期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于代码指纹的程序同源性评估方法 被引量:1

Program Homology Evaluation Method Based on Code Fingerprint
下载PDF
导出
摘要 针对程序源代码同源性检测问题,提出一种基于代码指纹的同源性评估方法,基于程序依赖图表现代码逻辑与依赖关系,利用多种简化原则降低图结构复杂度,结合行为特征以及数据结构信息构建代码指纹模型,通过渐进式图同构等算法计算代码指纹相似度,综合评估程序源代码间同源性,实验证明,该方法能够有效应对语句重排、结构替换与冗余插入等常见代码混淆手段,与现有方法相比提高了检测效率. A homology evaluation method based on code fingerprint is proposed for homology detection of program source code.Program dependency graph is introduced to represent the logic and dependency of source code,and several simplification principles are applied to reduce the complexity of the graph.Code fingerprint is constructed with the simplified graph in combination with the behavioral characteristics and the data structure information.The program homology is evaluated with the similarity of code fingerprints by multiple algorithms such as incremental isomorphism judging algorithm.Experiments show that this method can work effectively under common code obfuscation means such as statement rearrangement,structure replacement and redundant insertion.It can also improve the detecting efficiency compared with the existing methods.
作者 刘臻 魏强 任开磊 LIU Zhen;WEI Qiang;REN Kailei(Information Engineering University.Zhengzhou 450001.China)
机构地区 信息工程大学
出处 《信息工程大学学报》 2018年第5期592-597,共6页 Journal of Information Engineering University
基金 国家重点研发计划资助项目(2016YFB0800203) 上海市科研计划资助项目(14DZ1104800)
关键词 代码指纹 程序同源性 程序依赖图 code fingerprint program homology program dependence graph
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献2

二级参考文献50

  • 1Microsoft security intelligence report. 2007. http://www.microsoft.com/downloads/details.aspx?FamilylD=4EDE2572-1D39-46EA- 94C6-4851750A2CB0.
  • 2Wang Z, Pierce K, McFarling S. BMAT--A binary matching tool for stale profile propagation. The Journal of Instruction-Level Parallelism, 2000,2:23-43.
  • 3Bayer U, Comparetti PM, Hlauscheck C, Kruegel C, Kirda E. Scalable, behavior-based malware clustering. In: Proc. of the Network and Distributed System Security Symp. (NDSS). San Diego, 2009. http://www.isoc.org/isoc/conferences/ndss/09/ proceedings.shtml.
  • 4Flake H. Structural comparison of executable objects. In: Proc. of the Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2004). 2004.83-97.
  • 5Dullien T, Rolles R. Graph-Based comparison of executable objects (English version). In: Proc. of the SSTIC 2005. 2005. http://www.sstic.org/2005/programme/.
  • 6Rabek JC, Khazan RI, Lewandowski SM, Cunningham RK. Detection of injected, dynamically generated, and obfuscated malicious code. In: Staniford S, Savage S, eds. Proc. of the 2003 ACM Workshop on Rapid Malcode. New York: Association for Computing Machinery, 2003.76-82. [doi: 10.1145/948187.948201].
  • 7Gao DB, Reiter MK, Song D. Binhunt: Automatically finding semantic differences in binary programs. In: Proc. of the Int'l Conf. on Information and Communications Security. Berlin, Heidelberg: Springer-Verlag, 2008. 238-255. [doi: 10.1007/978-3-540- 88625-9].
  • 8Bayer U, Moser A, Kruegel C, Kirda E. Dynamic analysis of malicious code. Journal in Computer Virology, 2006,2(1):67 77. [doi: 10.1007/s11416-006-0012-2].
  • 9Yin H, Song D, Egele M, Kruegel C, Kirda E. Panorama: Capturing system-wide information flow for malware detection and analysis. In: Ning P, ed. Proc. of the 14th ACM Conf. on Computer and Communications Security. New York: Association for Computing Machinery, 2007. 116 -127. [doi: 10.1145/1315245.1315261].
  • 10Bailey M, Oberheide J, Andersen J, Mao ZM, Jahanian F, Nazario J. Automated classification and analysis of internet malware. In: Kruegel C, Lippmann R, Clark A, eds. Proc. of the 10th Int'l Conf. on Recent Advances in Intrusion Detection. Berlin, Heidelberg: Springer-Verlag, 2007. 178-197. [doi: 10.1007/978-3-540-74320-0 10].

共引文献32

同被引文献1

引证文献1

信息工程大学学报
2018年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部