Characterization of virus replication

New viruses spread faster than ever and current signature based detection do not protect against these unknown viruses. Behavior based detection is the currently preferred defense against unknown viruses. The drawback of behavior based detection is the ability only to detect specific classes of viruses or have successful detection under certain conditions plus false positives. This paper presents a characterization of virus replication which is the only virus characteristic guaranteed to be consistently present in all viruses. Two detection models based on virus replication are developed, one using operation sequence matching and the other using frequency measures. Regression analysis was generated for both models. A safe list is used to minimize false positives. In our testing using operation sequence matching, over 250 viruses were detected with 43 subsequences. There were minimal false negatives. The replication sequence of just one virus detected 130 viruses, 45% of all tested viruses. Our testing using frequency measures detected all test viruses with no false negatives. The paper shows that virus replication can be identified and used to detect known and unknown viruses.     

Antivirus security: naked during updates

The security of modern computer systems heavily depends on security tools, especially on antivirus software solutions. In the anti‐malware research community, development of techniques for evading detection by antivirus software is an active research area. This has led to malware that can bypass or subvert antivirus software. The common strategies deployed include the use of obfuscated code and staged malware whose first instance (usually installer such as dropper and downloader) is not detected by the antivirus software. Increasingly, most of the modern malware are staged ones in order for them to be not detected by antivirus solutions at the early stage of intrusion. The installers then determine the method for further intrusion including antivirus bypassing techniques. Some malware target boot and/or shutdown time when antivirus software may be inactive so that they can perform their malicious activities. However, there can be another time frame where antivirus solutions may be inactive, namely, during the time of update. All antivirus software share a unique characteristic that they must be updated at a very high frequency to provide up‐to‐date protection of their system. In this paper, we suggest a novel attack vector that targets antivirus updates and show practical examples of how a system and antivirus software itself can be compromised during the update of antivirus software. Local privilege escalation using this vulnerability is also described. We have investigated this design vulnerability with several of the major antivirus software products such as Avira, AVG, McAfee, Microsoft, and Symantec and found that they are vulnerable to this new attack vector. The paper also discusses possible solutions that can be used to mitigate the attack in the existing versions of the antivirus software as well as in the future ones. Copyright © 2013 John Wiley & Sons, Ltd.     

一种监测计算机病毒的方法

在分析32位计算机病毒的编制和运行的基础上,提出对病毒进行自动化分析的观点,并基于面向对象技术进行了实现。改进了手动分析病毒的传统方式,深层理解病毒在宿主内的行为,方便了防毒软件的编写。同时对未知病毒的防治也有积极的意义。     

一种基于BP神经网络与蚁群算法的病毒检测

由于病毒技术在不断地更新之中,如今的部分病毒具有自我变形的能力。在面对具有自我变形能力的病毒时,传统的病毒检测方法容易产生漏警和虚警。为了增强杀毒软件对病毒的感知力,使得杀毒软件具有一定的智能性十分必要。     

浅析杀毒软件的现状及趋势

随着病毒的破坏力越来越大,杀毒软件成为人们关注的焦点。文章首先从杀毒软件的两个重要产品（单机版和网络版）分析了杀毒软件的发展历程,然后对杀毒软件未来发展趋势提出了本人的观点,认为在杀毒技术上,要变被动为主动;在营销模式上,由收费走向免费。     

The impact of countermeasure propagation on the prevalence of computer viruses

Countermeasures such as software patches or warnings can be effective in helping organizations avert virus infection problems. However, current strategies for disseminating such countermeasures have limited their effectiveness. We propose a new approach, called the Countermeasure Competing (CMC) strategy, and use computer simulation to formally compare its relative effectiveness with three antivirus strategies currently under consideration. CMC is based on the idea that computer viruses and countermeasures spread through two separate but interlinked complex networks-the virus-spreading network and the countermeasure-propagation network, in which a countermeasure acts as a competing species against the computer virus. Our results show that CMC is more effective than other strategies based on the empirical virus data. The proposed CMC reduces the size of virus infection significantly when the countermeasure-propagation network has properties that favor countermeasures over viruses, or when the countermeasure-propagation rate is higher than the virus-spreading rate. In addition, our work reveals that CMC can be flexibly adapted to different uncertainties in the real world, enabling it to be tuned to a greater variety of situations than other strategies.     

