摘要： 计算机程序基因技术是在恶意程序不断演化与检测识别技术的对抗博弈中发展起来的，传统的恶意程序检测技术已难以应对恶意程序的快速动态增长趋势，计算机程序基因技术开启了恶意程序检测分析的一个新的思路，从汇编指令层中萃取出计算机程序的真实行为意图，从而对程序进行分析和识别。根据给出的计算机程序基因的定义以及提取方法，可以找出计算机程序最本原的特征，有效提高新型的或变种的恶意程序的分析和检测效率。

中图分类号：TP309
文献标识码：A
DOI： 10.19358/j.issn.2096-5133.2020.01.004
引用格式：苏宏，丁建伟，陈周国。计算机程序基因技术初探［J］。信息技术与网络安全，2020,39（1）：19-23.

A study of computer program genetic technology

Abstract： Computer program genetic technology is developed in the confrontation game between the evolution of malicious programs and the detection and recognition technology.Traditional malicious program detection technology has been difficult to cope with the rapid and dynamic growth trend of malicious programs. Computer program genetic technology finds a new way for malicious program detection and analysis, by extracting the real behavior intention of the computer program from the assembly instruction layer so as to analyze and identify it.This paper gives the definition of the computer program gene and the method of extracting the computer program gene. In this way, the most original characteristics of the computer program can be found out. The analysis and detection can be improved effectively for the new malicious programs or the variant of malicious programs.

Key words : static analysis;dynamic analysis;program gene;basic block