| Along with the enhancement of the informationization level, Internet openness and information highway operation ability, the propagation ability and destructive power of computer virus are also growing at an alarming rate. The mainstream method of computer virus detection has some anti-virus lag because it needs time to extract signature from virus. So the automatic extraction of computer virus's signature will be the trend of the development of antivirus work in future period.Conclude a method of designing a new computer virus signature automatic extraction algorithm after a fully analysis and research on the basic principle and design features of the Honeycomb System, Polygraph System and some others, because they only automatically extracting signature from worms. According to this method,design a new computer virus signature automatic extraction algorithm from the breakthrough - storage features. Define two requirements of the new algorithm– computer files'storage feature and computer virus's storage feature before designing the algorithm. And then analysis and research the two requirements and finish the design of the new algorithm. The new algorithm seizes the storage feature of the part of program, which is inserted into a normal file by the virus when the virus infects it. And then locate this part of program quickly and extract the signature from it. The new algorithm contains signature designing, signature extracting and signature detecting three models. The signature designing model uses the variable length signature set to improve the signature detecting efficiency; the signature expression model can locate the computer virus program's part in a infected file quickly, and extract some bytes binary code by a sector unit from it as its signature; the signature detecting model does signature extraction operation once on every object file to get many prospective signature sets, and the match them in signature library, if any signature set match successfully, then extracting signature set from the object file twice, and match it twice. At last determine the object file is infected or not.Design a computer virus automatic extraction simulation system According to the computer virus automatic extraction algorithm based on storage features. The system can automatically extract the signature from computer virus, and also can does computer virus detection jobs by extracting quasi signature set from the object file, and then match it with every signature of the signature libratory. The results of the simulation system's test show that the computer virus automatic extraction algorithm is correct, and its efficiency of the detection scanning is very high. |
PDF Full Text Request