| With the innovation of science technology,computer virus technique becomes more multiply.In order to fight against variable computer viruses,Anti-virus technique appeared.At present,there are lots of advanced Anti-virus technique,such as VM technique,Heuristic technique,ActiveK technique,and so on.These technique have their respective traits,but there are some flaws when they are applied.Comparatively speaking, computer virus technique is more advanced than Anti-virus technique.So,how to detect unknown virus quickly is the problem should be resolved now.In order to resolve the problem,the Win32 PE virus are analyzed and researched from the standpoint of program Semantic,and two methods are proposed.The first one is Win32 PE virus detection method based on stable modal;the second one is Win32 PE virus detection method based on logic semantic chart.In the first method,the semantic characteristics of Win32 PE virus is summed up. Based on the theory of logic program and its stable models,suitable semantic rules are set up and flow chart of object programs are established firstly;then,using the flow chart to instantiate semantic rules;finally,to solving the stable modals.At last,according to the meaning of elements in stable modals can know whether object program contains virus.In the second method,according to the semantical characteristics of search module and infection module,virus pattern library was constructed.Through binomial-tree model converted the object file into logic chart,the pattern set in the pattern library and the node set of the logic chart for pattern matching were picked.To determine the threshold take 4 viruses as sample in experiment,and 80 normal PE files and 45 files which contained PE virus were detected.Results show that this method can examine the Win32 PE virus accurately. |
PDF Full Text Request