本文選題：計(jì)算機(jī)病毒　切入點(diǎn)：病毒特征碼　出處：《南京郵電大學(xué)》2017年碩士論文

【摘要】：隨著計(jì)算機(jī)技術(shù)的發(fā)展和普及,計(jì)算機(jī)病毒帶來的危害日趨嚴(yán)重。為了對(duì)抗病毒的威脅,反病毒技術(shù)應(yīng)運(yùn)而生�；谔卣鞔a掃描的靜態(tài)檢測(cè)是當(dāng)前使用最廣泛的檢測(cè)已知病毒的反病毒技術(shù),該技術(shù)對(duì)已知病毒的檢測(cè)效果較好,但無法檢測(cè)到未知病毒,且發(fā)現(xiàn)和判定病毒的時(shí)間周期過長(zhǎng)�；谛袨闄z測(cè)的動(dòng)態(tài)檢測(cè)技術(shù),可以檢測(cè)到未知計(jì)算機(jī)病毒,但是該技術(shù)存在高誤報(bào)率和高漏報(bào)率的缺陷。本文在特征碼掃描技術(shù)與行為檢測(cè)技術(shù)的基礎(chǔ)上,研究并設(shè)計(jì)了一個(gè)基于行為分析和特征碼的計(jì)算機(jī)病毒檢測(cè)系統(tǒng)。該系統(tǒng)相比于之前的系統(tǒng)具有高檢測(cè)率、低誤報(bào)率等優(yōu)點(diǎn)。本文的創(chuàng)新工作主要包括以下幾個(gè)方面:1.在病毒程序的特征碼提取研究中,提出了變長(zhǎng)N-Gram特征碼提取的改進(jìn)算法。利用特征有向選擇,提取有效特征以構(gòu)建病毒特征庫。將待測(cè)樣本程序轉(zhuǎn)化為十六進(jìn)制格式,提取樣本程序的特征,將其與病毒特征庫進(jìn)行匹配分析,借助N-Gram統(tǒng)計(jì)語言模型,提取出最能代表該樣本程序的特征碼。實(shí)驗(yàn)結(jié)果表明,與其他特征碼提取算法相比,本文提出的方法具有高準(zhǔn)確率、低誤報(bào)率的優(yōu)勢(shì)。2.在特征碼檢測(cè)研究中,引入特征碼掃描技術(shù)。通過網(wǎng)站收集病毒程序與合法程序作為測(cè)試數(shù)據(jù),對(duì)樣本程序的特征碼進(jìn)行測(cè)試評(píng)估。將樣本程序與病毒特征碼庫進(jìn)行匹配檢測(cè)樣本程序是否為計(jì)算機(jī)病毒。實(shí)驗(yàn)結(jié)果表明,與其他檢測(cè)算法相比,本文提出的方法具有較高的檢出率和較低的誤報(bào)率。3.在病毒行為分析研究中,設(shè)計(jì)并實(shí)現(xiàn)了樣本行為自動(dòng)分析功能。通過分析病毒的行為劃分惡意行為,在惡意行為所調(diào)用的API函數(shù)入口處設(shè)置斷點(diǎn)。在虛擬機(jī)中運(yùn)行并監(jiān)控樣本程序,利用自定義函數(shù)記錄API函數(shù)相關(guān)信息。根據(jù)API調(diào)用信息與病毒程序的惡意行為之間的聯(lián)系,分析樣本程序的動(dòng)態(tài)行為,初步判斷樣本程序是否為計(jì)算機(jī)病毒。實(shí)驗(yàn)結(jié)果表明,樣本行為自動(dòng)分析與其他殺毒軟件相比較,具有較高的檢出率。
[Abstract]:With the development and popularization of computer technology, the harm brought by computer virus is becoming more and more serious. Anti-virus technology emerges as the times require. Static detection based on signature scanning is the most widely used anti-virus technology to detect known viruses, which has a good effect on the detection of known viruses, but can not detect unknown viruses. And the time period for detecting and judging viruses is too long. Based on the dynamic detection technology of behavior detection, unknown computer viruses can be detected. However, this technique has the defects of high false alarm rate and high false alarm rate. A computer virus detection system based on behavior analysis and signature is studied and designed. The innovation work of this paper mainly includes the following aspects: 1. In the study of signature extraction of virus program, an improved algorithm of variable length N-Gram signature extraction is proposed. In order to construct the virus signature library, we can transform the sample program to hexadecimal format, extract the feature of the sample program, match it with the virus signature library, and make use of the N-Gram statistical language model. The experimental results show that the proposed method has the advantages of high accuracy and low false alarm rate compared with other signature extraction algorithms. Introduction of signature scanning technology. Collection of virus programs and legal procedures through the website as test data, The characteristic code of the sample program is tested and evaluated. The sample program is matched with the virus signature library to detect whether the sample program is a computer virus. The experimental results show that, compared with other detection algorithms, The method proposed in this paper has higher detection rate and lower false alarm rate. 3. In the research of virus behavior analysis, the automatic analysis function of sample behavior is designed and realized. Set breakpoint at the entrance of API function called by malicious act. Run and monitor sample program in virtual machine, record relevant information of API function with custom function. According to the relation between API call information and malicious behavior of virus program, The dynamic behavior of the sample program is analyzed and whether the sample program is a computer virus is preliminarily judged. The experimental results show that the automatic analysis of sample behavior has a higher detection rate than other antivirus software.
【學(xué)位授予單位】：南京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP309.5

