| In the era of information explosion, the Internet brings people rich information. It provides convenience and promotes economic development. But many illegal organizations or individuals steal information for benefits through viruses’dissemination, which brings risks to network security. With the development of network technology, viruses have higher spread of dissemination and diversification. Viruses’ research is now the hotspot of computer security technology.Signature scanning is the most important way for computer virus detection. The basic idea of signature scanning is to find the known virus’ signature then add the data to virus signature database. The process of the virus scanning is to check for the presence of virus signatures in the PE file. But this method can only detect known viruses and becomes powerless when dealing with new viruses. At the same time, lots of viruses take instructions deformed technology to evade anti-virus software identification. In order to solve the problem, this paper take data mining classification method to detect unknown viruses, it also discuss the static structural and behavioral characteristics of viruses, and how to extract feature vector data. The method classifies the PE files through their difference, it is scalable.In this paper, the detection methods can identify new viruses, and it has well performance with virus variants. Relative to signature scanning, the model eliminates the work of many repetitive analyses. It doesn’t need frequent update of virus signature database either. All it need is to update the system detection rules at the appropriate time, and then the new viruses can be detected. Experimental results show that this method can effectively identify unknown viruses, the system design and implementation is feasible. |
PDF Full Text Request