计算机科学与探索 ›› 2009, Vol. 3 ›› Issue (2): 154-161.DOI: 10.3778/j.issn.1673-9418.2009.02.004

• 学术研究 • 上一篇    下一篇

受免疫启发的未知病毒检测技术

张 瑜+,李 涛,覃仁超   

  1. 四川大学 计算机学院,成都 610065
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-03-15 发布日期:2009-03-15
  • 通讯作者: 张 瑜

Unknown Computer Virus Detection Inspired by Immunity

ZHANG Yu+, LI Tao, QIN Renchao   

  1. College of Computer Science, Sichuan University, Chengdu 610065, China
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-03-15 Published:2009-03-15
  • Contact: ZHANG Yu

摘要: 受免疫原理在入侵检测系统中成功应用的启发,提出了一种基于免疫的检测未知病毒的通用检测技术。由于病毒需要重定位模块来访问自己的资源,而这在正常程序中不常见,故可利用重定位模块来生成检测未知病毒的检测器。分析了计算机病毒的逻辑结构,建立了自体和非自体的演化方程、抗原提呈及抗体生成方法。实验表明,该技术不仅可检测已知病毒,还能有效检测未知病毒,且有自适应和自学习能力。

关键词: 计算机免疫系统, PE病毒检测, 重定位, 病毒库

Abstract: A novel Windows PE virus detection approach is presented that draws inspiration from artificial immune system and the structure of the relocation module of the virus. The structure of Windows PE virus is sufficiently analyzed. The dynamic evolution of self and nonself, the presentation of the antigen, and the generation of the antibody are proposed. The experiment is conducted and its results indicate that this approach not only has relatively higher detection rate of unknown Windows PE virus than the earlier known methods, but also has better capability of self-adaptive and self-learning.

Key words: computer immune system, PE virus detection, relocation module, virus gene pool