首页 | 本学科首页   官方微博 | 高级检索  
     

针对指令乱序变形技术的归一化研究
引用本文:金然 魏强 王清贤. 针对指令乱序变形技术的归一化研究[J]. 计算机科学, 2008, 35(2): 89-92
作者姓名:金然 魏强 王清贤
作者单位:信息工程大学信息工程学院,郑州,450002;信息工程大学信息工程学院,郑州,450002;信息工程大学信息工程学院,郑州,450002
摘    要:新出现的恶意代码大部分是在原有恶意代码基础上修改转换而来.许多变形恶意代码更能自动完成该过程,由于其特征码不固定,给传统的基于特征码检测手段带来了极大挑战.采用归一化方法,并结合使用传统检测技术是一种应对思路.本文针对指令乱序这种常用变形技术提出了相应的归一化方案.该方案先通过控制依赖分析将待测代码划分为若干基本控制块,然后依据数据依赖图调整各基本控制块中的指令顺序,使得不同变种经处理后趋向于一致的规范形式.该方案对指令乱序的两种实现手段,即跳转法和非跳转法,同时有效.最后通过模拟测试对该方案的有效性进行了验证.

关 键 词:变形恶意代码  归一化  恶意代码检测

Research on Normalization towards Instructions Reordering Metamorphism Technique
JIN Ran,WEI Qiang,WAN Qing-Xian (Information Engineering Institute,Information Engineering University,Zhengzhou. Research on Normalization towards Instructions Reordering Metamorphism Technique[J]. Computer Science, 2008, 35(2): 89-92
Authors:JIN Ran  WEI Qiang  WAN Qing-Xian (Information Engineering Institute  Information Engineering University  Zhengzhou
Abstract:Much of apparently new malware comes from transformed known malware.Metamorphic malware could even complete this process automatically.The mutable signature makes the traditional detection method based on it difficult to detect metamorphic malware.Combining normalization idea with the traditional detection technology is a promising approach to resolve the problem.This paper proposes a normalization scheme towards instructions reordering metamorphism technique.In the scheme,the inspected code is firstly partitioned into some basic control blocks based on control-dependency analysis,then the instructions order in each block is adjusted according to the data-dependency graph.After the variants of malware are normalized according to the scheme,they tend to have the same form.The scheme is applicable to both jump method and non-jump method which are two implementations of instructions reordering.Testing has been conducted to validate the feasibility of the scheme.
Keywords:Metamorphic malware  Normalization  Malware detection
本文献已被 CNKI 维普 万方数据 等数据库收录!
点击此处可从《计算机科学》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号