| With the rapid development of the information technology, global communications network has become more and more popular. But the Internet not only provides us great convenience, but also bring us many dangers. One of the biggest threats all over the world is the computer virus. Nowadays the network bandwidth keeps upgrading, the propagation speed and the speed of the computer virus also has been accelerated.Such condition become more and more serious, which has aroused wide concern, and become a focus of research in the computer security field. Therefore, how to detect computer virus is very important .As the windws operating system is the most widely used system, and most of the computer viruses are based on Windows system which are all followed with the executables PE structure.Unknown PE virus are such PE virus who can not be detected by current anti-virus software and are most harmful.Therefore, the detection technology of the unknown PE virus research has important significance.Due to current research findings,the technology of virus production is already quite mature and stable which been widely followed by newly maked virus.The new virus can also been producted in the method of modification or upgrade of the known virus. Therefore heavily repeated analysis with known virus led to low efficiency of the developers of anti-virus softwares.It also very usefully for common users to avoid the endanger of the unknown virus. As a result,how to classify known virus and truly new born virus between all those unknown PE virus and benign executable files is very important.After analyses and studies the working principles of the PE virus and the new technologies of virus detection , we do plenty of further research on the technologies of unknown PE virus detection based on classification . The main work and achievement include:①After comparing on the anomalous features between PE samples packed and nonpacked, we proposed a new classification method.Using various anomalous features extracted from the data of PE samples as eigenvector which can achieve far more accurate judgment of packed PE files and non-packed files than current packers detection technique and this method also proceed with high efficiency .②A virus classification model using data mining technology has been proposed by this thesis, which choosing disassemble string information of PE virus as features.After verify experiments,this model can achieve high classification accuracy in identifying the precise family of unknown PE virus among several virus families and benign executable files.③Using the two methods above, a solutions of unknown PE virus detection has been puted forward by this thesis, which based on classification. The solution has been finally proved its validity after experiment and verification, which can solves the interference brought by packers to the virus detection with high accuracy. |
PDF Full Text Request