至目前為止，大多數市售的防毒系統皆是使用更新病毒碼的方法防止惡意程式的侵害，當新的惡意程式出現至病毒碼釋出期間惡意程式早已對電腦造成傷害。有鑑於此，我們針對蠕蟲、病毒、木馬與後門提出了有別於一般防毒軟體的偵測技術，讓惡意程式偵測系統不僅能有效偵測現有的惡意程式，更具有預測未知惡意程式的能力。本文利用靜態分析的技術萃取出PE Table裡的特徵 ，再利用資料探勘裡的資訊增益方法找出有用的資訊，而統計裡的主成份分析被用來減少龐大的資料量與去除雜訊，主成份分析除了大幅度減少訓練時間外更增加系統的偵測能力，最後使用支援向量機進行惡意程式的偵測。此系統對於已知惡意程式有高達99.8%的偵測率，面對新的惡意程式更有93.6%的預測能力，在此系統架構下更有自動蒐集惡意程式來重新訓練偵測模組的能力，即使惡意程式不斷推陳出新，仍可保有最新的偵測能力。

So far, most of AntiVirus software in the marketing is base on signature to defend the damage by Malware. The computer system had crashed from the new Malware was presented to release the antidote. In view of this, we propose a novel detecting technology which differs from technique of nowadays to be aimed at Worm, Virus, Trojan and Backdoor. The system (Malware Detecting System) can not only detect present Malware more effectively, but also predict unknown ones.
The thesis makes use of the technique with the static state analysis to extract the characteristic in the PE Table, and then finds out useful information by utilizing a method named Information Gain. The statistics PCA (the Principal Component Analysis) is used to reduce the huge quantity of data and clean noises; in addition to the degree reducing train time substantially, it increases the ability of system to detect.
At last it proceeds detecting malice program by using SVM (Support Vector Machine). The system has detecting rate up to 99.8% on known malice programs, and predicting rate 93.6% towards new malice programs. Under this system structure, there are collecting malice program automatically to retain the ability of detective module. Even though the malice programs constantly weed through the old to bring forth the new, but this system still preserves the detective ability lately.

[1] Yahoo news, http://tw.news.yahoo.com/060505/215/33rl9.html.
[2] The Kaspersky Lab, http://www.kaspersky.com.
[3] McAfee, Inc, http://www.mcafee.com/us/.
[4] Trend Micro, Inc, http://www.trendmicro.com/en/home/us/enterprise.htm.
[5] Symantec Corporation, http://www.symantec.com/index.htm.
[6] Panda antivirus, http://www.pandasoftware.com/.
[7] Microsoft, http://www.microsoft.com/.
[8] Yahoo!, http://www.yahoo.com.tw.
[9] Matt Pietrek, “An In-Depth Look into the Win32 Portable Executable File Format,” MSDN Magazine, March 2002.
[10] Microsoft Corporation, “Portable Executable Formats,” Formats specification for Windows.
[11] Trend technology, http://www.trendmicro.com/tw/security/general/guide/overview/guide01.htm.
[12] Fred Cohen, "Computer Viruses", PhD Thesis, University of Southern California, ASP Press, 1988.
[13] Worm. http://en.wikipedia.org/wiki/Computer_worm
[14] Symantec Report2005.
[15] Trojanhttp://en.wikipedia.org/wiki/Trojan_horse_%28computing%29
[16] Trojan in wikipedia, http://zh.wikipedia.org/wiki/%E7%89%B9%E6%B4%9B%E4%BC%8A%E6%9C%A8%E9%A9%AC_%28%E7%94%B5%E8%84%91%29.
[17] 許明陽,逢甲大學資工系Computer Viruses Detection Through Hooking API, 2001.
[18] Tzu-Yen Wang, Shi-Jinn Horng, Ming-Yang Su, Chin-Hsiung Wu,Peng-Chu Wang and Wei-Zen Su, “A Surveillance Spyware Detection System Based on Data Mining Methods”, 2006 IEEE Congress on Evolutionary Computation, July 16-21, 2006, pp11005-11010.
[19] J. R. Quinlan, “Induction of decision trees”, Machine Learning, 1, 1986
[20] A tutorial on principal components analysis, http://csnet.otago.ac.nz/cosc453/student_tutorials/principal_components.pdf.
[21] PCA, http://www.eng.man.ac.uk/mech/merg/Research/datafusion.org.uk/pca.html.
[22] V. Vapnik, “Statistical Learning Theory,” Wiley, New York, 1998.
[23] E. Ardizzone, A. Chella, R.Pirrone, “An Architecture for Automatic Gesture Analysis”, Proceedings of the Working Conference on Advanced Visual Interfaces May 2000.
[24] A.H. Sung and Srinivas Mukkamala, “Identify Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks,” 2003 Symposium on, Applications and the Internet, 2003. Proceedings. 27-31 Jan. 2003, pp.209 -216.
[25] J.Z. kolter & Marcus A. Maloof; “Learning to detect malicious executables in the wild; Conference on Knowledge Discovery in Data”, Proceedings of the 2004 ACM SIGKDD international conference on Knowledge discovery and data mining, pages: 470 – 478
[26] Dependency Walker Website, http://www.dependencywalker.com/
[27] Chih-Chung Chang and Chih-Jen Lin, {{LIBSVM}: a library for support vector machines}, 2001, http://www.csie.ntu.edu.tw/~cjlin/libsvm
[28] VX Heavens, http://vx.netlux.org
[29] VMware, http://www.vmware.com
[30] 史萊姆, http://www.slime.com.tw
[31] 軟體王, http://www.softking.com.tw
[32] PChome, http://toget.pchome.com.tw