期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于代码覆盖的恶意代码多路径分析方法 被引量:12

Exploring Multiple Execution Paths for Malware Analysis Based on Coverage of Codes
下载PDF
导出
摘要 传统的恶意代码动态分析每次分析的对象只是恶意代码的某一个执行路径,难以保证分析的全面性.恶意代码多路径分析是解决该问题的思路之一.本文提出一种基于代码覆盖的多路径分析方法,通过标识判断条件节点,减少局部路径被重复遍历的次数,在保证分析效果的同时,提高分析系统的分析效率以及代码覆盖率.通过对大量典型恶意代码的分析验证表明,本方法可明显缩短分析时间,提高分析效率和分析的全面性. Currently, the problem of dynamic analysis of malicious code (or malware) is that only a single execution path is observed. It is potential to miss a significant fraction of the behavior that a program might exhibit under varying circumstances. To mitigate this problem, a number of analysis tools by way of exploring multiple execution paths have been proposed.In this paper, we propose a system by exploring multiple execution paths for malware analysis based on coverage of codes that can reduce the times of some paths explored and improve the analysis efficiency and increase the coverage of the malware by way of labeling control flow decision points ( branching points). We evaluated our system on a large number of typical malware samples and demonstrate that we are able to reduce the time of analysis and improve the efficiency of analysis and increase the code coverage.
作者 王祥根 司端锋 冯登国 苏璞睿
机构地区 中国科学技术大学电子工程与信息科学系 中国科学院软件研究所信息安全国家重点实验室
出处 《电子学报》 EI CAS CSCD 北大核心 2009年第4期701-705,共5页 Acta Electronica Sinica
基金 国家自然科学基金(No.60703076) 国家863高技术研究发展计划(No.2006AA01Z412 No.2007AA01Z451)
关键词 恶意代码 动态分析 多路径遍历 代码覆盖 malicious code dynamic analysis exploring multiple execution paths code coverage
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献16

  • 1Andreas Moser, Christopher Kruegel, and Engin Kirda. Exploring Multiple Execution Paths for Malware Analysis[A ]. IEEE Symposium on Security and Privacy[ C]. IEEE. Computer Society Press. USA, 2007.231 - 245.
  • 2Christopher Colby, Peter Lee. Trace-Based Program Analysis [ A ]. Symposium on Principles of Programming Languages [C], 1996.195 - 207
  • 3Ulrich Bayer, Christopher Kruegel, Engin Kirda. TrAnalyze: A Tool for Analyzing Malware[ A] .Proc 15th Annual Conference of the European Institute for Computer Anfivirus Research (EICAR) [C]. 2006.180 - 192.
  • 4G Balakrishnan, R Gruian, T Reps, and T Teitelbaum. CodeSurfer/x86-a platform for analyzing x86 executables[ A] .In Proc. Int. Conf. on Compiler Construction [ C] .April 2005.250 - 254
  • 5Gogul Balakrishnan and Thomas Reps. Analyzing memory accesses in x86 executables[ A] .In Proceedings of the 13th International Conference on Compiler Construction (CC2004) [ C] , Barcelona, Spain, March 21304.5 - 23.
  • 6P Szor. The Art of Computer Virus Research and Defense[ M]. Addison Wesley, 2005.
  • 7C Linn and S Debray. Obfuscation of Executable Code to Improve Resistance to Static Disassembly [A ]. In ACM Conference on Computer and Communications Security[ C] ,2003.290 -299.
  • 8G Wroblewski. General Method of Program Code Obfuscation [ D]. PhD thesis, Wroclaw University of Technology,2002.
  • 9Norman. Normal Sandbox[OL]. http://sandbox. norman.no/, 2006.
  • 10C Willems. CWSandbox: Automatic Behavior Analysis of Malware[ OL]. http://www. cwsandbox. org/,2006.

同被引文献141

  • 1冯登国,张阳,张玉清.信息安全风险评估综述[J].通信学报,2004,25(7):10-18. 被引量:308
  • 2彭宏,王军.基于支持向量机的病毒程序检测方法[J].电子学报,2005,33(2):276-278. 被引量:4
  • 3中华人民共和国国家质量监督检验检疫总局.GB/T22239-2008信息安全技术信息系统安全等级保护基本要求[S].2008.
  • 4Michael E.Whitman,Herbert J Mattord.信息安全原理(第二版)[M].齐立博,译.北京:清华大学出版社,2006.
  • 5方滨兴.信息安全的模型.中国计算机学会通讯,2007,3(1):71-71.
  • 6J Ferrante, K J Ottenstein, J D Warren. The program depen- dence graph and its use in optimization[ J]. ACM Transactions on Programming Languages and Systems, 1987,9 (3) : 319 - 349.
  • 7J Newsome, D Song. Dynamic taint anatysis for automatic detection, analysis, and signature generation of exploits on com- modity software[ A]. In Proc. of the 12th Annual Network and Distributed System Security Symposium (NDSS)[C]. 2005.
  • 8H Yin,D Song,M Egele,C Kmegel,E Kirda. Panorama: Cap- turing System-wide Information Flow for Malware Detection and Analysis [ A ]. 14th ACM Conference on Computer and Communications Security, Alexandria, VA, November 2007.
  • 9M Christodorescu, S Jha, C Kruegel. Mining specifications of malicious behavior[A]. In Proceedings of the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFr Symposium on the Foundations of Software Engineering (ESEC/FSE) [ C]. 2007.
  • 10M Egele, C Kruegel, E Kirda, H Yin, D Song. Dynamic Spy- ware Analysis[A]. In Proceedings of the 2007 Usenix Annual Conference (Usenix' 07) [ C]. 2(KI7.

引证文献12

二级引证文献20

电子学报
2009年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部