Behavior Analysis And Detection Of Win32 PE File Viruses

With the rapid development and wide usage of computer and Internet technology, more and more serious challenges, such as computer viruses and hackers' attacking, are brought to computer security. Especially, computer virus which is hard to deal with is one of the most fatal threats to computer security.Virus detection technology based on virus feature code, which is being the most widely used in anti-virus software, is recognized as the most simple and effective method. According to comparing the virus feture code it judges whether there is a virus in files, and what kind of virus. By virus feature code viruse can be detected quickly and accurately. However, anti-virus software based on virus feature codes, when facing the emerging of new viruses, must be constantly updated; or it will be aging and gradually lose its practical value. It appeared to be inadequate in the face of multi-state deformation virus and unknown virus. In addition, with the increasing of the number of viruses, it will pay more time for detecting viruses.In this paper, a detailed analysis of the existing virus and anti-virus technology and an in-depth study of the existing model of computer viruses have been conducted. The existing virus detection technology can not detect multi-state deformation virus and unknown virus effectively. In order to improve the existing virus detection technology, a better solution to multi-state deformation virus and unknown virus detection problem, a behavior-based virus detection method has been proposed. A formal method was used in the paper to analyze the behavior of the virus transmission, according which computer viruses were classified. Combining the characteristics of Win32 PE file virus, Win32 PE file virus detection system was designed and carried out.The designed Win32 PE file virus detection system is no longer passive, which prevents the infection during the infection phase but not deal with the virus after its infection. The system has important reference value in improving the computer virus detection technology.