Anti-Virus Virtual Machine Key Technologies Research

Posted on:2010-02-09

Degree:Master

Type:Thesis

Country:China

Candidate:X D Wu

Full Text:PDF

GTID:2178360302959548

Subject:Computer system architecture

Abstract/Summary:

PDF Full Text Request

Anti-virus Virtual Machine is one of crucial technologies in the domain of Anti-virus nowadays, which is widely used as a supplementary means of virus detection. Because of the drawbacks of the theory and technology, current anti-virus virtual machine is lack of adequate supports to the operating mechanisms of operating system, Poor scalability, and limited in simulating the decryption process of polymorphic virus. Virtual execution model and the anti-virus virtual machine running processes, which were ignored by other researchers, are studied in this paper. Through in-depth analysis and study of the source of the troubles of anti virtual machine technology, improvements of Virtual execution model and the anti-virus virtual machine running process are proposed. Some important issues in design and implementation of anti-virus virtual machine are also discussed in this paper.The main contribution of this paper is as follows:1. Propose an improved virtual execution model. Summarize the traditional model, change the traditional way of instruction operation objects virtualization, fundamentally solve the problem that anti-virus virtual machine is poor in expansion capability.2. Make improvements on the traditional running process. Virtual execute the whole custom program, enhance the anti-virus virtual machine's simulating ability. Combine static signature scanning and malicious behavior analysis; enhance the capacity of detecting unknown virus.3. Common anti-virtual machine technologies are analyzed and summarized. Combined with the improvements on the virtual execution model and running process, provide simulation programs for exception handling and multi-thread operating mechanism.4. Large research work on PE format and file loading process. Discuss how to map file and initialize, how to coordinate instruction translation and execution, how to make signature scanning and conduct data collecting more accurate, to make the executing result correct, improve the efficiency, and enhance the virus detecting capability.

Keywords/Search Tags:

Virtual Execution Model, Running Process, Anti-Virus Virtual Machine, Program Loading

PDF Full Text Request

Related items

1	Anti-Virus Research And Implementation Of The Virtual Machine
2	Research On Open Source Project Feature Code Anti-Anti-Virus And Active Defense Avoiding
3	Design And Implementation Of A Virtual Machine Based On Virus Detection
4	Breaking away from the OS shadow: A program execution model aware thread virtual machine for multicore architectures
5	Research On Program Execution Model Based On Runtime
6	Research And Implement Of Distributed Virtual Execution Environment
7	Verifying Full Regular Temporal Properties Of Programs Via Dynamic Program Execution
8	Research On Virtual Machine Architecture Based Trusted Computing Environment
9	Virus Behavior Analysis And Detection Based On Virtual Machine Introspection
10	Research On Suspicious Program Analysis Technologies Based On Guidance Of Control Flow Information