摘要
病毒发现和防治策略是操作系统安全框架的重要组成部分。目前通过特征码匹配进行查杀病毒的方法通常落后于计算机病毒的发展,已经不能满足日益迫切的安全需求。文章根据生物体免疫系统检测病毒的机理,提出了一种对可执行文件签名验证的模型,通过文件签名界定“自我”和“非我”,并以此为依据完成系统中恶意代码的发现。最后介绍了在Windows操作系统下开发的基于可执行文件签名验证模型的病毒检测系统。
The policy of virus detection and prevention is an importance aspect of the safe frame in operating system. The method of pattern matching to detect and kill viruses is generally beyond the development of computer viruses at present, and couldn" t meet the ever imminent needs of security. In this paper according to the principle of the viruses detection of the biological immune system, a kind of portable executable file" s signature and verification model is put forward, and this method defines self and non-self by the file signature, which could be used to find the malice code in the system. At last a viruses detection system based on the model of portable executable file s signature and verification is introduced under the operate system of Windows in this paper.
出处
《微计算机信息》
北大核心
2005年第12X期42-45,共4页
Control & Automation
基金
国家863基金资助项目(2003AA146010)