Static analysis for the detection of metamorphic computer viruses using repeated-instructions counting heuristics

Metamorphic viruses are particularly insidious as they change their form at each infection, thus making detection hard. Many techniques have been proposed to produce metamorphic malware, and many approaches have been explored to detect it. This paper introduces a detection technique that relies on the assumption that a side effect of the most common metamorphic engines is the dissemination of a high number of repeated instructions in the body of the virus program. We have evaluated our technique on a population of 1,000 programs and the experimentation outcomes indicate that it is accurate in classifying metamorphic viruses and viruses of other nature, too. Virus writers use to introduce code from benign files in order to evade antivirus; our technique is able to recognize virus even if benign code is added to it.     

一种应用免疫原理的计算机病毒检测方法研究

详细阐述了计算机病毒的特性和检测方法,以及生物免疫的原理和方法.借鉴人工免疫原理,设计了一个新的计算机病毒检测方法,该方法与传统的杀毒软件相比,增加了病毒防御的智能性,通过初步实验,测试了该方法的检测病毒的能力,检测的准确性和检测病毒的主动智能性,结果显示出此方法具有高效的适应性,自学习性和鲁棒性,能够高效地防御未知病...     

A defense framework against malware and vulnerability exploits

Current anti-malware tools have proved to be insufficient in combating ever-evolving malware attacks and vulnerability exploits due to inevitable vulnerabilities present in the complex software used today. In addition, the performance penalty incurred by anti-malware tools is magnified when security approaches designed for desktops are migrated to modern mobile devices, such as tablets and laptops, due to their relatively limited processing capabilities and battery capacities. In this paper, we propose a fine-grained anomaly detection defense framework that offers a cost-efficient way to detect malicious behavior and prevent vulnerability exploits in resource-constrained computing platforms. In this framework, a trusted third party (e.g., the publisher) first tests a new application by running it in a heavily monitored testing environment that emulates the target system and extracts a behavioral model from its execution paths. Extensive security policies are enforced during this process. In case of a violation, the program is denied release to the user. If the application passes the tests, the user can download the behavioral model along with the tested application binary. At run-time, the application is monitored against the behavioral model. In the unlikely event that a new execution path is encountered, conservative but lightweight security policies are applied. To reduce overhead at the user end, the behavioral model may be further reduced by the publisher through static analysis. We have implemented the defense framework using a netbook with the Intel Atom processor and evaluated it with a suite of 51 real-world Linux viruses and malware. Experiments demonstrate that our tool achieves a very high coverage (98 %) of considered malware and security threats. The four antivirus tools we compare our tool against were found to have poor virus coverage, especially of obfuscated viruses. By removing safe standard library blocks from the behavioral model, we reduce the model size by 8.4 \(\times \) and the user’s run-time overhead by 23 %.     

基于虚拟机的启发式扫描反病毒技术

在进行深入分析病毒和正常程序的区别基础上,提出对病毒进行启发扫描分析的观点,并基于虚拟机技术进行了实现。改进手动病毒分析的传统方式,深层理解病毒运行机制,方便了防毒软件的编写,同时对未知病毒的防治也具有深远的意义。     

基于杀毒软件的计算机网络杀毒机理研究

本文基于杀毒软件建立了一个非线性的数学模型,用来研究清理计算机网络病毒的过程.该数学模型把种群中的节点平分为易受感染的、受感染的和受保护的三类群体.借助微分方程稳定性理论,通过数值模拟分析建立的模型,得到了在特定条件下,清理计算机网络病毒取决于网络中受感染节点的如流率、受感染节点和易感染节点的交互速度及他们与杀毒软件的相互作用等;只要杀毒软件能够有效的工作,就能成功的阻止、隔离病毒,保护计算机网络的安全.     

计算机常见问题解决办法

通过对中国农业博物馆(全国农业展览馆)的近年来计算机维修和维护情况的调查和统计,并结合几年实际维护的经验,发现计算机使用过程中的硬件问题通常都需要专业人员解决,而软件问题通常都是病毒或木马程序引起的,用最新的杀毒软件基本都能解决.本文总结出的计算机常见问题实用解决办法.     

关于反病毒技术的探讨

计算机病毒威胁着网络的安全。本文重点探讨了目前流行的反病毒技术,涉及到软件反毒、硬件反病毒及虚拟机反毒。该文对于解目前常用的反病毒技术及反病毒技术未来的发展趋势有一定的参考意义。     

浅析云安全技术及实现

云计算具有巨大商机,但同时也面临着潜在的巨大风险,云安全问题是云计算发展的重要障碍。应用云安全技术识别和查杀病毒不再仅仅依靠本地硬盘中的病毒库,而是依靠庞大的网络服务,实时采集、分析和处理。文章着重从查杀病毒和木马的角度来阐述有关云安全的技术以及实现,探讨了云安全问题的概念和所涉及到的技术问题,研究了资源池的建立及杀毒产品对云安全策略的各种解决方案。     

