摘要：

为了保护计算机不受未知恶意软件的破坏，采用模拟系统环境虚拟执行保护计算机关键资源，通过HOOK技术引入轻量级资源虚拟机，实现对计算机关键资源的保护。提供多种行为分析API，使之成为一个可供二次开发的分析平台，成功地解决了无特征码情况下新型木马的识别问题。

关键词: 虚拟, 资源保护, 计算机安全

Abstract:

In order to protect the computer from the destruction of the unknown malicious software, this paper carries out the idea of using virtual executing in a simulated system environment to protect computer resources. A lightweight virtual machine is introduced with HOOK to protect critical resources, and a series of API interfaces are provided to make this lightweight virtual machine an open platform available for secondary development. The method successfully identifies new Trojan without feature code.

Key words: virtual machine, resource protection, computer security

中图分类号: 

• TP309