摘要： 针对当前PE病毒难以防范及查杀的现象，对PE病毒关键技术进行分析，提取病毒典型特征的可疑行为，在此基础上提出一种Windows平台下的静态检测方法。该方法在对程序反编译处理的基础上，以指令序列与控制流图的分析为行为识别依据，完成基于可疑行为识别的病毒检测方法的设计。实验结果证明，该检测方法能有效检测混淆变换病毒。

关键词: PE病毒, 可疑行为, 指令序列, 控制流图

Abstract: It is difficult to defend, detect and remove PE virus, in view of this complexion, the analysis of the key techniques of PE virus is presented to distill typical suspicious behaviors of virus. Based on it, a static detection method under Windows platform is introduced. This method, using the decompilation of program, identifies behaviors according to the analysis of instruction sequence and control flow graph, so as to complete the design of virus detection method founded on the identify of suspicious behaviors. Experimental results prove that the method is effective to detect virus with obfuscation.

Key words: PE virus, suspicious behavior, instruction sequence, control flow graph

中图分类号: 

• TP309