| Antivirus Virtual Machine is one of crucial technologies in the domain of Antivirus nowadays, which is applied widely to detect polymorphic viruses and unkown viruses. Because of the limitation of theory and technology, current Antivirus Virtual Machine mainly simulates decryption of polymorphic viruses, and have not enough ability to detect unkown viruses, so in course of researching antivirus technologies, it is a crucial research to improve the ability of Antivirus Virtual Machine's detecting unkown viruses. Based on deep research on current Antivirus Virtual Machine and characteristics of computer viruses, an Antivirus Virtual Machine on the Windows platform with enhanced ability of detecting unknown viruses is achieved by research of theories and practice. Moreover, the computational theory of Antivirus Virtual Machine is established. This paper mainly completes some work as follow:1. Based on analysis of many PE viruses, this paper expatiates on PE viruses'basic principles and summarizes primary characteristics of PE viruses, and moreover, illustrates polymorphic viruses'principle, basic structure, characteristics and essence, and discusses some main technologies against polymorphic viruses.2. The author made a deep research on the development of Antivirus Virtual Machine and the characteristics of Windows operation system, and a 32-Bits Antivirus Virtual Machine of Windows is designed and implemented. This paper describes the basic theory, architecture and implementation of Antivirus Virtual Machine in detail. Antivirus engine of Antivirus Virtual Machine is desisgned with current Antivirus technologies and dynamic detecting methods, which adequately utilizes dynamic detecting function of Antivirus Virtual Machine and overcomes the restriction of universal decryption, which improves Antivirus ability. Experimental results show that compared with some Antivirus software including Kaspersky, Norton, RuiXing, JiangMing, the Antivirus Virtual Machine improves the ability of detecting unknown PE viruses in a way. Furthermore, the paper carefully analyzes Antivirus Virtual Machine's main shortages and some technologies of anti-VM(virtual machine), and points out improvement methods and developmental direction. 3. Combined with computable theory, this paper establishes computational model of Antivirus Virtual Machine, and describes the model's function and further proves its computability and dynamic decidability, which decides the function of Antivirus Virtual Machine in theory. Furthermore, this paper elementarily analyzes its computational complexity of detecting viruses, which concludes that there exist some computer viruses detected by Ativirus Virtual Machine with arbitrary large computational complexity in theory, and however as for current most viruses with a same infection kernel there is a computational complexity's lower limit, and originally establishes the theory of Antivirus Virtual Machine. |
PDF Full Text Request