Automatic analysis of a computer virus structure and means of attachment to its hosts
作者: David M. Chess , Gregory B. Sorkin , Jeffrey O. Kephart
DOI:
关键词: Virology 、 Set (abstract data type) 、 Computational biology 、 Class (philosophy) 、 Virus 、 Computer virus 、 Biology 、 Software 、 Host (network) 、 Invariant (mathematics) 、 Code (cryptography)
摘要: Information pertaining to the verification of identity of, and reversal a transformation computer data is derived automatically based on set samples. The most important class transformations viruses. process extracts this information for large, fairly general Samples consisting host programs infected with virus sample pairs an corresponding original, uninfected are obtained. A description how attaches program, including locations within components both original generated. Viral code matched across samples obtain "invariant" regions virus. Host bytes embedded located. permits ant-virus software user's machine restore bulk program that has been infected. Characterization correspondence between invariable portions destroyed parts enables anti-virus complete repair.
google.de 参考文章(2)
Omri Mann, Method for recovery of a computer program infected by a computer virus ,(1992)
Doren Rosenthal, Method for securing software against corruption by computer viruses ,(1992)