期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于程序双维度特征的恶意程序相似性分析 被引量:3

Similarity Analysis ofMalicious Programs Based on Two Dimensional Characteristics of Programs
下载PDF
导出
摘要 网络空间中充斥着大量的恶意代码,其中大部分恶意程序都不是攻击者自主开发的,而是在以往版本的基础上进行改动或直接组合多个恶意代码,因此在恶意程序检测中,相似性分析变的尤为重要。研究人员往往单一种类的信息对程序相似性进行分析,不能全面地考量程序的有效特征。针对以上情况,提出综合考虑动态指令基本块集合的语义特征和控制流图的结构特征的程序相似性分析方法,从语义和结构两个维度对恶意程序相似性进行分析,具有较高的准确度和可靠性。 Most of malwares in cyberspace are not developed by the attacker,but based on the previous version to modify or directly combined from multiple malicious code.Therefore,similarity analysis is particularly important to detect malwares.Usually,only one single kind of malware characteristics is used to analyze the similarity of procedures,which can not fully identify the effective characteristics of procedures.So this paper proposes a program similarity analysis method which considers the semantic features of the basic block set of dynamic instructions and the structural features of the control flow graph.It analyzes the similarity of malicious programs from the semantic and structural dimensions,which can reach high accuracy and reliability.
作者 任益辰 肖达 REN Yichen;XIAO Da(School of Cyberspace Security,Beijing University of Post and Telecommunications,Beijing 100876,China;National Engineering Lab for Mobile Network Security,Beijing 100876,China)
机构地区 北京邮电大学网络空间安全学院 移动互联网安全技术国家工程实验室
出处 《计算机工程与应用》 CSCD 北大核心 2021年第1期118-125,共8页 Computer Engineering and Applications
基金 国家自然科学基金(61872836,61941114)。
关键词 恶意程序 相似性 语义特征 结构特征 malware similarity semantic features structure features
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献13

二级参考文献76

  • 1Microsoft security intelligence report. 2007. http://www.microsoft.com/downloads/details.aspx?FamilylD=4EDE2572-1D39-46EA- 94C6-4851750A2CB0.
  • 2Wang Z, Pierce K, McFarling S. BMAT--A binary matching tool for stale profile propagation. The Journal of Instruction-Level Parallelism, 2000,2:23-43.
  • 3Bayer U, Comparetti PM, Hlauscheck C, Kruegel C, Kirda E. Scalable, behavior-based malware clustering. In: Proc. of the Network and Distributed System Security Symp. (NDSS). San Diego, 2009. http://www.isoc.org/isoc/conferences/ndss/09/ proceedings.shtml.
  • 4Flake H. Structural comparison of executable objects. In: Proc. of the Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2004). 2004.83-97.
  • 5Dullien T, Rolles R. Graph-Based comparison of executable objects (English version). In: Proc. of the SSTIC 2005. 2005. http://www.sstic.org/2005/programme/.
  • 6Rabek JC, Khazan RI, Lewandowski SM, Cunningham RK. Detection of injected, dynamically generated, and obfuscated malicious code. In: Staniford S, Savage S, eds. Proc. of the 2003 ACM Workshop on Rapid Malcode. New York: Association for Computing Machinery, 2003.76-82. [doi: 10.1145/948187.948201].
  • 7Gao DB, Reiter MK, Song D. Binhunt: Automatically finding semantic differences in binary programs. In: Proc. of the Int'l Conf. on Information and Communications Security. Berlin, Heidelberg: Springer-Verlag, 2008. 238-255. [doi: 10.1007/978-3-540- 88625-9].
  • 8Bayer U, Moser A, Kruegel C, Kirda E. Dynamic analysis of malicious code. Journal in Computer Virology, 2006,2(1):67 77. [doi: 10.1007/s11416-006-0012-2].
  • 9Yin H, Song D, Egele M, Kruegel C, Kirda E. Panorama: Capturing system-wide information flow for malware detection and analysis. In: Ning P, ed. Proc. of the 14th ACM Conf. on Computer and Communications Security. New York: Association for Computing Machinery, 2007. 116 -127. [doi: 10.1145/1315245.1315261].
  • 10Bailey M, Oberheide J, Andersen J, Mao ZM, Jahanian F, Nazario J. Automated classification and analysis of internet malware. In: Kruegel C, Lippmann R, Clark A, eds. Proc. of the 10th Int'l Conf. on Recent Advances in Intrusion Detection. Berlin, Heidelberg: Springer-Verlag, 2007. 178-197. [doi: 10.1007/978-3-540-74320-0 10].

共引文献79

同被引文献24

引证文献3

二级引证文献11

计算机工程与应用
2021年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部