CAJ | 학술논문

文章研究一种结合规则库扫描和基于Windows内核驱动的程序行为分析的可疑样本采集系统，将大大提高样本采集的全面性和准确性，对加快病毒的发现和病毒库的更新具有重要意义。文章首先分析Windows操作系统的体系结构，接着给出了基于Windows内核驱动的可疑样本采集系统的整体架构，最后根据系统架构对各个模块进行详细设计和实现，并给出了一个测试用例及结果分析。实验结果表明，该系统能够准确、高效地采集可疑样本信息。
문장연구일충결합규칙고소묘화기우Windows내핵구동적정서행위분석적가의양본채집계통，장대대제고양본채집적전면성화준학성，대가쾌병독적발현화병독고적경신구유중요의의。문장수선분석Windows조작계통적체계결구，접착급출료기우Windows내핵구동적가의양본채집계통적정체가구，최후근거계통가구대각개모괴진행상세설계화실현，병급출료일개측시용례급결과분석。실험결과표명，해계통능구준학、고효지채집가의양본신식。
The study of suspicious sample collection system with the rule-based scanning and procedures behavior analysis based on Windows kernel driver will greatly enhance the comprehensiveness and accuracy of sample collection, and it has important signiifcance to accelerate the discovery of the virus and the virus database updates. Firstly, this paper analyzes the architecture of Windows operating system and then gives the overall system architecture of the suspicious sample collection system based on Windows kernel drivers. Finally, according to the system architecture, the paper detailed designs and implements of each module, and gives examples and the results of a test. The experiment shows that the system is capable of accurately and efifciently collect samples of suspicious information.