基于程序流敏感的自修改代码混淆方法

自修改代码混淆方法是一种隐藏程序重要信息的有效技术。为减少代码混淆造成的额外开销而又不影响代码混淆的质量,利用程序流敏感分析方法选择比较重要的指令进行混淆。为提高代码混淆的质量,有效地防止反汇编,提出一个二步比较混淆模型。该模型包括两个子混淆器,混淆器1采用程序流敏感分析方法获得混淆的指令并产生两个混淆代码文件和一个混淆代码映射文件。混淆器2通过比较两个混淆代码文件精确地定位混淆指令在二进制代码中的位置,然后利用混淆代码映射文件对二进制代码进行混淆,以进一步提高代码混淆的质量。通过实验分析,混淆后二进制文件的额外开销只占整个代码的3%左右,并且混淆后的反汇编代码明显异于原始的反汇编代码,甚至出现了一些无法识别的错误指令。     

可执行程序缺陷函数的静态检测方法

可执行程序的缺陷函数检测是软件漏洞发现的重要技术手段之一。从二进制代码指令流的角度出发,研究了缺陷函数的签名机制,提出了一种基于可执行程序静态分析的缺陷函数检测方法。该方法通过静态分析应用程序的可执行代码,建立进程运行过程中可能的函数调用序列集合。以该集合为基础,通过对比分析缺陷函数签名,可以准确检测该程序调用的缺陷函数集合,以及分析可能导致的脆弱性。通过实验分析,验证了该方法对于缺陷函数检测的有效性。     

一种精简二进制代码的程序理解方法

精简二进制代码形式的软件是软件分析和程序理解需要处理的一类具有代表性的对象,基于高级语言源代码和调试符号信息的传统分析方法在处理此类软件时受到了极大限制。提出一种精简二进制形式软件的理解方法,首先将分析对象转变为运行期进程,引入实际运行中的进程信息;然后引入程序的行为特征,以程序表现出的外在行为和对外接口作为辅助信息,将此类外部特征映射到程序代码;最后基于切片思想和调试技术,获得程序切片并分析。这种方法为分析理解过程扩展了信息量,降低了复杂度,解决了分析此类软件时信息缺失和难以建立理解模型的问题。     

一种基于ARM微处理器的嵌入式代码语义属性分析方法

通过深入研究ARM指令系统的特点及其编译后的代码特征,构建了基于ARM微处理器的二进制嵌入式代码解析模型,讨论了基于ARM体系结构的嵌入式代码语义分析方法。从指令和指令序列两种粒度级别分别讨论了代码语义属性的抽取方法,并分析了基于该解析模型的指令和指令序列的实例。结果表明,此方法极大地提高了代码解析的准确性和可读性。     

采用行为分析的单机木马防护系统设计与实现

针对基于特征代码的静态木马检测技术的不足,通过实时监控程序的可疑行为,运用贝叶斯算法分析程序行为特征进而发现木马程序,并对恶意木马程序的非授权操作进行修复,设计并实现了一个基于行为分析的单机木马防护系统。实验表明：该木马防护系统在对检测率影响较小的前提下,显著降低了误报率。     

基于路径驱动的多路径分析算法

针对动态二进制程序分析方法存在路径覆盖不全的问题,提出了基于路径驱动的多路径分析算法。其核心思想是在可控的模拟调试环境中动态执行被分析的二进制程序,通过修改CPU程序计数器PC值,驱动程序执行在当前输入条件下无法访问的程序路径,实现对多条程序路径的访问。基于该算法,设计并实现了一个基于路径驱动的多路径二进制程序分析系统。测试结果表明,该算法能够较全面地发掘程序执行路径,有效提高了分析代码的覆盖率。     

基于特征提取的二进制代码比较技术

二进制代码比较技术在病毒变种分析,安全补丁分析,版本信息导出等许多领域都有着广泛的应用。在定义了基于图的二进制代码描述方法的基础上,从函数和基本块两个层次对近似的二进制代码进行比较,分析出它们之间相同的部分和差异信息。讨论了基于图的二进制文件特征的选取,利用特征比较和固定点传播算法,建立两份代码在函数和基本块两个级别的对应关系。本文给出了这种基于特征提取的二进制代码比较技术的实现框架,并列举了它在恶意软件变种分析,公开漏洞定位方面的利用实例。     

二进制代码覆盖率评估系统的设计与实现

在程序动态测试中,需要评价二进制代码动态测试效果.提出了一种二进制代码覆盖率评估方法,设计并实现了基于分支轨迹存储技术的二进制代码覆盖率评估系统.通过分支监视引擎记录动态测试中的代码分支轨迹,利用分支轨迹数据修正静态分析结果,综合静态分析结果和分支轨迹记录评估二进制代码覆盖率,并实现轨迹数据的可视化.实验结果表明,该系统能够有效提高覆盖率评估精度和效率.     

