基于规则的计算机病毒查杀引擎技术研究

发布时间：2018-03-22 03:04

本文选题：规则库　切入点：特征提取　出处：《北方工业大学》2017年硕士论文　论文类型：学位论文

【摘要】：随着互联网的日益普及发展,中国的计算机用户数量迅速上升,网络安全也成为影响人们生活的一个重要问题。为了确保不被计算机病毒感染,因此计算机病毒查杀一直是安全研究的热点领域。本文首先以静态检测和动态行为检测技术为切入点,介绍了决策树算法和在计算机病毒的特征提取分析及恶意代码特征提取的神经网络训练算法,然后重点阐述了本文提出的一种基于规则的计算机病毒查杀模型,实现对计算机病毒的检测。本文主要工作如下:1.阐述了计算机病毒检测的相关知识、主要技术和检测模型;2.提出一种基于API调用序列和DLL依赖树相结合的计算机病毒行为检测方法;3.提出一种基于规则的计算机病毒检测模型,涉及静态检测、内存检测和行为检测。实验数据表明,该模型能够准确地检测出病毒。
[Abstract]:With the increasing popularity and development of the Internet, the number of computer users in China is rising rapidly, and network security has become an important issue affecting people's lives. Therefore, computer virus detection and killing has always been a hot area of security research. Firstly, this paper takes static detection and dynamic behavior detection as the breakthrough point. This paper introduces the decision tree algorithm and neural network training algorithm for feature extraction and malicious code feature extraction of computer viruses. Then, a rule-based computer virus killing model is presented in this paper. The main work of this paper is as follows: 1. The related knowledge of computer virus detection is expounded. 2. This paper presents a method of computer virus behavior detection based on API call sequence and DLL dependency tree. 3. A rule-based computer virus detection model is proposed, which involves static detection. Memory detection and behavior detection. Experimental data show that the model can accurately detect viruses.
【学位授予单位】：北方工业大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309.5

【参考文献】