(1) School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876, China; (2) Institute of Software, Chinese Acad. of Sci., Beijing 100190, China; (3) Institute of National Security Science and Technology, Beijing 100044, China; (4) School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
Malwares and their resulting threats are growing urgently. A method at the file system level is provided for analysis and defense against malwares with reducing the loss as possible, and implements a file system for malware analysis and protection (MAPFS). With check-point and file versioning technology, MAPFS can record the modifications in file systems during the process. These records are important for analysis of malware behavior, and may be used to recover the files damaged by the malwares. Experiments show that this method is effective in analysis and defense of malwares, and MAPFS only brings a little loss lower than 10 percent.
Liang Hong-Liang,Dong Shou-Ji,Liu Shu-Chang. 面向恶意软件分析及保护的文件系统[J]. Beijing Youdian Daxue Xuebao/Journal of Beijing University of Posts and Telecommunications,2011-01-01,34(3):58-61.
