国防科学技术大学研究生院学位论文捅
国防科学技术大学研究生院学位论文
捅姜
l
f随着计算机病毒越来越猖獗,计算机安全越来越受到人们的重视,计算机
反病毒技术也发展得越来越快。当今最新最先进的计算机反病毒技术,有实时 扫描技术、启发式代码扫描技术、虚拟机技术和主动内核技术等。这些技术各 有特点,但是应用起来仍然不够成熟。现有计算机反病毒软件虽然在对抗病毒 方面发挥了巨大咆作用,但是仍有不尽人意之处,尤其是对付未知病毒缺乏足
够有效的方法。J,
本文透彻分析了计算机病毒的本质特征和传播手段,提出了一些未知病毒 检测方法。在综合研究了PE文件格式和操作系统Ring 0代码执行技术的基础 上,作者提出了一种检测Windows平台下文件型病毒的方案,并给出了具体实 现,得到了比较好的测试结果。该方案具有不需要计算机病毒特征库、实时检 测和可防范未知病毒等技术特点。
本文还研究了入侵检测技术和程序演化技术等信息安全领域内的其他技 术,它们可以为计算机病毒检测和防范提供很好的借鉴。作者总结了两种基本 的入侵检测方法,并提出了入侵检测技术所需解决的一些问题;总结了各种程 序演化技术,阐述了这项技术应用在值:垦塞全领域的原理,并说明了几个实例,
最后指出了它在实际应用中存在的问题。
关键词:计算机反病毒技术病毒检测 Ri ng 0特权级入侵检测程序演化
。/,、—7¨\/、7
墨堕型堂垫查奎堂翌壅生堕堂垡笙奎ABSTRACT
墨堕型堂垫查奎堂翌壅生堕堂垡笙奎
ABSTRACT
With computer viruses being more and more rampant,computer security has been Dai d more attenti on. And anti—virus techniques are developed more rapidly too. Nowadays there are some new and adVanced anti~virus techniques, such as real—time scanning, heuri sti c code scanning, virtual J】】achine and acti ve ker力el techni que etc. The appli cation of these techniques i s not mature enough even if each of them has its characteri sti cs. New anti—virus technique i s updated as new virus appears constantly.The exi sting anti—virus software plays an important r01 e to deal with comDuter viruses.But it still has not sati sfied the
securi tvreauirementsand1ackseffectivemethodstodealwi thunknown
virusesespecially.
The essentjal characteristj cs and propagatjng principl es of computer viruses are analyzed thoroughly in thi s thesi s. And some detection methods to unknown viruses are presented. After studyi ng the form of PE fil es and the execution technique of Ring O codes i n operating system syntheticall y, a scheme to detect viruses of fil e type under Windows platform has been put forward. The implementation and Derformance are a1 so mentioned here in detai l.Thi s scheme does not need
thecharacteri sti cdatabaseofcomputerviruses,andcantake
precauti onsagai nstsomeunknownvi rusesi nrealtime.
The intrusion detection
8745
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
