电信科学 ›› 2016, Vol. 32 ›› Issue (10): 165-174.doi: 10.11959/j.issn.1000-0801.2016274

• 运营技术广角 • 上一篇    下一篇

杀毒软件中指令虚拟机的脆弱性分析

王奕钧   

  1. 公安部第一研究所,北京100044
  • 出版日期:2016-10-15 发布日期:2017-04-27

Analysis of instructions virtual machine vulnerabilities in anti-virus software

Yijun WANG   

  1. First Research Institute of the Ministry of Public Security of PRC, Beijing 100044, China
  • Online:2016-10-15 Published:2017-04-27

在线阅读

3

PDF下载

355

摘要:

指令虚拟机技术是当今反病毒领域采用的核心技术之一,绝大多数杀毒软件的扫描引擎均采用指令虚拟技术来分析文件,以还原这个程序的行为是否会威胁到系统安全,根据这个进程的行为特征判断它是否是病毒或木马。针对杀毒软件中指令虚拟机的特点,研究虚拟环境与真实环境的差异,在深入分析指令虚拟机和计算机病毒木马本质特征的基础上,理论与实践研究相结合,给出目前杀毒软件中指令虚拟机的脆弱性分析。

关键词: 杀毒软件, 指令虚拟机, 脆弱性

Abstract:

Instructions virtual machine technology is one of the core technologies used in today's anti-virus field, the vast majority of anti-virus software scan engines use virtualization technology to analyze file and to revert the behavior of this program whether will be a threat to system security or not. According to this process behavioral characteristics, it is determined whether it is a virus or Trojan. Aiming at features of the virtual machine in anti-virus software, the difference between virtual environments and real environment were researched.Based on in-depth analysis of the virtual machine technology and the essential characteristics of a computer virus and Trojan, theory and practice of research were combined and the analysis of virtual machine instructions vulnerability in current anti-virus software was given.

Key words: anti-virus software, instructions virtual machine, vulnerability

No Suggested Reading articles found!