| The rapidly growing of the number of malicious programs,the threat ofinformation security is increasingly aggravating. These problems make the majoranti-virus vendors in order to deal with this problem have invested a lot of resources,but malicious sample library ’s rapid expansion, resource consumption continues toincrease, all of these make the anti-virus vendors in a very embarrassing situation.Through a large amount of malware samples analyzing found that these newmalware which comes in large part from previous malware variants. At the same timethese malware variants in the file structure has a certain extent similarity. This paperproposes a new approach based on entropy theory files for malware detection methods,through the comparison of various malware’s entropy is in the same family, thusrealizing the malicious program monitoring, through this method to solve the currentsome problems of current facing.The method has lower requirements for resources consumption and the numberof samples, and is simple and intuitive, does not rely on the same platform, butmethod is simple and intuitive, does not rely on the advantages of the same platform,but the method also exposes some limitations. Of course, if want to effectively detectthe malicious programs, also need a variety of technical for it, and just this, we can dopossibly to protect the security of information system. |
PDF Full Text Request