Jump to content
Forumu Destekleyenlere Katılın ×
Paticik Forumları
2000 lerden beri faal olan, çok şukela bir paylaşım platformuyuz. Hoşgeldiniz.

Antivirüs Programları Üzerine Bi Yazı

Xaero

Son yazan: Xaero
yeri: Donanım & Yazılım

 Paylaş

Öne çıkan mesajlar

Maleboge Enthusiast

Maleboge

Mesaj tarihi:
Mesaj tarihi:
@Bone:
bende sana katılıyorum. Ve o update zamanlarının uydurma olduğunu düşünüyorum Çünkü AV firmaları arasında virus trust'u var. 1 tanesi bir virus bulunca network'e koyuyor hepsi aynı anda haberdar oluyor.

birde bu bol keseden adamlar için 1-2 lafım var.

The Art of Computer Virus Research and Defense
By Peter Szor (Symantec's chief antivirus researcher)
kitabında şöyle şeyler söylüyor
TABİİ OKUYANA

11.2.2. Skeleton Detection
Skeleton detection was invented by Eugene Kaspersky. Skeleton detection is especially useful in detecting macro virus families. Rather than selecting a simple string or a checksum of the set of macros, the scanner parses the macro statements line to line and drops all nonessential statements, as well as the aforementioned white spaces. The result is a skeleton of the macro body that has only essential macro code that commonly appear in macro viruses. The scanner uses this information to detect the viruses, enhancing variant detection of the same family.

11.3. Algorithmic Scanning Methods
....
Its disadvantage is the risk of minor instability caused by real code running on the system, which might contain minor errors when the response to an emerging threat must be carried out quickly with a complex detection routine.
To eliminate this problem, modern algorithmic scanning is implemented as a Java-like p-code (portable code) using a virtual machine. Norton AntiVirus uses this technique. The advantage of this method is that the detection routines are highly portable.
....


11.4. Code Emulation
Code emulation is an extremely powerful virus detection technique. A virtual machine is implemented to simulate the CPU and memory management systems to mimic the code execution. Thus malicious code is simulated in the virtual machine of the scanner, and no actual virus code is executed by the real processor.
Some early methods of "code-emulation" used debugger interfaces to trace the code using the processor. However, such a solution is not safe enough because the virus code can jump out of the "emulated" environment during analysis.
Among the first antivirus programs was Skulason's F-PROT, which used software-based emulation for heuristic analysis. The third generation of F-PROT integrated the emulator and the scanning components to apply emulation to all computer virusesparticularly the difficult polymorphic viruses.



11.7. Heuristic Analysis Using Neural Networks
Several researchers have attempted to use neural networks to detect computer viruses. Neural networks are a sub-field of artificial intelligence26, 27, so the subject is very exciting. Difficult polymorphic EPO viruses such as Zhengxi have been detected successfully using a trained neural network28.
In general, a trained neural network seems to be overkill for detecting a single virus because of the amount of data and computations required. Even a well-optimized neural network scanner can decrease overall scanning performance by about 5%. Thus it is more interesting that neural networks can be applied to heuristic computer virus detection. In practice, IBM researchers have successfully applied neural networks to heuristic detection of boot29 and Win32 viruses30.
....
....
IBM's neural network engine was released in the Symantec antivirus engine. The neural network engine produced so few false positives that it was used in default scanning (it does not depend on any user-configurable options).
Link to comment
Sosyal ağlarda paylaş
 Paylaş
Konu listesine dön
×
×
  • Yeni Oluştur...