| In the modern information society, various fields depend on computer information systems seriously. However, the computer system is not absolutely safe, the some insecurity factors belong to computer systems, and the others belong to human behavior. In these factors, computer viruses are the most insecurity factor for their characters of high degree of hidden, rapid propagation speed and devastating damage to computer system. To design better anti-virus schemes not only should fully understand the propagation characters of computer viruses, but also need design effective method of detection. Therefore, the study of computer propagation models and virus detection technology becomes primary task for anti-virus workers. Because the study of computer virus propagation model which spread by mobile storage media is still in original stage, this thesis proposed a new propagation model according to U disk virus properties, and designed anomaly-based prevention detection strategy of U disk virus based on model analysis. On the other hand, proposed an effective unknown computer virus detection method according to the defects in detecting unknown computer virus.Firstly, the research background, significance and development trend of computer virus were introduced. Then analyzed and compared the existing computer virus propagation model, and introduced existing detection techniques of computer virus.Secondly, analyzed propagation process and influencing factors of U disk virus in detail, the U disk states were added to new model, two new infection rate functions on both directions were defined, U disk virus propagation model U-SEIR ware proposed on these works. The stability of U-SEIR, breakout time and influencing factors of U disk virus propagation were analyzed. From theoretical and experimental perspective analyzed the conditions to control the spread. Moreover, we designed detection scheme in two directions according to different infection rate function in both directions, to prevent U disk virus propagation rapidly and effectively.Then, Support Vector Machine has high speed and needs fewer samples when it is applied in detecting unknown computer virus, but has the disadvantage that the sample is incomplete. The use of Win32 API by computer virus was analyzed deep, and the risk level degree of API functions was defined. To solve the difficulty of unknown computer detection and sample is incomplete, this thesis use risk degree calculation to make up for these shortcomings, to achieve the higher detection rate and less time consumption.Finally, attack tree has advantage that easy to model and disadvantages that can not adjust dynamically when it is applied in Trojan horse detection. A Trojan horse detection method based on dynamic attack tree was proposed. The API functions which Trojan often used were analyzed, classed, and summarized, then use them to create attack tree model. The attack tree was used to detect the Trojan horse. The method of vocabulary analysis was presented, used to decompose API function into words, to achieved dynamic added to attack tree. The method not only can detect known Trojans, but also unknown Trojan or variants, so it can meet the needs of current anti-virus technology development. |
PDF Full Text Request