Gas defense system of the analytic approach by way of fictitious procedure writing into device and virus behavior
| Autor: | Chuan-Liang Teng, 鄧全良 |
|---|---|
| Rok vydání: | 2004 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 92 In this thesis, we first analyze the execution behavior of computer viruses, then we design a State Transition Diagram to model the behavior of virus, including the intercepting actions, the relationship of running sequences, the malicious or abnormal calls of system operations, etc. Then we develop and implement a virus detection system by embedding a virtual loader in a Windows environment to track a program’s code before it is physically loaded and executed by Windows. The program being tracked would be estimated as a virus if its execution behavior within the state transition diagram is judged as one. The pre-loading and behavior-tracking strategies of our virus detection system further makes possible the detection of viruses even when they resided in some compressed or encoded programs. The experimental result demonstrates the effectiveness of the proposed virus system. Since our judgment for the possibilities of viruses focuses upon the behavior of viruses instead of the matching of virus patterns that is the major principle of many commercial virus detection systems, our system might detect viruses which are so brand new that no patterns has been published yet or whose patterns have not been instantly updated. New that might not be detected by whose judgment for viruses are based upon the matching of virus patterns. In the experimental result, our anti-virus can detect the famous viruses, such as CIH, FunLove, etc. as well as the Norton did. But we do not need any virus pattern database, so we can do better than other anti-virus system on detecting the un-known viruses. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|