Deformation Of Anti-malicious Code Detection Technology Based On Binary Polymorphism

In information century, Internet is used in various fields of working and living. The security problem has already caused widespread concerted by the society and the academic community. In recent years, some professional terminologies such as Virus, Exploitation, Worms, Trojan, Backdoor, Spyware, Malware, are well known by common people. The malicious code, which mainly refers to the virus, worms, Trojan, Backdoor and the Rootkit, becomes the focus of researching in the network security field.In order to protect important systems and data, it becomes an active research branch of the network security that how to detect the invasive program as mush as possible has became. As the main way for detecting the malicious code, signatures detection has been widely used in the traditional anti-virus software. In essence, anti-ware software which use this technology will extract one of the special seriate string and compare with the virus database to detect malicious codes.However, in the information confrontation, especially the intrusion and penetration in network, malicious code plays an especially important role as the weapon of attackers. Therefore, it's critical to research on further anti-detecting and lifecycle expanding. After analyzing the advantages and disadvantages of common anti-detecting technologies, we propose a new anti-detection method. Moreover, combining the real information confrontation situation, a toolkit is developed to implement hiding of spyware (Torjan, Backdoor, Rootkit), which is a kind of the special malware and use in the information confrontation.The technology of malicious code detection and anti-detection is mutual confrontation. This paper deals with malware anti-detection. First of all, it summarizes the current research about the technology of malicious code detection. After researching different analyses or detection methods, signatures detection is primarily analyzed. Secondly, according to analyzing and comparing all kinds of anti-detection steps that point to the signatures detection, and importing the therapy of traditional polymorphism technology into the technology of malware anti-detection, a new method based on binary polymorphism is promoted. Third, on Windows platform, a toolkit using the new method is developed. The toolkit accomplishes the spyware anti-detection and extension of the spyware's running cycle by metamorphosing destined spyware and changing its signatures. Finally, it's proved to be effective that the metamorphosing spyware can make good performances in anti-detection under certain conditions.By applying in information confrontation, the technology of malicious code anti-detection based on binary polymorphism and the toolkit have got sufficient praise from their users. After searching famous index database for reference, we can conclude that the technology and methodology described in this paper are innovative and creative, compared with traditional ways from existing network security academic papers and reports.