| Recently years, the computer viruses spread with astonishing speed. Computersecurity has been paid more attention. And anti-virus techniques are developed morerapidly too. Nowadays there are some new and advanced anti-virus techniques, suchas active kernel technique, heuristic code scanning, virtual machine and the principleof immunity etc. The application of these techniques is not mature enough even ifeach of them has its characteristics. New anti-virus technique is updated as new virusappears constantly. The existing anti-virus software plays an important role to dealwith computer viruses. But it still has not satisfied the security requirements and lackseffective methods to deal with unknown viruses especially.Each kind of virus's action mechanism and the current virus using of newtechnology are analyzed thoroughly under Windows operating system. And a newvirus detection method was proposed based on program semantic.First, the thesis analyzed the code unique feature of different viruses andsummed up the typical semantic characteristics in the module of infection. Semanticrelations frame, which can describe the semantic characteristics, was formed. Thepattern database uses hierarchical framework. This frame offers full specification ofthe typical semantic characteristics in the module of infection. Its greatest merit lies insuccession, extensibility, uniformity of knowledge.Second, the thesis researched how to extract program semantic that is implied inthe program. Semantic relations frame, which can describe the program semantic, wasformed. Algorithm and the work flow of transformation system from the originalprocedure to the semantic relations frame are given a detailed description. Then thisthesis introduces the virus detection engine which is the most important component inthis system.Last, the experiment of virus detection is carried. The result of the experimentindicates that it is a feasible way for unknown virus detection. |
PDF Full Text Request