method founded on the identify of suspicious behaviors.Expe... |
| |
| Keywords: | PE virus suspicious behavior instruction sequence control flow graph |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
