计算机科学与探索
計算機科學與探索
계산궤과학여탐색
JOURNAL OF FRONTIERS OF COMPUTER SCIENCE & TECHNOLOGY
2009年
2期
154-161
,共8页
计算机免疫系统%PE病毒检测%重定位%病毒库
計算機免疫繫統%PE病毒檢測%重定位%病毒庫
계산궤면역계통%PE병독검측%중정위%병독고
computer immune system%PE virus detection%relocation module%virus gene pool
受免疫原理在入侵检测系统中成功应用的启发,提出了一种基于免疫的检测未知病毒的通用检测技术.由于病毒需要重定位模块来访问自己的资源,而这在正常程序中不常见,故可利用重定位模块来生成检测未知病毒的检测器.分析了计算机病毒的逻辑结构,建立了自体和非自体的演化方程、抗原提呈及抗体生成方法.实验表明,该技术不仅可检测已知病毒,还能有效检测未知病毒,且有自适应和自学习能力.
受免疫原理在入侵檢測繫統中成功應用的啟髮,提齣瞭一種基于免疫的檢測未知病毒的通用檢測技術.由于病毒需要重定位模塊來訪問自己的資源,而這在正常程序中不常見,故可利用重定位模塊來生成檢測未知病毒的檢測器.分析瞭計算機病毒的邏輯結構,建立瞭自體和非自體的縯化方程、抗原提呈及抗體生成方法.實驗錶明,該技術不僅可檢測已知病毒,還能有效檢測未知病毒,且有自適應和自學習能力.
수면역원리재입침검측계통중성공응용적계발,제출료일충기우면역적검측미지병독적통용검측기술.유우병독수요중정위모괴래방문자기적자원,이저재정상정서중불상견,고가이용중정위모괴래생성검측미지병독적검측기.분석료계산궤병독적라집결구,건립료자체화비자체적연화방정、항원제정급항체생성방법.실험표명,해기술불부가검측이지병독,환능유효검측미지병독,차유자괄응화자학습능력.
A novel Windows PE virus detection approach is presented that draws inspiration from artificial immune system and the structure of the relocation module of the virus. The structure of Windows PE virus is sufficiently an-alyzed. The dynamic evolution of self and nonself, the presentation of the antigen, and the generation of the anti-body are proposed. The experiment is conducted and its results indicate that this approach not only has relatively higher detection rate of unknown Windows PE virus than the earlier known methods, but also has better capability of self-adaptive and self-learning.
