Current location - Education and Training Encyclopedia - Graduation thesis - How to write the paper "Research on Computer Virus and System Security Vulnerability"?
How to write the paper "Research on Computer Virus and System Security Vulnerability"?
First of all, computer viruses

The influence of compute virus on computer network is disastrous. Since the "worm" and "ball" viruses in the 1980s, computer users have been fighting against computer viruses.

Writing papers has produced a variety of virus products and programs. However, with the development of the Internet in recent years, the emergence of e-mail and some network tools has changed the way and life of human beings to obtain information. At the same time, the types of computer viruses are increasing rapidly, and the diffusion speed is greatly accelerated. A number of viruses have emerged with new modes of transmission and expressive force, and their destructive power and infectivity are unmatched by enterprises and individual users. The main location and transmission mode of the virus has changed from the past through the media infection between single machines to the network system. A large number of viruses similar to "CIH, Melissa, Exploer" network infections have appeared. Once an enterprise or unit is invaded and attacked by a virus, the losses and responsibilities caused are unbearable. The struggle between virus and anti-virus has entered an era from "killing" virus to "preventing" virus. Enterprises or units can only guarantee the real security of data if they refuse the virus outside the network.

Second, the research of several anti-virus technologies.

1.CPU antivirus

The reason why viruses and hackers can attack computers very easily is because networks are interoperable. In the process of exchanging information, many channels will be established in the computer network, but the designer has not given much consideration to this problem, so as long as the information passes through the channels, it may be considered as the "release" of security information.

So this brings great risks to the computer. Boris Babaian, a communication academician of the Institute of Computing System Microprocessor of Russian Academy of Sciences, has developed a new type of microprocessor (CPU) after years of hard work, which is considered by the anti-virus community to have successfully achieved CPU anti-virus. This kind of CPU can identify virus programs, give "resistance" to information containing virus programs, and at the same time "imprison" these virus programs, and at the same time give these virus programs some data for them to execute, so as not to harm the computer because they are idle, so this method is adopted.

2. Real-time antivirus

Real-time anti-virus technology has always been favored by the anti-virus community and is considered as a relatively thorough anti-virus solution. Over the years, its development has been limited, on the one hand, because it needs to occupy a part of system resources, reduce system performance, and make users unbearable; On the other hand, its compatibility with other software (especially operating system) has not been well solved.

The biggest advantage of real-time anti-virus concept is to solve the problem that users are "unknown" or "uncertain" about the virus. Without the help of virus detection tools, ordinary users can only judge whether there is a virus in the system by feeling. In fact, when users feel that there is a virus in the system, the system has reached the brink of collapse. Real-time anti-virus technology can alert users in time before a large-scale virus outbreak and urge users to take effective measures.

Real-time monitoring is active, not lagging. Any program will be filtered before it is called. As long as there is a virus invasion, it will call the police and automatically kill the virus, so as to prevent problems before they happen. Real-time monitoring is safer than taking measures to save after virus invasion or even destruction.

3. Virtual machine technology

In fact, it is more intelligent to use program code to virtualize a system running environment, including virtual memory space, various registers of CPU, and even virtual hardware ports. Call in the "sample" of the program to be debugged with the debugging program, and execute each statement in the virtual environment, so that we can know the execution of the program through the changes of memory, registers and ports. Such a virtual environment is a virtual machine. Virtual reality technology also draws lessons from the virtual machine technology at the bottom of the system.

Because the virtual machine can reflect any dynamic of the program, if the program is put into the virtual machine for execution, it can reflect the virus infection. If this can be done, the detection probability of unknown viruses will be greatly improved.

But because the virtual machine is too slow, it will be dozens of times or more slower than the normal program execution, so in fact we can't virtually execute all the code of the program. At present, individual antivirus software has selected the first few k bytes of the virtual execution sample code segment, and its detection probability has reached about 95%.

4. Active kernel technology

Active kernel technology, popularly speaking, is: patching the operating system and the network system itself from the depth of the operating system kernel, which is an "active" patch, which will manage and check the system or network from the perspective of security and repair the loopholes of the system; Before any file enters the system, the anti-virus module as the active kernel will first use various means to detect and process the file.

Third, the network antivirus program analysis

1. Virus prevention

Preventive measures for network viruses mainly include:

(1) Unless necessary, try to remove the floppy drive from the workstation and replace the workstation with a disk with a workstation without a disk, which can reduce the chance of network infection.

(2) If software operating environment allows, the hard disk of the workstation can be further dismantled to make it a real diskless workstation. Just install a remote reset EPROM chip on the network card of the workstation. After startup, the workstation completes the system boot work through this chip on the network card and runs the network access program directly. In this way, the workstation can neither copy files from the server nor copy files to the server, but can only run files on the server, which eliminates the possibility of virus infecting the server through the workstation and improves the security of the system.

(3) The machine used as a network server is only used as a server, not as a workstation, nor as a stand-alone machine.

(4) It is stipulated that only professional network administrators can log in with super user name. Because the super user has full authority over the whole network system (including reading, writing, creating and deleting), if the workstation is infected with a virus, logging in with the super user will infect the whole network server.

(5) Provide users with different permissions, and use the proprietary directory by special personnel to prevent unauthorized behavior, so that even if one user is infected with a virus in the subdirectory under the server, other users will not be infected by the virus if they do not execute the files under the directory.

2. Virus firewall

Virus firewall is actually the concrete realization of a certain aspect of "generalized" firewall.

Ghostwriting paper is an anti-virus monitoring software installed in the user's computer system, which filters harmful viruses between the local system and the external environment of the user's computer in real time, and can effectively prevent virus invasion from local resources and external network resources. The virus firewall should have good real-time filtering, which means that once the virus invades the system or infects other resources from the system, the virus firewall will immediately detect and remove it. Traditional stand-alone antivirus software pays more attention to "static" antivirus, that is, through static analysis and scanning, local and remote resources are detected and cleared. The "two-way filtering" of virus firewall ensures that the local system will not spread the virus to remote network resources, which is impossible for traditional stand-alone antivirus products.

3. Network anti-virus software

Anti-virus solution needs a unified and comprehensive implementation software, which can centrally control and automatically update virus signature codes, and support multi-platform, multi-protocol and multi-file types. NAI's anti-virus software products account for more than 60% of the international market, and it provides a comprehensive anti-virus solution TVD(Toltal Virus Defense) suitable for various corporate networks and personal desktops. TVD includes three software packages: VSS(VirusScanSecuritySuite) and desktop anti-virus solution; NSS (NetShieldSecuritySuite), a server-level anti-virus scheme; ISS(InternetSecuritySuite), an anti-virus solution for Internet gateway. The distributed console of TVD can automatically receive the latest virus signature files from NAI and upgrade the software. Using these software packages, we can build a virus defense system that meets the needs of enterprises.

Related articles
  • What aspects can an argumentative essay about Qu Yuan start from?
  • How to do the graduation thesis of organic chemistry?
  • What is humanistic photography?
  • Who can help me write the preface to my paper on the financial crisis?
  • Papers on Hybrid Electric Vehicles
  • Are the evaluation criteria of undergraduate thesis in the degree center of the Ministry of Education consistent?
  • 202 1 current situation and future trend of aging
  • Three beginnings of writing a composition
  • Wang Yongjing's exhibitions, publications and activities
  • On the Situation and Policies of Governing the Country by Law (2)

    • copyright 2024 Education and Training Encyclopedia All rights reserved