为了躲避杀毒软件等安全产品的检测，密码算法通常被用于病毒攻击过程中。本文从病毒加壳技术、通信加密技术和加密勒索技术3方面对密码算法在计算机病毒的应用方法进行了分析。结合典型案例，分析了病毒常用的加密算法和攻击流程，并从病毒样本脱壳、加密流量识别和数据加密恢复等方面提出了相应的病毒防御对策。最后，针对病毒攻击技术的发展趋势，提出了下一步研究方向和需重点解决的技术问题。

In order to avoid the detection of antivirus software and other security products, cryptographic algorithms are usually used in virus attack. The cryptographic algorithms applied in computer virus are analyzed from three aspects: virus packing technology, communication encryption technology and encryption ransomware. Through case studies, the common cryptographic algorithms and attack process of virus are analyzed. The corresponding virus defense countermeasures are put forward, including virus unpacking, encrypted traffic identification and data encryption recovery. Finally, according to the development trend of virus attack technology, we proposed the next research direction and technical problems to be solved.

TP309

国家自然科学基金“基于免疫理论的恶意代码检测与防御方法研究”（61602489）；国家“十三五”密码发展基金密码理论研究重点课题“计算机病毒密码检测分析与防御方法研究”（MMJJ20180108）；国家重点研发计划“网络空间安全重点专项”(2016YFB0801100)；中国人民公安大学基本科研业务费项目“人工智能的安全问题分析与应对”(2019JKF504)