An Executable File Encryption Based Scheme for Malware Defense

机译：一种基于可执行文件加密的恶意软件防御方案

获取原文

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

This paper proposes a scheme for malware defense by encrypting executable files. It is backed by the idea that if an executable file was encrypted, the format of it will become unknown. In order to run such a program, the program loader should be able to access and use the decryption key. And only files decrypted correctly can't be launched. Based on this idea, security rules that make sure only trusted programs can be launched by subjects are defined. Then implementation of the scheme for Windows NT/2000/XP is illustrated, which doesn't require any kinds of modifications to the commercial-off-the-shelf Windows OS with the help of kernel mode file system filter driver and on-the-fly decryption technologies.

机译：本文提出了一种通过加密可执行文件来防御恶意软件的方案。它支持以下思想：如果对可执行文件进行加密，则其格式将变为未知。为了运行这样的程序，程序加载器应该能够访问和使用解密密钥。而且只有正确解密的文件才能启动。基于此想法，定义了确保主体只能启动受信任程序的安全规则。然后说明了用于Windows NT / 2000 / XP的方案的实现，该方案不需要借助内核模式文件系统过滤器驱动程序和现成的Windows XP，就可以对现成的商用Windows OS进行任何形式的修改。飞行解密技术。

著录项

来源
《International Workshop on Intelligent Systems and Applications;ISA 2009》|2009年|1-5|共5页
会议地点 Wuhan(CN);Wuhan(CN)
作者
Yan Chenghua; Wu Min;
展开▼
作者单位

Dept. of Inf. Security Naval Univ. of Eng. Wuhan;

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
cryptography; invasive software; operating systems (computers); Windows NT/2000/XP; commercial-off-the-shelf Windows; decryption key; executable file encryption based scheme; kernel mode file system filter driver; malware defense; on-the-fly decryption technologies; trusted programs;

机译：密码学侵入性软件；操作系统（计算机）； Windows NT / 2000 / XP；现成的商用Windows；解密密钥；基于可执行文件加密的方案；内核模式文件系统过滤器驱动程序；恶意软件防御；动态解密技术；受信任的程序;

相似文献

外文文献
中文文献
专利

1. Similarity hash based scoring of portable executable files for efficient malware detection in IoT [J] . Anitta Patience Namanya, Irfan U. Awan, Jules Pagna Disso, Future generation computer systems . 2020,第Sepa期

机译：基于相似性散列的便携式可执行文件评分，以便在IOT中有效恶意软件检测
2. Study on Assembly Code Based Malware Classification Method in Executable File [J] . Advanced Science Letters . 2016,第10期

机译：基于汇编代码的恶意软件分类方法在可执行文件中的研究
3. Integrated Feature Extraction Approach Towards Detection of Polymorphic Malware In Executable Files [J] . Emmanuel Masabo, Kyanda Swaib Kaawaase, Julianne Sansa-Otim, International Journal of Computer Science and Security . 2017,第2期

机译：面向可执行文件中多态恶意软件检测的集成特征提取方法
4. An Executable File Encryption Based Scheme for Malware Defense [C] . YAN Chenghua, WU Min International Workshop on Intelligent Systems and Applications . 2009

机译：基于恶意软件防护的可执行文件加密方案
5. Residue Number System Based Fault Tolerant Scheme for Enhancing Rivest Shamir Adleman Encryption Scheme [D] . Salifu, Abdul-Mumin. 2017

机译：基于残数系统的容错方案，用于增强Rivest Shamir Adleman加密方案
6. A Malware Detection Scheme Based on Mining Format Information [O] . Jinrong Bai, Junfeng Wang, Guozhong Zou -1

机译：基于挖掘格式信息的恶意软件检测方案
7. Similarity hash based scoring of portable executable files for efficient malware detection in IoT [O] . Anitta Patience Namanya, Irfan U. Awan, Jules Pagna Disso, 2020

机译：基于相似性散列的便携式可执行文件评分，以便在IOT中有效恶意软件检测

An Executable File Encryption Based Scheme for Malware Defense

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