| 一种基于Windows内核驱动的可疑样本采集系统的设计与实现; The Design and Implementation of Suspicious Sample Collection System based on Windows Kernel Driver | |
| 张涛 ; 焦英楠 ; 禄立杰 ; 文伟平 | |
| 刊名 | 信息网络安全
 |
| 2014 | |
| 关键词 | 内核驱动 可疑样本采集 规则库 kernel driver suspicious sample collection rule base |
| DOI | 10.3969/j.issn.1671-1122.2014.02.008 |
| 英文摘要 | 文章研究一种结合规则库扫描和基于Windows内核驱动的程序行为分析的可疑样本采集系统,将大大提高样本采集的全面性和准确性,对加快病毒的发现和病毒库的更新具有重要意义。文章首先分析Windows操作系统的体系结构,接着给出了基于Windows内核驱动的可疑样本采集系统的整体架构,最后根据系统架构对各个模块进行详细设计和实现,并给出了一个测试用例及结果分析。实验结果表明,该系统能够准确、高效地采集可疑样本信息。; The study of suspicious sample collection system with the rule-based scanning and procedures behavior analysis based on Windows kernel driver will greatly enhance the comprehensiveness and accuracy of sample collection, and it has important signiifcance to accelerate the discovery of the virus and the virus database updates. Firstly, this paper analyzes the architecture of Windows operating system and then gives the overall system architecture of the suspicious sample collection system based on Windows kernel drivers. Finally, according to the system architecture, the paper detailed designs and implements of each module, and gives examples and the results of a test. The experiment shows that the system is capable of accurately and efifciently collect samples of suspicious information.; 国家自然科学基金; 0; 2; 41-47 |
| 语种 | 中文 |
| 内容类型 | 期刊论文 |
| 源URL | [http://ir.pku.edu.cn/handle/20.500.11897/862]  |
| 专题 | 软件与微电子学院 |
| 推荐引用方式 GB/T 7714 | 张涛,焦英楠,禄立杰,等. 一种基于Windows内核驱动的可疑样本采集系统的设计与实现, The Design and Implementation of Suspicious Sample Collection System based on Windows Kernel Driver[J]. 信息网络安全,2014. |
| APA | 张涛,焦英楠,禄立杰,&文伟平.(2014).一种基于Windows内核驱动的可疑样本采集系统的设计与实现.信息网络安全. |
| MLA | 张涛,et al."一种基于Windows内核驱动的可疑样本采集系统的设计与实现".信息网络安全 (2014). |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论