Computer Virus Detection Technology And Realization

With computer viruses being more and more rampant,computer security has been paid more attention. And anti-virus techniques are developed more rapidly too. Nowadays there are some new and advanced anti-virus techniques,such as real-time scanning,heuristic code scanning,virtual machine and active kernel technique etc. The application of these techniques is not mature enough even if each of them has its characteristics. New anti-virus technique is updated as new virus appears constantly. The existing anti-virus software plays an important role to deal with computer viruses. But it still has not satisfied the security requirements and lacks effective methods to deal with unknown viruses especially.The essential characteristics and propagating principles of computer viruses are analyzed thoroughly in this thesis. And some detection methods to unknown viruses are presented. After studying the form of PE files and the execution technique of Ring 0 codes in operating system synthetically,a scheme to detect viruses of file type under Windows platform has been put forward. The implementation and performance are also mentioned here in detail. This scheme does not need the characteristic database of computer viruses,and can take precautions against some unknown viruses in real time.The intrusion detection technique and program evolution technique that can provide reference for the detection and cleaning of viruses have also been studied. There are two kinds of intrusion detection systems used in computer systems and LANs today. Some difficult challenges in intrusion detection systems are pointed out. The program evolution technique and its application in information security are summarized later. And some problems in the practical application of this technique are indicated at last.