| With the rapid development of computer technology, people are suffering all kinds of security problems while entering the information stage: network is invaded illegally; important information is always stolen or system crashed. How to prevent and detect viruses is a long-term research and developed issue in the field of information security.As the development of network and the improvement of level of virus code, the traditional virus detection technologies' shortcoming is more obviously, and it is difficult to meet the people's needs for information security. Behavior-based virus detection technology uses the unique characteristics of the virus to detect computer virus; it can detect unknown viruses successfully. This virus detection technology can adapt to the new features of computer virus well. Undoubtedly it has a tremendous superiority and broad development prospects, and will stand for the development trend of virus detection technology for quite a long time.We analyzed the behavior characteristics of all kinds of viruses and implemented a virus detection system in this paper. The system is divided into four functional modules: file system monitoring module, behavior detection module, behavior analysis module and system recovery module. We first analyzed the behavior characteristics of all kinds of viruses, and constructed the library of virus behavior characteristics. According to the character that malicious behaviors are mainly concentrated in destroying the executable files or system files of some specific type, as well as the relevant registry keys, we implemented the system based on file filter driver, corporation with application. The driver mainly constructs the virtual system and monitors the file system; the application completes registry testing; extracting and analyzing behaviors of viruses; system recovery. Finally we tested the system's performance using numbers of virus samples. |
PDF Full Text Request