排序方式: 共有151条查询结果,搜索用时 0 毫秒
1.
基于DFS的最优路径数据迷乱算法 总被引:1,自引:0,他引:1
提出一种基于深度优先搜索的数据迷乱算法,将数据库中的原始数据通过DFS算法生成邻居关系树,找出生成树中边缘距离最小的路径作为原始数据的替代.对于原始数据中含有相同元素的特殊情况,提出了多种数据迷乱算法并行使用的技术以实现数据项的迷乱.此算法的提出突破了原有数据迷乱技术的简单数据变形,大大增加了攻击者逆向工程的复杂度以达到联机信息保护的目的. 相似文献
2.
针对移动代理在异质网络环境中的安全问题,提出了一种代码迷乱转换保护策略.代码迷乱技术应用于移动代理,是对执行任务的移动代理的保护和隐藏模式的探索.该方案首先提出基于交叉循环迷乱和改变数据关联的移动代理保护策略,接着阐述了交叉循环迷乱、多模块交叉循环迷乱以及改变数据之间内在关联的具体方法.实验证明,该方案成功抵御了给定的7个 java 解码程序,显示出比多层退出迷乱和单层退出迷乱方法的有效性. 相似文献
3.
With the growing number of malware, malware analysis technologies need to be advanced continuously. Malware authors use various packing techniques to hide their code from malware detection tools and techniques. The packing techniques are generally used to compress and encrypt executable code in executable files, and the unpacking code is usually embedded in the executable files. Therefore, packed executable files can be executed by itself, and the information associated with packing can be used to analyze and detect malware. Since different packing tools will generate different packed executable files, packing tools can be identified by analyzing packed executable files, and packer identification can reduce malware‐analyzing overheads, and the executable files can even be unpacked. However, most previous studies focused on packing detection using signatures of unpacking code, and these approaches can be avoided by placing unpacking code in other locations or by distributing unpacking code in multiple locations. In this paper, we propose a new packer identification method by analyzing only code sections to extract features of malware generated by different packing tools. Experimental results show that our approach can identify different packing tools with the accuracy of 91.6% on average. Considering packer identification is the harder problem than packing detection, we argue that our approach can contribute to reducing overheads of malware analysis. 相似文献
4.
5.
6.
We propose a technique for defeating signature-based malware detectors by exploiting information disclosed by antivirus interfaces. This information is leveraged to reverse engineer relevant details of the detector's underlying signature database, revealing binary obfuscations that suffice to conceal malware from the detector. Experiments with real malware and antivirus interfaces on Windows operating systems justify the effectiveness of our approach. 相似文献
7.
8.
曾颖 《信息工程大学学报》2011,(6):670-675
数据迷惑是代码迷惑中重要的一类迷惑变换,在软件保护领域中应用广泛,常被用于防止攻击者对程序进行数据流分析、程序切片等逆向工程攻击。从语义的角度,给出了一种基于抽象解释的数据迷惑正确性的分析方法。首先使用抽象解释理论,从程序语义的角度,对数据迷惑进行形式化描述,用一种语义变换形式化地描述数据迷惑。然后在形式化描述的基础上,由语义变换和语法变换之间的关系,构造得到数据迷惑算法。最后在基于抽象解释的数据迷惑的形式化描述的基础上,对数据迷惑变换的正确性进行分析和讨论。 相似文献
9.
Although Android becomes a leading operating system in market, Android users suffer from security threats due to malwares. To protect users from the threats, the solutions to detect and identify the malware variant are essential. However, modern malware evades existing solutions by applying code obfuscation and native code. To resolve this problem, we introduce an ensemble-based malware classification algorithm using malware family grouping. The proposed family grouping algorithm finds the optimal combination of families belonging to the same group while the total number of families is fixed to the optimal total number. It also adopts unified feature extraction technique for handling seamless both bytecode and native code. We propose a unique feature selection algorithm that improves classification performance and time simultaneously. 2-gram based features are generated from the instructions and segments, and then selected by using multiple filters to choose most effective features. Through extensive simulation with many obfuscated and native code malware applications, we confirm that it can classify malwares with high accuracy and short processing time. Most existing approaches failed to achieve classification speed and detection time simultaneously. Therefore, the approach can help Android users to keep themselves safe from various and evolving cyber-attacks very effectively. 相似文献
10.
代码混淆是一种便捷、有效的软件保护方法,能够较好地对抗以逆向分析为基础的MATE攻击,随着以符号执行为基础的自动程序分析技术的发展,出现了能够抵抗符号执行的新代码混淆方法——路径分支混淆。依据路径分支信息的构成,以及分支信息在对抗符号执行分析上的差异,对分支混淆技术进行了分类,并给出了分支信息泄露与符号执行的联系;按照分支混淆的分类,对当前分支混淆的研究进展进行了介绍和总结,分析了各类分支混淆的优缺点;最后,对分支混淆技术的发展进行了展望。 相似文献