病毒發(fā)現(xiàn)和防治策略是操作系統(tǒng)安全框架的重要組成部分。目前通過特征碼匹配進行查殺病毒的方法通常落后于計算機病毒的發(fā)展，已經(jīng)不能滿足日益迫切的安全需求。文章根據(jù)生物體免疫系統(tǒng)檢測病毒的機理，提出了一種對可執(zhí)行文件簽名驗證的模型，通過文件簽名界定“自我”和“非我”，并以此為依據(jù)完成系統(tǒng)中惡意代碼的發(fā)現(xiàn)。最后介紹了在Windows 操作系統(tǒng)下開發(fā)的基于可執(zhí)行文件簽名驗證模型的病毒檢測系統(tǒng)。
關(guān)鍵詞：免疫；病毒；可執(zhí)行文件；簽名；驗證

Research on the signature and verification model of Portable Executable file based on the principle of immune LI Yuan-yuan，WU Hao，ZHANG Tao，Lin Dong-gui （Information Engineering College of PLA，Information Engineering University，Zhengzhou 450002）
Abstract: The policy of virus detection and prevention is an importance aspect of the safe frame in operating system. The method of pattern matching to detect and kill viruses is generally beyond the development of computer viruses at present, and couldn’t meet the ever imminent needs of security. In this paper according to the principle of the viruses detection of the biological immune system, a kind of portable executable file’s signature and verification
model is put forward, and this method defines self and non-self by the file signature, which could be used to find the malice code in the system. At last a viruses detection system based on the model of portable executable file’s signature and verification is introduced under the operate system of Windows in this paper.
Key words: immunity；virus；portable executable file；signature；verification