期刊文献+
共找到1篇文章
< 1 >
每页显示 20 50 100
基于污点和概率的逃逸恶意软件多路径探索
1
作者 徐钫洲 张网 +1 位作者 羌卫中 金海 《Security and Safety》 2023年第3期83-106,共24页
Static analysis is often impeded by malware obfuscation techniques,such as encryption and packing,whereas dynamic analysis tends to be more resistant to obfuscation by leveraging concrete execution information.Unfortu... Static analysis is often impeded by malware obfuscation techniques,such as encryption and packing,whereas dynamic analysis tends to be more resistant to obfuscation by leveraging concrete execution information.Unfortunately,malware can employ evasive techniques to detect the analysis environment and alter its behavior accordingly.While known evasive techniques can be explicitly dismantled,the challenge lies in generically dismantling evasions without full knowledge of their conditions or implementations,such as logic bombs that rely on uncertain conditions,let alone unsupported evasive techniques,which contain evasions without corresponding dismantling strategies and those leveraging unknown implementations.In this paper,we present Antitoxin,a prototype for automatically exploring evasive malware.Antitoxin utilizes multi-path exploration guided by taint analysis and probability calculations to effectively dismantle evasive techniques.The probabilities of branch execution are derived from dynamic coverage,while taint analysis helps identify paths associated with evasive techniques that rely on uncertain conditions.Subsequently,Antitoxin prioritizes branches with lower execution probabilities and those influenced by taint analysis for multi-path exploration.This is achieved through forced execution,which forcefully sets the outcomes of branches on selected paths.Additionally,Antitoxin employs active anti-evasion countermeasures to dismantle known evasive techniques,thereby reducing exploration overhead.Furthermore,Antitoxin provides valuable insights into sensitive behaviors,facilitating deeper manual analysis.Our experiments on a set of highly evasive samples demonstrate that Antitoxin can effectively dismantle evasive techniques in a generic manner.The probability calculations guide the multi-path exploration of evasions without requiring prior knowledge of their conditions or implementations,enabling the dismantling of unsupported techniques such as C2 and significantly improving efficiency compared to linear exploration when dealing with complex control flows.Additionally,taint analysis can accurately identify branches related to logic bombs,facilitating preferential exploration. 展开更多
关键词 Malware analysis dynamic binary instrumentation forced execution taint analysis evasion detection
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部