| 一种未知病毒智能检测系统的研究与实现 |
| |
| 引用本文: | 张波云,殷建平,唐文胜.一种未知病毒智能检测系统的研究与实现[J].计算机工程与设计,2006,27(11):1936-1938. |
| |
| 作者姓名: | 张波云 殷建平 唐文胜 |
| |
| 作者单位: | 1. 国防科技大学,计算机学院,湖南,长沙,410073;湖南公安高等专科学校,计算机系,湖南,长沙,410138
2. 国防科技大学,计算机学院,湖南,长沙,410073 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划);湖南省自然科学基金 |
| |
| 摘 要: | 设计了一种用于检测未知计算机病毒的查毒系统,其检测引擎基于模糊模式识别的算法实现,检测过程中选用的特征向量是被测试程序所引用的API函数调用序列.该系统既可以实现对已知病毒的查杀,又可以对可疑程序行为进行分析评判,最终实现对未知病毒的识别.最后,收集了423个Windows PE格式的正常程序和209个病毒程序组成样本空间进行实验以测试系统的性能.
|
| 关 键 词: | 病毒检测 API函数 模式识别 模糊集 |
| 文章编号: | 1000-7024(2006)11-1936-03 |
| 收稿时间: | 2005-04-28 |
| 修稿时间: | 2005-04-28 |
Study and implementation intelligent detection system to recognize unknown computer virus |
| |
| ZHANG Bo-yun,YIN Jian-ping,TANG Wen-sheng.Study and implementation intelligent detection system to recognize unknown computer virus[J].Computer Engineering and Design,2006,27(11):1936-1938. |
| |
| Authors: | ZHANG Bo-yun YIN Jian-ping TANG Wen-sheng |
| |
| Affiliation: | 1. School of Computer Science, National University of Defense Technology, Changsha 410073, China; 2. Department of Computer Science, College of Hunan Public Security, Changsha 410138, China |
| |
| Abstract: | An intelligent detection system to recognize unknown computer virus is presented. Using the method based on fuzzy pattern recognition algorithm, an unknown computer virus detection model is designed. Characteristic vectors used during detecting are call se- quence of API functions. Known and unknown computer virus are deteded by analyzing their behavior. 423 benign programs and 209 malicious programs are gathered as dataset for experiment. |
| |
| Keywords: | virus detection API function pattern recognition fuzzy set |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
