Summary: | 碩士 === 中國文化大學 === 資訊管理研究所 === 94 === Rapid development of technology and internet yields behaviors of viruses and worms varied from time to time. It does not have any efficient method which can both effectively detect viruses and/or worms and also prevent damages caused by viruses and/or worms nowadays. Virus and/or worm programs, just like other ordi-nary programs, have many instructions in each program. All the instructions in the specific program are executed in sequence. The major difference between virus and/or worm programs and ordinary programs is that the behaviors of instructions in virus and/or worm programs can harm the host system but the behaviors of in-structions in ordinary programs will not.
Linux is an open system, not like in closed system, virus and/or worm pro-grams can easily be created and metamorphic virus and/or worm programs can also be easily developed. In the research, 63 networked Linux virus and/or worm pro-grams are collected and analyzed to explore the behaviors of viruses and worms. Knowledge of virus and/or worm behaviors is used to develop a knowledge base which can be applied to detect networked virus and/or worm programs.
There are there steps to develop the knowledge base. The first is reverse engi-neering step which disassembles virus and/or worm programs and discovers all in-struction codes and their execution sequences of these programs. The second step builds behavior segments by analyzing instruction codes from the first step. The third step generates virus and/or worm cases and develops the knowledge base. The case-based reasoning technique along with the knowledge base is applied to detect virus and/or worm programs. In order to prove the efficiency of the method, a set of 20 virus and/or worm programs and a set of 10 ordinary programs are em-ployed. The outcome is quite convincible.
The approach presented in this research can reduce the quantity of virus and/or data comparing with other traditional methods. The self-learning method allows the enhancement of the knowledge base form time to time.
|