信息网络安全
信息網絡安全
신식망락안전
NETINFO SECURITY
2014年
2期
41-47
,共7页
张涛%焦英楠%禄立杰%文伟平
張濤%焦英楠%祿立傑%文偉平
장도%초영남%록립걸%문위평
内核驱动%可疑样本采集%规则库
內覈驅動%可疑樣本採集%規則庫
내핵구동%가의양본채집%규칙고
kernel driver%suspicious sample collection%rule base
文章研究一种结合规则库扫描和基于Windows内核驱动的程序行为分析的可疑样本采集系统,将大大提高样本采集的全面性和准确性,对加快病毒的发现和病毒库的更新具有重要意义。文章首先分析Windows操作系统的体系结构,接着给出了基于Windows内核驱动的可疑样本采集系统的整体架构,最后根据系统架构对各个模块进行详细设计和实现,并给出了一个测试用例及结果分析。实验结果表明,该系统能够准确、高效地采集可疑样本信息。
文章研究一種結閤規則庫掃描和基于Windows內覈驅動的程序行為分析的可疑樣本採集繫統,將大大提高樣本採集的全麵性和準確性,對加快病毒的髮現和病毒庫的更新具有重要意義。文章首先分析Windows操作繫統的體繫結構,接著給齣瞭基于Windows內覈驅動的可疑樣本採集繫統的整體架構,最後根據繫統架構對各箇模塊進行詳細設計和實現,併給齣瞭一箇測試用例及結果分析。實驗結果錶明,該繫統能夠準確、高效地採集可疑樣本信息。
문장연구일충결합규칙고소묘화기우Windows내핵구동적정서행위분석적가의양본채집계통,장대대제고양본채집적전면성화준학성,대가쾌병독적발현화병독고적경신구유중요의의。문장수선분석Windows조작계통적체계결구,접착급출료기우Windows내핵구동적가의양본채집계통적정체가구,최후근거계통가구대각개모괴진행상세설계화실현,병급출료일개측시용례급결과분석。실험결과표명,해계통능구준학、고효지채집가의양본신식。
The study of suspicious sample collection system with the rule-based scanning and procedures behavior analysis based on Windows kernel driver will greatly enhance the comprehensiveness and accuracy of sample collection, and it has important signiifcance to accelerate the discovery of the virus and the virus database updates. Firstly, this paper analyzes the architecture of Windows operating system and then gives the overall system architecture of the suspicious sample collection system based on Windows kernel drivers. Finally, according to the system architecture, the paper detailed designs and implements of each module, and gives examples and the results of a test. The experiment shows that the system is capable of accurately and efifciently collect samples of suspicious information.