基于免疫和代码重定位的计算机病毒特征码提取与检测方法
基于免疫和代码重定位的计算机病毒特征码提取与检测方法
张瑜 LIU Qing-zhong 宋丽萍 罗自强 曹均阔
海南师范大学信息学院 Department of Computer Science SamHouston State University 浙江省电子信息产品检验所信息安全重点实验室
X
关注成功!
加关注后您将方便地在 我的关注中得到本文献的被引频次变化的通知!
新浪微博
腾讯微博
人人网
开心网
豆瓣网
网易微博
摘????要:
针对当前感染率高、威胁性极大的感染型计算机病毒, 提出了一种基于免疫和代码重定位的计算机病毒特征码提取与检测方法.借鉴生物免疫系统机理, 定义了计算机系统中的自体、非自体、抗体、病毒检测器、病毒基因等免疫概念, 利用感染型病毒独特的代码重定位特性来提取病毒基因、构建病毒基因库, 并在此基础上建立了自体/非自体、病毒基因库和病毒检测器动态演化模型.理论分析与实验结果表明, 本方法有效克服了传统方法存在的自体集完备性问题和病毒检测器抗体完整性问题, 因而比传统方法有更好的效率与适应性.
关键词:
人工免疫; 病毒检测; 特征提取; 代码重定位; 网络空间安全;
作者简介:张瑜 (1975—) , 男, 博士, 教授, E-mail:bullzhangyu@126.com.
作者简介:宋丽萍 (1965—) , 女, 高级工程师, E-mail:slp@.
收稿日期:2016-09-29
基金:国家自然科学基金资助项目
Signature Extraction and Detection Method of Computer Viruses Based on Immunity and Code Relocation
ZHANG Yu LIU Qing-zhong SONG Li-ping LUO Zi-qiang CAO Jun-kuo
College of Information Science and Technology, Hainan Normal University; Department of Computer Science, Sam Houston State University; Key Laboratory of Information Security, Institute of Electronic Information Products Inspection of Zhejiang;
Abstract:
A novel signature extraction and detection method of computer viruses based on immunity and code relocation was proposed to solve the current infection and threat of computer viruses.Referencing the biology immunity mechanism, some definitions such as self, nonself, antibody, viruses' detectors, and viruses' gene were established.Making use of the code relocation to extract viruses' gene in the computer viruses, a viruses' gene pool was constructed.And the dynamic evolution equations of self and nonself, viruses' gene pool, and viruses' detectors were established.The theoretical analysis and experimental results show that the proposed method can effectively overcome the problem of the self maturity and the integrity of viruses' detectors.Compared with tradition method, the proposed method shows better efficiency and adaptability.
Keyword:
artificial immune; computer virus de