| 一种基于信息熵的PE文件加壳检测方法 |
| |
| 引用本文: | 樊震,杨秋翔.一种基于信息熵的PE文件加壳检测方法[J].电脑开发与应用,2009,22(3):7-8. |
| |
| 作者姓名: | 樊震 杨秋翔 |
| |
| 作者单位: | 中北大学电子与计算机科学技术学院,太原,030051 |
| |
| 摘 要: | 病毒文件经常加壳且壳的种类繁多,壳的特征经常变化。导致现有的基于特征库的壳检测软件经常失效,不能判断出一个文件是否加壳。提出一种基于信息熵的文件加壳检测算法,可以在壳特征经常变化的情况下,对文件是否加壳做出有效的判断。
|
| 关 键 词: | 熵 壳 PE文件 |
Another PE File Shell-Adding Detecting Method based on Information Entropy |
| |
| Fan Zhen et al.Another PE File Shell-Adding Detecting Method based on Information Entropy[J].Computer Development & Applications,2009,22(3):7-8. |
| |
| Authors: | Fan Zhen |
| |
| Abstract: | Virus file usually have various shell outside and its feature vary often.Thus,shell detecting software which rely on Shell Feature will fail.They cann't judge if the file has shell on it.This article bring forward one method of file shell adding detecting based on Information enthopy.This method can still provide right judgement on file shell condition even though the shell's feature change often. |
| |
| Keywords: | entropy hull PE file |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
