期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种抗混淆的恶意代码变种识别系统 被引量:8

An Anti-obfuscation Malware Variants Identification System
下载PDF
导出
摘要 恶意代码变种是当前恶意代码防范的重点和难点.混淆技术是恶意代码产生变种的主要技术,恶意代码通过混淆技术改变代码特征,在短时间内产生大量变种,躲避现有基于代码特征的恶意代码防范方法,对信息系统造成巨大威胁.本文提出一种抗混淆的恶意代码变种识别方法,采用可回溯的动态污点分析方法,配合触发条件处理引擎,对恶意代码及其变种进行细粒度地分析,挖掘其内在行为逻辑,形成可用于识别一类恶意代码的特征,并通过特征融合优化以及权值匹配等方式,提高了对恶意代码变种的识别能力.通过实验,验证了本文的识别方法对恶意代码及其混淆变种的识别能力. Malware variants are one of the major challenges in malware detecting today.Obfuscation,as a most popular technology to generate these variants,can change the signatures of malware to avoid the current signature-based malware preventing method,which is a big threat to information system.This paper proposes a novel anti-obfuscate malware detecting method.By making use of dynamic taint analysis methods and trigger-based behavior processing engine,this method can abstract the essential behavior logic of malware in fine-grained and form it as signatures of a class of malware,and identify variants more precisely associated with signature merging optimizing process and fuzzy matching methods.Experiment results show that the detecting method in this paper can identify malwares and its variants efficiently.
作者 王蕊 苏璞睿 杨轶 冯登国
机构地区 中国科学院研究生院信息安全国家重点实验室 中国科学院软件研究所信息安全国家重点实验室 信息安全共性技术国家工程研究中心
出处 《电子学报》 EI CAS CSCD 北大核心 2011年第10期2322-2330,共9页 Acta Electronica Sinica
基金 国家863高技术研究发展计划(No.2009AA01Z435) 国家自然科学基金(No.60703076 No.61073179)
关键词 恶意代码变种 动态污点分析 行为分析 混淆技术 malware variants dynamic taint analysis behavior analysis obfuscation
分类号 TP302.7 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献17

  • 1J Ferrante, K J Ottenstein, J D Warren. The program depen- dence graph and its use in optimization[ J]. ACM Transactions on Programming Languages and Systems, 1987,9 (3) : 319 - 349.
  • 2J Newsome, D Song. Dynamic taint anatysis for automatic detection, analysis, and signature generation of exploits on com- modity software[ A]. In Proc. of the 12th Annual Network and Distributed System Security Symposium (NDSS)[C]. 2005.
  • 3H Yin,D Song,M Egele,C Kmegel,E Kirda. Panorama: Cap- turing System-wide Information Flow for Malware Detection and Analysis [ A ]. 14th ACM Conference on Computer and Communications Security, Alexandria, VA, November 2007.
  • 4M Christodorescu, S Jha, C Kruegel. Mining specifications of malicious behavior[A]. In Proceedings of the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFr Symposium on the Foundations of Software Engineering (ESEC/FSE) [ C]. 2007.
  • 5M Egele, C Kruegel, E Kirda, H Yin, D Song. Dynamic Spy- ware Analysis[A]. In Proceedings of the 2007 Usenix Annual Conference (Usenix' 07) [ C]. 2(KI7.
  • 6G Jacob, H Debar, E F'tllol. Behavioral detection of malware: from a survey towards an established taxonomy[ J ]. Journal ill Computer Virology, 2008,4(3) :251 - 266.
  • 7彭宏,王军.基于支持向量机的病毒程序检测方法[J].电子学报,2005,33(2):276-278. 被引量:4
  • 8C Kolbitsch, P M Comparetti, C Kruegel, E Kirda, X Zhou, X Wang. Effective and efficient malware detection at the end host [ A]. In USENIX Security Symposium,2009.
  • 9G Bonfante,M Kaczrnarek, J Y Marion.Architecture of a morphological malware detector[ J]. Journal in Computer Virology, 2008,5(3) :263 - 270.
  • 10V S Sathyanarayan,P Kohli,B Bruhadeshwar. Signature Generation and Detection of Malware Families[A]. LNCS, In Proceedings of the 13th Austalasian conference on Information Security and Privacy[C]. 2008, Vol. 5107: 336 - 349.

