Polymorphic virus detection module
作者: Carey S. Nachenberg
DOI:
关键词: Table (database) 、 Computer hardware 、 Data file 、 Interrupt 、 Computer science 、 Signature (logic) 、 Mutation (genetic algorithm) 、 Emulation 、 Code (cryptography) 、 Virus detection
摘要: A Polymorphic Anti-virus Module (PAM) (200) comprises a CPU emulator (210) for emulating the target program, virus signature scanning module (250) decrypted code, and an emulation control (220), including static exclusion (230), dynamic (240), instruction/interrupt usage profiles (224) mutation engines (162) of known polymorphic viruses (150), size file types (226) these viruses, table (228) having entry each (150). During emulation, (220) may observe use register-indirect memory write instruction using register that has not been initialized. Such random can be used as indication is probably data so unlikely to harbor virus.
google.nl 参考文章(18)
John K. Hile, Donald L. Wakelin, Matthew H. Gray, In transit detection of computer virus with safeguard ,(1992)
Gregory B. Sorkin, Jeffrey O. Kephart, Generic disinfection of programs infected with a computer virus ,(1994)
Omri Mann, Method for recovery of a computer program infected by a computer virus ,(1992)
Craig A. Miller, Michael R. Garrett, Edmund G. Heller, Yatin Dhareshwar, Transparent, secure computer virus detection method and apparatus ,(1994)
Doren Rosenthal, Method for securing software against corruption by computer viruses ,(1992)
David Alan Chambers, Method and apparatus for detection of computer viruses. ,(1994)
David M. Chess, Jeffrey O. Kephart, William C. Arnold, Steven R. White, Automatic immune system for computers and computer networks ,(1993)
David P. Jablon, Nora E. Hanley, Method and apparatus for assessing integrity of computer system software ,(1994)
Stephen A. Lentz, System and method of protecting integrity of computer data and software ,(1989)
Hans Ellenberger, Method and apparatus for detecting a computer virus on a computer ,(1994)