| A computer virus is a computer program that can replicate itself and infect other programs to destroy the computer system. More and more widely used in very aspect of the society, computers play a significant role in people's lives and change people's life and people's life quality. However, the computer virus is a great threat to the security of computer systems. Therefore, it is very necessary to carry out the research on the anti-virus technology.At first, this thesis gives an introduction to the importance of the anti-virus technology and the current research situation at home and abroad. Based on the deep analysis of the mechanism and diagnosis of computer viruses on the Windows OS platform, this thesis summarizes the characteristics of those computer viruses, categorizes them, dissects their structure, and proposes an attack model against computer viruses.Furthermore, various computer virus survival technologies including concealment, obfuscating transformation, and anti-tracing techniques are analyzed. This thesis also surveys characteristic feature-based value scan, heuristic analysis, integrity verification, and virtual machine.Moreover, thesis proposes a scan method that uses Windows system call surveillance to detect viruses. A real-time anti-virus engine that employs HOOK system calls is implemented. This engine monitors programs in the system service level, diagnoses virus infection by checking system call arguments, and then blocks viruses once detected. In this way, the engine can protect the system from harmful computer viruses.Finally, the based on system call behavior blocking anti-virus engine is concluded and future works and improvements are also presented. |
PDF Full Text Request