| 模型检测迷惑二进制恶意代码 |
| |
| 引用本文: | 陈超,李俊,孔德光,帅建梅. 模型检测迷惑二进制恶意代码[J]. 计算机工程与应用, 2008, 44(15): 61-64. DOI: 10.3778/j.issn.1002-8331.2008.15.019 |
| |
| 作者姓名: | 陈超 李俊 孔德光 帅建梅 |
| |
| 作者单位: | 中国科学技术大学 自动化系,合肥 230027 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 对二进制恶意代码进行形式化建模,开发了一个检查迷惑恶意代码的模型检查器。生成迷惑前的二进制恶意代码的有限状态机模型,再使用模型检查器检测迷惑二进制恶意代码,如果迷惑二进制恶意代码能被有限状态机模型识别,可判定其为恶意代码。实验结果表明模型检查迷惑二进制恶意代码是一种有效的静态分析方法,可以检测出一些常用的迷惑恶意代码。
|
| 关 键 词: | 静态分析 模型检查 反汇编 恶意代码 自动机 |
| 文章编号: | 1002-8331(2008)15-0061-04 |
| 收稿时间: | 2007-10-18 |
| 修稿时间: | 2007-10-18 |
Model checking obfuscated binary malicious code |
| |
| CHEN Chao,LI Jun,KONG De-guang,SHUAI Jian-mei. Model checking obfuscated binary malicious code[J]. Computer Engineering and Applications, 2008, 44(15): 61-64. DOI: 10.3778/j.issn.1002-8331.2008.15.019 |
| |
| Authors: | CHEN Chao LI Jun KONG De-guang SHUAI Jian-mei |
| |
| Affiliation: | Department of Automation,University of Science & Technology of China,Hefei 230027,China |
| |
| Abstract: | Introduce model checking method to built model for binary executable,develop a useful model checker.This paper produces a finite state machine,which is used to model a normal malicious binary executable,then make use of model checker to check obfuscated binary executable.If obfuscated binary executable can be identified by finite state machine,this binary executable is malicious executable.The experiment result shows model checking for obfuscated binary executable is an effective static analysis method and can check out some obfuscated binary executable. |
| |
| Keywords: | static analysis model checking disassembly malicious code automata |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
