| 一种面向环境识别的恶意代码完整性分析方法 |
| |
| 引用本文: | 张 骞,康 绯,舒 辉,肖亚南.一种面向环境识别的恶意代码完整性分析方法[J].计算机应用研究,2016,33(2). |
| |
| 作者姓名: | 张 骞 康 绯 舒 辉 肖亚南 |
| |
| 作者单位: | 西安通信学院,数学工程与先进计算国家重点实验室,数学工程与先进计算国家重点实验室,数学工程与先进计算国家重点实验室 |
| |
| 基金项目: | 国家保密局科研基金资助项目(BMKY2013B03-1) |
| |
| 摘 要: | 完整性分析一直是恶意代码动态分析的难点。针对恶意代码动态分析方法存在行为获取不完整的问题,提出了一种面向环境识别的恶意代码完整性分析方法,通过分析恶意代码执行过程中的数据流信息识别恶意代码敏感分支点,构造能够触发隐藏行为的执行环境,提高了恶意代码行为分析的完整程度。通过对50个恶意代码样本的分析结果表明,该方法能有效缩减分析时间,获得更加全面的行为信息,有效提高分析效率和分析的完整性。
|
| 关 键 词: | 恶意代码 完整性分析 数据流分析 敏感分支点 环境识别 |
| 收稿时间: | 2014/11/2 0:00:00 |
| 修稿时间: | 2016/1/12 0:00:00 |
A method of integrity for malicious code analysis based on environment recognition |
| |
| ZHANG Qian,KANG Fei,SHU Hui and Xiao Ya-nan.A method of integrity for malicious code analysis based on environment recognition[J].Application Research of Computers,2016,33(2). |
| |
| Authors: | ZHANG Qian KANG Fei SHU Hui and Xiao Ya-nan |
| |
| Affiliation: | Xi'an Communication Institute,State Key Laboratory of Mathematical Engineering and Advanced Computing,State Key Laboratory of Mathematical Engineering and Advanced Computing,State Key Laboratory of Mathematical Engineering and Advanced Computing |
| |
| Abstract: | Integrity of the analysis is always a difficulty of the dynamic analysis for malicious code. Aiming at the problem of unable to get comprehensive behavior information on malicious code dynamic analysis, this paper proposed a method by identifying key branch points based on dataflow analysis to construct a valid environment for malicious code analysis which could trigger potential behavior and improve the integrity of the analysis. We have evaluated our system on 50 malicious code samples, and the result demonstrates that this method is able to reduce the time of analysis, get more information of behavior and improve the efficiency and the integrity of the analysis. |
| |
| Keywords: | malicious code integrity analysis dataflow analysis sensitive branch points environment recognition |
|
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
