计算机系统应用
計算機繫統應用
계산궤계통응용
APPLICATIONS OF THE COMPUTER SYSTEMS
2013年
2期
15-18
,共4页
PE 感染型病毒%写操作%拦截%PEPS
PE 感染型病毒%寫操作%攔截%PEPS
PE 감염형병독%사조작%란절%PEPS
PE infectious viruses%write operation%interception%PEPS
通过设计一个简单感染型病毒,发现主流杀毒软件主动防御策略无法对其进行有效拦截.根据在正常情况下系统 PE 文件不会发生变化的特性,提出通过拦截对已有 PE 文件写操作来实现主动防御的方法,并设计相应系统 PEPS.仿真实验表明,该方法对于感染型病毒的防御效果优于主流杀毒软件.
通過設計一箇簡單感染型病毒,髮現主流殺毒軟件主動防禦策略無法對其進行有效攔截.根據在正常情況下繫統 PE 文件不會髮生變化的特性,提齣通過攔截對已有 PE 文件寫操作來實現主動防禦的方法,併設計相應繫統 PEPS.倣真實驗錶明,該方法對于感染型病毒的防禦效果優于主流殺毒軟件.
통과설계일개간단감염형병독,발현주류살독연건주동방어책략무법대기진행유효란절.근거재정상정황하계통 PE 문건불회발생변화적특성,제출통과란절대이유 PE 문건사조작래실현주동방어적방법,병설계상응계통 PEPS.방진실험표명,해방법대우감염형병독적방어효과우우주류살독연건.
@@@@After designing a simple infectious virus, we find the Active Defense Strategy of mainstream anti-virus software can’t intercept the infectious operations effectively. Under normal circumstances, the original PE files of the system cannot be modified. According to this characteristic, the following article develops a way to realize initiative recovery by monitoring illegal write operation of original PE file and design a system–PEPS. The simulation experiments show that the method is more effective on the defense of infectious viruses than mainstream anti-virus software.
