摘要
目前,计算机病毒的存在成为了信息安全的一大威胁,其中以Windows32 PE文件为感染目标的PE病毒最为盛行,功能最强,分析难度也最大。对此,本文研究了一种面向PE病毒检测的行为特征分析方法,详细分析PE病毒执行过程中的关键行为特征、一般行为特征等,并以其十六进制行为字符串特征码作为PE病毒的检测依据,通过对可疑PE文件中字符串的匹配实现PE病毒的启发式检测。
For the issue that the presence of computer viruses has become a major threat to information security at present, in which PE virus is the most prevalent, powerful and the greatest dif iculty analysis virus regarding Windows32 PE file as a virus infection target, this paper studies a method on PE virus detection-oriented behavior analysis, and presents a detailed analysis to the key behavior, basic behavior and so on during the execution of PE virus to achieve heuristic detection of PE virus by means of matching the strings in suspicious PE files, using hexadecimal behavior strings as a basis of PE virus detection.
基金
2013年中国民航大学教育教学改革研究课题(项目编号CAUC-ETRN-2013-24)
2013年大学生创新创业训练项目(项目编号IECAUC13028)
