Computer Science

Computer Science ›› 2014, Vol. 41 ›› Issue (Z6): 347-351.

Previous Articles     Next Articles

Space Polymorphic Technique Based on Redundance of PE File

GU Ding-feng and MA Heng-tai   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

436

Abstract: Many computer viruses use polymorphic and metamorphic techniques to mutate their code on each replication as they propagate,thus protecting themselves from antiviruses.However,there are still some disadvantages existing in traditional polymorphic and metamorphic techniques.These techniques are too difficult to implement.What`s more,it could lead to size expansion,when viruses spreading among computers.In response to these shortcomings,by analyzing the PE file frame structure,according to the characteristics that redundancy existing in the PE file,space polymorphic technique is proposed.Then,the principle of space polymorphic technique is introduced in detail,as well as the design implementation of space polymorphic engine.At last,robustness of space polymorphic technique is analysed for further research.

Key words: PE file,Malware,Space polymorphism,Polymorphic engine

[1] 肖英,邹福泰.计算机病毒及其发展趋势[J].计算机工程,2011,37(11):149-151
[2] 吴伟民,范炜锋,王志月,等.基于特征码的PE文件自动免杀策略[J].计算机工程,2012,38(12):118-121
[3] 范吴平.Win32PE文件病毒的检测方法研究[D].成都:电子科技大学,2011
[4] 吴丹飞,王春刚,郝兴伟.恶意代码的变形技术研究[J].计算机应用与软件,2012,29(3):74-77
[5] 周梅红,刘宇峰,胡晓雯,等.恶意代码多态变形技术的研究[J].计算机与数字工程,2008,36(10):149-153
[6] Holloway R.University of London.Metamorphic Virus:Analysis and Detection[R].Konstantinou E,Wolthusen S:Royal Holloway,University of London,2008
[7] 王清,等.0day安全:软件漏洞分析技术(第2版)[M].北京:电子工业出版社,2011
[8] 汪洁,王建新,刘绪崇.基于近邻关系特征的多态蠕虫防御方法[J].通信学报,2011,32(8):150-158
[9] Bashari B,Masrom M.Metamorphic Virus Detection in Portable Executables Using Opcodes Statistical Feature[C]∥Proceeding of the International Conference on Advanced Science,Enginee-ring and Information Technology.2011
[10] Corporation M.Microsoft Portable Executable and Common Object File Format Specification[EB/OL].Revision 6.0,1999,2
[11] 白金荣,王俊峰,赵宗渠.基于PE静态结构特征的恶意软件检测方法[J].计算机科学,2013,40(1):122-126
[12] 段钢.加密与解密(第2版)[M].北京:电子工业出版社,2006
[13] 戚利.Windows PE权威指南[M].北京:电子工业出版社,2011
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.