二级参考文献21

  • 1Andreas Moser, Christopher Kruegel, and Engin Kirda. Exploring Multiple Execution Paths for Malware Analysis[A ]. IEEE Symposium on Security and Privacy[ C]. IEEE. Computer Society Press. USA, 2007.231 - 245.
  • 2Christopher Colby, Peter Lee. Trace-Based Program Analysis [ A ]. Symposium on Principles of Programming Languages [C], 1996.195 - 207
  • 3Ulrich Bayer, Christopher Kruegel, Engin Kirda. TrAnalyze: A Tool for Analyzing Malware[ A] .Proc 15th Annual Conference of the European Institute for Computer Anfivirus Research (EICAR) [C]. 2006.180 - 192.
  • 4G Balakrishnan, R Gruian, T Reps, and T Teitelbaum. CodeSurfer/x86-a platform for analyzing x86 executables[ A] .In Proc. Int. Conf. on Compiler Construction [ C] .April 2005.250 - 254
  • 5Gogul Balakrishnan and Thomas Reps. Analyzing memory accesses in x86 executables[ A] .In Proceedings of the 13th International Conference on Compiler Construction (CC2004) [ C] , Barcelona, Spain, March 21304.5 - 23.
  • 6P Szor. The Art of Computer Virus Research and Defense[ M]. Addison Wesley, 2005.
  • 7C Linn and S Debray. Obfuscation of Executable Code to Improve Resistance to Static Disassembly [A ]. In ACM Conference on Computer and Communications Security[ C] ,2003.290 -299.
  • 8G Wroblewski. General Method of Program Code Obfuscation [ D]. PhD thesis, Wroclaw University of Technology,2002.
  • 9Norman. Normal Sandbox[OL]. http://sandbox. norman.no/, 2006.
  • 10C Willems. CWSandbox: Automatic Behavior Analysis of Malware[ OL]. http://www. cwsandbox. org/,2006.

共引文献14

同被引文献123

  • 1李伟,苏璞睿.基于内核驱动的恶意代码动态检测技术[J].中国科学院研究生院学报,2010,27(5):695-703. 被引量:9
  • 2张华伟,王明文,甘丽新.基于随机森林的文本分类模型研究[J].山东大学学报(理学版),2006,41(3):5-9. 被引量:59
  • 3Tang Yinggan Liu Dong Guan Xinping.Multi-resolution image segmentation based on Gaussian mixture model[J].Journal of Systems Engineering and Electronics,2006,17(4):870-874. 被引量:5
  • 4李晓冬,李毅超.基于AEC的恶意代码检测系统的设计与实现[J].计算机应用,2007,27(6):1371-1373. 被引量:3
  • 5MAIRH A, BARIK D, VERMA K, et al. Honeypot in network secur- ity: a survey[ C] //Proceedings of the 2011 ACM International Con- ference on Communication. New York: ACM Press, 2011 : 600 - 605.
  • 6Rinsing. Safty Reports[ EB/OL]. [ 2011 - 07 - 20]. http://www. rising, com. en/about/news/rising/2011 - 07 - 20/9802. html.
  • 7YE Y, CHEN L, LI T, et aL An interpretable string based malware detection system using SVM ensemble with bagging[ J]. Journal of Computer Virolo-, 2009, 5(4) : 283 -293.
  • 8F-Secure. Virus and threats[ EB/OL]. [ 2011 - 05 - 25]. http:// www. f-secure, com/v-descs/cih, shtml.
  • 9Datarescue. IDA Pro[ EB/OL]. [ 2011 - 03 - 10]. http://www. datarescue, com.
  • 10ABOU-ASSALEH T, CERCONE N, KESELJ V, et al. N-gram- based detection of new malicious code[ C] // COMPSAC'04: Pro- ceedings of the 28th Annual International Computer Software and Applications Conference. Washington, DC: IEEE Computer Socie- ty, 2004:41-42.

引证文献8

二级引证文献43

电子学报
2011年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部