基于GD32的网络在线烧写技术研究

针对国产微控制器终端设备程序升级需要拆卸设备的问题,提出了基于GD32网络在线烧写固件的方案,通过手持控制器实现对终端设备的应用程序软件升级,达到无须仿真器更新固件程序目的;该方案详细论述了在线烧写系统的组成,在应用编程技术的工作原理,以及上位机程序、手持控制器和终端设备模块各功能设计与实现,并给出了各个模块的使用步骤和方法;终端设备采用多分区操作,保证系统在升级过程中即使发生异常,也不会导致产品变砖,充分提高了系统的可维护性与容错性,手持控制器在外场升级携带方便,维护简单、方便、快捷,实验测试表明,在线更新后的固件程序能够正确运行,从而解决外场拆卸产品和挂载仿真器更新程序的困难。     

Deep Convolutional Neural Network Approach for COVID-19 Detection

Coronavirus disease 2019 (Covid-19) is a life-threatening infectious disease caused by a newly discovered strain of the coronaviruses. As by the end of 2020, Covid-19 is still not fully understood, but like other similar viruses, the main mode of transmission or spread is believed to be through droplets from coughs and sneezes of infected persons. The accurate detection of Covid-19 cases poses some questions to scientists and physicians. The two main kinds of tests available for Covid-19 are viral tests, which tells you whether you are currently infected and antibody test, which tells if you had been infected previously. Routine Covid-19 test can take up to 2 days to complete; in reducing chances of false negative results, serial testing is used. Medical image processing by means of using Chest X-ray images and Computed Tomography (CT) can help radiologists detect the virus. This imaging approach can detect certain characteristic changes in the lung associated with Covid-19. In this paper, a deep learning model or technique based on the Convolutional Neural Network is proposed to improve the accuracy and precisely detect Covid-19 from Chest Xray scans by identifying structural abnormalities in scans or X-ray images. The entire model proposed is categorized into three stages: dataset, data pre-processing and final stage being training and classification.     

A short course in antivirus software testing: seven simple rules for evaluating tests

Antivirus software tests are important when selecting antivirus software. However, there are many different tests, and interpreting the results can be challenging. Additionally, the needs of the corporate customer and home user differ, and it is important to understand these differences in order to evaluate antivirus software tests critically.     

REST风格服务在跨平台数据传输中的研究与应用

利用手持设备进行移动办公已经成为一种趋势,由于手持设备难以进行大型的数据库存储和软件应用,且手持设备与服务端的平台与技术也不尽相同,因此相互之间如何进行高效的数据交互就成为亟待解决的问题,针对这一问题,该文在研究WCF与REST风格的基础上,对Android平台客户端与.NET服务端之间的数据交互进行了设计与实现。     

一种邮件服务器端邮件病毒防治方案

传统的电子邮件病毒检测和清除通常是在客户端进行,存在着可管理性差,成本高,不能有效防止病毒邮件传播等问题。本文提出了一种在邮件服务器端进行实时病毒扫描和清除的方案,并详细描述了它的设计和实现。这种技术不仅能够有效地克服客户端病毒防治的缺陷,而且还具有易于实现,保护现有用户投资等特点。     

Proximate sharing of geo data using the credit-considered mobile edge computing server switching control scheme

This paper proposed a mobile edge computing (MEC)-based point of interests (POIs) downloading and proximate sharing system for a group of people, who belong to the same mobile social networks in proximity (MSN-P) and whose handheld devices are connected in a tree-like structure. Using the proposed system, the root handheld device plays the role of an MEC server and is charge of downloading POIs' contents from the remote cloud server using 4G/5G cellular network and then forwarding POIs' contents to other group members' handheld devices using device-to-device (D2D) communication. Since the number of connected handheld devices in each handheld device is limited using D2D communication, this work proposed a control scheme called k-Connection-Limited and n-Hop (kCL-nH) tree topology's construction scheme to achieve the proximate sharing of POIs' contents. Additionally, since the root handheld device consumes more battery power than others, this work proposed a control scheme that has each group member's handheld device to be the root handheld device alternatively. A credit scheme was thus proposed to denote each handheld device's contribution, which is referred for the selecting of the next root handheld device, to achieve the fairness concern. Then, the control scheme, which is executed in the corresponding MEC server, considering both remaining battery power and credit for the switching of the root handheld device was designed. The proposed method was developed using Wi-Fi Direct over the iOS system. Experimental results have shown some interested results among power consumption, downloaded data volume and fairness among all handheld devices.