| 基于PE文件的病毒防治技术研究 |
| |
| 引用本文: | 胡丽平,江泽涛,李克伟,刘勇.基于PE文件的病毒防治技术研究[J].南昌航空工业学院学报,2006,20(4):85-90. |
| |
| 作者姓名: | 胡丽平 江泽涛 李克伟 刘勇 |
| |
| 作者单位: | 南昌航空工业学院 江西南昌330063 |
| |
| 基金项目: | 江西省重大攻关招标项目资助(2005A016),江西省重点工业攻关项目资助(20051B01005) |
| |
| 摘 要: | 本文提出了两种防范PE文件病毒的技术:一种是分析PE文件格式和病毒对PE文件的感染方式,通过PE自身文件结构的改进来防范病毒;另一种是基于PE文件自我完整性检查的计算机病毒的免疫方法,采用单向散列函数MD5算法抽取摘要,通过比较两个摘要值来判断是否存在病毒,如果存在病毒启用恢复程序来恢复文件。相对于传统的特征码匹配方法,这些技术不依靠病毒库,可以防范未知病毒。
|
| 关 键 词: | PE文件 病毒防治 MD5算法 |
| 文章编号: | 1001-4926(2006)04-0085-05 |
| 修稿时间: | 2006年10月12 |
Research on anti-virus technology based on portable executable file |
| |
| HU Li-ping,JIANG Ze-tao,LI Ke-wei,LIU Yong.Research on anti-virus technology based on portable executable file[J].Journal of Nanchang Institute of Aeronautical Technology(Natural Science Edition),2006,20(4):85-90. |
| |
| Authors: | HU Li-ping JIANG Ze-tao LI Ke-wei LIU Yong |
| |
| Abstract: | This paper proposes two kinds of technology to defend portable executable file viruses.The first technology analyses the format of portable executable file and the ways that virus infects the portable executable file,and thus defend viruses through improving the self-structure of portable executable file;The other technology is a kind of computer virus immune method which is based on self-integrality examination of portable executable file. It adopts unilateralist hashing function MD5 algorithm to acquire abstract.We judge whether it has viruses by comparing the two abstract values,and start resuming procedure to resume file if it has viruses.Compared with traditional character code matching method,these technology can prevent unknown viruses without virus library. |
| |
| Keywords: | portable executable file anti-virus MD5 algorithm |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
