期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种隐式流敏感的木马间谍程序检测方法 被引量:4

Implicit-Flow-Sensitive Method for Detection of Trojan-Spy Programs
下载PDF
导出
摘要 提出了一种隐式流敏感的木马间谍程序检测方法.采用静态分析方式,具有更高的代码覆盖率;同时结合了数据流分析对间接跳转的目标进行计算;并且基于分支条件的操作语义,使用了针对木马间谍程序检测的改进的污点标记规则.应用该方法分析了103个真实的恶意代码样本和7个合法软件,并与现有方法进行了对比.实验结果表明,在进行木马间谍软件检测时该方法比显示流敏感的方法具有较低的漏报率,并且能够有效地发现需要特定条件触发的信息窃取行为.同时,该方法能够区分木马间谍程序和合法软件中的隐式流,显著消减对合法软件中的隐式流跟踪. In this paper,a novel method is presented to solve these problems.This method processes the X86 executable programs statically,so it has a higher code coverage than dynamic methods.Besides,it employs a data flow analysis method to identify the jump targets for indirect jumps.It also utilizes optimized tainting mark rules based on the operation semantic of branch conditions.Experiments on 103 real malwares and 7 benign softwares show that the proposed method has the following advantages: For Trojan-spy program detection,it can reduce the false negatives caused by the explicit-flow-sensitive method,and it is effective in dealing with information steal behaviors triggered by some particular conditions.For benign program analysis,it can reduce most of the tainted branches that should be tracked in the original implicit-flow-sensitive method without optimization.
作者 李佳静 梁知音 韦韬 邹维 毛剑
机构地区 中国矿业大学(北京)机电与信息工程学院 北京大学计算机科学技术研究所
出处 《软件学报》 EI CSCD 北大核心 2010年第6期1426-1437,共12页 Journal of Software
基金 国家高技术研究发展计划(863)Nos.2006AA01Z410 2006AA01Z402 中央高校基本科研业务费No.2009QJ15 国家教育部科技创新工程重大项目培育资金No.707001~~
关键词 恶意代码 行为语义 污点分析 信息窃取 木马间谍程序 malware behavior semantic taint analysis information theft Trojan-spy program
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献2

二级参考文献15

  • 1Loscocco P. , Smalley S.. Integrating flexible support for security policies into the Linux operating system. In: Proceedings of the USENIX Annual Technical Conference, Boston, 2001,29-42
  • 2Wright C. , Cowan C. et al. Linux Security Modules: General Security Support for the Linux Kernel. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, 2002,17-31
  • 3Abrams M. , LaPadula L. , Eggers K. , Olson I.. A generalized framework for access control: An informal description. In:Proceedings of the 13th National Computer Security Conference, Taiwan, 1990, 134-143
  • 4Denning D. E.. A lattice model of secure information flow.Communications of the ACM, 1976, 19(5) : 236-243
  • 5Bell D. E. , Lapadula L.J.. Secure computer system: Unified exposition and multics Interpretation. MITRE Corporation,Bedford: Mitre Report MTR-2997 Rev. 1, 1976
  • 6Hallyn S., Kearns P.. Domain and type enforcement for linux. In: Proceedings of the 4th Annual Linux Showcase and Conference, Atlanta, 2000, 247-260
  • 7Bell D.E.. Modeling the "Multipolicy Machine". In: Proceedings of the New Security Paradigm Workshop, 1994, 2-9
  • 8Bertino E.. A system to specify and manage multipolicy access control models. In: Proceedings of the IEEE Symposium on Security and Privacy, Los Alamitos, 1996, 94-102
  • 9BAECHER P, HOLZ T, KOETTER M, et al. Know your enemy: tracking botnets, using honeynets to learn more about bots[EB/OL]. http://www.honeynet.org/papers/ bots/, 2005. Accessed March 2007.
  • 10WATSON D, HOLZ T, MUELLER S. Know your enemy: phishing[EB/OL], http://www.honeynet.org/papers/phishing/,2005. Accessed March 2007.

共引文献44

同被引文献90

  • 1陈火旺,王戟,董威.高可信软件工程技术[J].电子学报,2003,31(z1):1933-1938. 被引量:115
  • 2沈昌祥,张焕国,王怀民,王戟,赵波,严飞,余发江,张立强,徐明迪.可信计算的研究与发展[J].中国科学:信息科学,2010,40(2):139-166. 被引量:252
  • 3李晓勇,左晓栋,沈昌祥.基于系统行为的计算平台可信证明[J].电子学报,2007,35(7):1234-1239. 被引量:35
  • 4EGELE M, KRUEGEL C, KIRDA E , et al. Dynamic spyware analysis[C]//Proceedings of the 2007 USENIX Annual Technical 'Conference on Proceedings of the USENIX Annual Technical Conference. Santa Clara,CA, 2007:233-246.
  • 5LORENZOLI D, MARIANI L, PEZZE M. Automatic generation of software behavioral models[C]// Proceedings of the 30th International Conference on Software Engineering. 2008:501-510.
  • 6BLANC X, MOUNIER L, MOUGENOT A. Detecting model inconsistency through operation-based model construction[C]//Proceedings of the 30th International Conference on Software Engineering. Leipzig, Germany. 2008:511-520.
  • 7ZHOU ZHENG, ZHANG YUN. An owner's will based model against malicious attack[C]//Proceedings of the 2009 WASE International Conference on Information Engineering. 2009:318-321.
  • 8PING DIANFA, ZHOU ZHENG, JIANG BENQING. A host oriented omnidirectional immune architecture against malicious codes[C]//Proceedings International Conference on Management and Science. 2009:1-4 of the Service.
  • 9ZHOU ZHENG, HAN YUNTAO, SHAN ZHICHAO, et al. A static measuring model for trustworthiness of subject's behaviors[C]//Proceedings of the ICISE2011. IEEE Express, 2011:2333-2336.
  • 10ZHOU ZHENG, ZHOU LUPING, DENG B1NG, et al. A trusted control model of subject's behaviors based on static measuring[C]//Proceedings of the BMEI2011. IEEE Express, 2011:2072-2075.

引证文献4

二级引证文献12

软件学报
2010年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部