Fuzzy Pattern Recognition Method For Virus Detection Based On Sequences Of System Calls

Along with the great development and popularization of the computer network technology recently, the computer viruses spread with astonishing speed. The computer security gain more attention of the public that accelerate the development of the anti-virus technique. Nowadays there are some new and advanced anti-virus techniques, such as active kernel technique, heuristic code scanning, virtual machine and the principle of immunity etc. However their performances are not mature enough. Although the existing anti-virus software plays a significant role to deal with the computer virus, they still don't reach the great satisfaction, especially to detecting the unknown virus. The research of a effective and secure detection of the virus would be very valuable, not only to academic study, but also to the information security of the country, the information construction of financial organizations and the development of our national economy.Each kind of the virus action mechanism and the current computer virus new techniques are analyzed thoroughly under the WINDOWS operation system. And a new virus detection system to the unknown virus is proposed and realized, which is a beneficial attempt.Firstly, the current situation of the computer security including the structure and the function mechanism of the virus is analyzed. Additionally, each kind of the anti-virus technique including the core and the main characteristic. The anti-virus technique is paid more attention in this paper.Secondly, the mode of different infecting behavior of the computer virus are concluded thoroughly after studying the current virus program. Basing on the deeply consideration of the system call and the analysis on the possibility of their application to the virus detection, a new construction of the pattern database is formed. A new fuzzy pattern recognition method is formed to detect the unknown virus.At last, the engine of the system which is the core department of the system is designed and analyzed. The main procedure and the performance of the algorithm is studying before the virus detection is realized. And then, some typical virus program is imported to the system and the result of the experiment indicate that it is a feasible way for detecting the unknown virus.