基于动态二进制平台的缓冲区溢出过程分析

提出一种基于动态二进制平台的缓冲区溢出过程分析方法,并实现基于该方法的原型系统。分析缓冲区溢出攻击方法的特点,给出基于异常捕获、控制流分析和内存状态检查的溢出检测方法。通过对内存读写指令、控制转移指令进行监控,获得函数调用序列和数据传递关系,定位导致缓冲区溢出的代码。实验结果表明,该系统能有效检测缓冲区溢出,准确定位导致溢出的代码位置。     

一种基于反汇编技术的二进制补丁分析方法

软件开发商通过向用户提供补丁程序来修改软件中存在的安全漏洞。但随着安全漏洞研究者不断提高分析安全补丁的能力和速度,厂商开始向公众封闭与安全补丁相关的漏洞技术细节,仅提供软件打补丁前后的二进制代码,由此引发了二进制代码比较技术研究的热潮。二进制代码比较技术的目的是定位执行代码间的差异,从而获得补丁所修补的漏洞细节。本文提出了一种基于反汇编技术,定位执行代码间语义差异,从而完成二进制安全补丁分析的方法。描述了该技术模型、系统框架和关键技术,并通过实践证明此方法可以快速有效地定位安全补丁所修补的软件漏洞。     

Functional data analysis in shape analysis

Mid-level processes on images often return outputs in functional form. In this context the use of functional data analysis (FDA) in image analysis is considered. In particular, attention is focussed on shape analysis, where the use of FDA in the functional approach (contour functions) shows its superiority over other approaches, such as the landmark based approach or the set theory approach, on two different problems (principal component analysis and discriminant analysis) in a well-known database of bone outlines. Furthermore, a problem that has hardly ever been considered in the literature is dealt with: multivariate functional discrimination. A discriminant function based on independent component analysis for indicating where the differences between groups are and what their level of discrimination is, is proposed. The classification results obtained with the methodology are very promising. Finally, an analysis of hippocampal differences in Alzheimer’s disease is carried out.     

Inverse image analysis generalises strictness analysis

A method for analysing the inverse of a first-order functional program is proposed. This method is based on denotational semantics: we analyse the inverse image of a Scott open set under the continuous function which the program denotes. Inverse image analysis is one possible way of extending strictness analysis to languages with lazy data structures and could perhaps be used to optimise code in implementations of such languages.     

Microeconomic analysis using dominant relationship analysis

The concept of dominance has recently attracted much interest in the context of skyline computation. Given an N-dimensional data set S, a point p is said to dominate q if p is better than q in at least one dimension and equal to or better than it in the remaining dimensions. In this article, we propose extending the concept of dominance for business analysis from a microeconomic perspective. More specifically, we propose a new form of analysis, called Dominant Relationship Analysis (DRA), which aims to provide insight into the dominant relationships between products and potential buyers. By analyzing such relationships, companies can position their products more effectively while remaining profitable. To support DRA, we propose a novel data cube called DADA (Data Cube for Dominant Relationship Analysis), which captures the dominant relationships between products and customers. Three types of queries called Dominant Relationship Queries (DRQs) are consequently proposed for analysis purposes: (1) Linear Optimization Queries (LOQ), (2) Subspace Analysis Queries (SAQ), and (3) Comparative Dominant Queries (CDQ). We designed efficient algorithms for computation, compression and incremental maintenance of DADA as well as for answering the DRQs using DADA. We conducted extensive experiments on various real and synthetic data sets to evaluate the technique of DADA and report results demonstrating the effectiveness and efficiency of DADA and its associated query-processing strategies.     

Fisher discriminant analysis and factor analysis

We show that information on the inherent structure of multidimensional data derived from a factor analysis procedure is equivalent to information obtained by Fisher discriminant analysis techniques, provided certain conditions, usually required in the factor analysis model, are satisfied. The results advocate the use of a factor analysis approach when Fisher discriminant analysis is not applicable, such as, for instance, in clustering problems.     

基于词法和语法分析技术对FED解析的优化

为解决RTI(运行时间基础设施)中FED(联邦执行数据)文件解析效率、可重用性问题,提出了应用编译原理中的词法分析和语法分析技术对FED文件进行解析的方法.根据RTI研发过程中FED文件解析的要求,对FED文件解析模块进行了研究,并设计出改进的FED文件解析程序的结构框架.在此基础上,给出了应用词法分析和语法分析技术解析FED文件的具体方案和实现过程,最后通过实例验证了基于词法和语法分析技术对FED解析的方案明显优于通常方案.     

基于情感分析的新浪微博争议度分析

随着新浪微博的广泛使用,新浪微博传播的内容涵盖了各种领域的信息,涉及范围越来越广;同时,当用户浏览消息时,不仅能够表达自己的看法,同时能够看到别人的观点。因此,当用户无法判断问题的客观性时,通常会利用其他公众的反馈信息进行评估。为了充分利用公众反馈信息,提出了一种描述公众反馈信息的社会属性——争议度。给出了争议度的概念并构建了争议度计算模型,该模型将公众对微博的反应(即表态、评论、转发等行为)作为争议度的影响因素,通过情感分析等技术计算微博消息的争议度。实验结果对照人工标注结果,模型准确率达到93%,有效率达84%,证明了该模型的可行性。     

A safety analysis technique derived from skills analysis

This paper presents an attempt to derive a technique for predicting hazardous situations, from a simple information flow model of human skilled performance. The technique is based on the assumption that any breakdown in the flow of information through the system is potentially hazardous, and an analysis chart is presented which attempts to formalise the search for these breakdowns.     

Macro-element analysis

In recent years methods of analyzing plates in bending via large or macro-element have been studied. Herein, a method of studying plate behavior by a macro-flexibility approach is introduced. Deflected shapes of macro-elements of rectangular shapes were obtained by a shape function that satisfies all four boundary conditions and the bi-harmonic equation. The shape functions were a sum of sinusoidal and polynomial terms with undetermined coefficients. The elements that satisfy moment and shear conditions, were assembled by utilizing compatibility equations for deflection and slope. This resulted in equilibrium of forces and moments for all lines along the common edges of macro-elements. Three bounded domains were analyzed, and the results were compared to solutions obtained from classical and finite element methods. The convergence of the macro-approach was checked by progressively increasing the number of harmonics. The study of the numerical results indicates that excellent results can be obtained within the first three harmonics.