【參考文獻(xiàn)】

相關(guān)期刊論文 前8條

1 張福勇;;基于n-gram詞頻的惡意代碼特征提取方法[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2015年11期

2 曾鍵;趙輝;;一種基于N-Gram的計(jì)算機(jī)病毒特征碼自動(dòng)提取方法[J];計(jì)算機(jī)安全;2013年10期

3 白金榮;王俊峰;趙宗渠;;基于PE靜態(tài)結(jié)構(gòu)特征的惡意軟件檢測(cè)方法[J];計(jì)算機(jī)科學(xué);2013年01期

4 王蕊;馮登國(guó);楊軼;蘇璞睿;;基于語義的惡意代碼行為特征提取及檢測(cè)方法[J];軟件學(xué)報(bào);2012年02期

5 左黎明;湯鵬志;劉二根;徐保根;;基于行為特征的惡意代碼檢測(cè)方法[J];計(jì)算機(jī)工程;2012年02期

6 王乾;舒輝;李洋;黃荷潔;;基于DynamoRIO的惡意代碼行為分析[J];計(jì)算機(jī)工程;2011年18期

7 張小康;帥建梅;史林;;基于加權(quán)信息增益的惡意代碼檢測(cè)方法[J];計(jì)算機(jī)工程;2010年06期

8 張波云;殷建平;張鼎興;蒿敬波;王樹林;;基于集成神經(jīng)網(wǎng)絡(luò)的計(jì)算機(jī)病毒檢測(cè)方法[J];計(jì)算機(jī)工程與應(yīng)用;2007年13期

相關(guān)碩士學(xué)位論文 前6條

1 韓奕;基于行為分析的惡意代碼檢測(cè)與評(píng)估研究[D];北京交通大學(xué);2014年

2 盧占軍;基于操作碼序列的靜態(tài)惡意代碼檢測(cè)方法的研究[D];哈爾濱工業(yè)大學(xué);2013年

3 雷遲駿;基于啟發(fā)式算法的惡意代碼檢測(cè)系統(tǒng)研究與實(shí)現(xiàn)[D];南京郵電大學(xué);2012年

4 范吳平;Win32 PE文件病毒的檢測(cè)方法研究[D];電子科技大學(xué);2012年

5 王曉燕;計(jì)算機(jī)病毒傳播模型及檢測(cè)研究[D];華中師范大學(xué);2011年

6 金雄斌;計(jì)算機(jī)病毒特征碼自動(dòng)提取技術(shù)的研究[D];華中科技大學(xué);2011年

，

本文編號(hào)：1673508