| 基于结构化指纹的恶意代码变种分析* |
| |
| 引用本文: | 魏强,金然,王清贤.基于结构化指纹的恶意代码变种分析*[J].计算机应用研究,2008,25(3):899-902. |
| |
| 作者姓名: | 魏强 金然 王清贤 |
| |
| 作者单位: | 解放军信息工程大学,信息工程学院,郑州,450002 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 提出了一种基于结构化指纹的静态分析模型,用于辅助逆向工作者对恶意代码及其变种进行分析.该方法依据所提取的恶意代码及其变种的结构化指纹特征,在调用图和控制流图两个层次对两个文件进行同构比较,找出发生改变的函数以及发生改变的基本块,从而帮助逆向工作者迅速定位和发现恶意代码及其变种的不同之处,便于进一步分析.该模型采用了结构化特征及素数乘积等方法,可以较好地对抗一些常见的代码迷惑手段,从而识别出一些变形的代码是等价的.
|
| 关 键 词: | 恶意代码 变种分析 结构化指纹 静态分析 |
| 文章编号: | 1001-3695(2008)03-0899-04 |
| 修稿时间: | 2006年12月5日 |
Analysis of malicious code variants based on structural fingerprints |
| |
| WEI Qiang,JIN Ran,WANG Qing xian.Analysis of malicious code variants based on structural fingerprints[J].Application Research of Computers,2008,25(3):899-902. |
| |
| Authors: | WEI Qiang JIN Ran WANG Qing xian |
| |
| Affiliation: | (Information Engineering College, PLA Information Engineering University, Zhengzhou 450002, China) |
| |
| Abstract: | This paper presented a new static analysis model based on structural fingerprints to help reversing engineers analysing malicious code and its variant. Using structural fingerprints extracted from malicious code and its variant, this model carried on isomorphism of call graph and control flow graph to find changed functions and basic blocks, which gave enough information for the reversing engineers quickly locating the difference between the two files to do advanced research.Since using structural character and prime product, the model would not be confused by common methods of code obfuscation and could identify that some polymorphic codes were equivalent. |
| |
| Keywords: | malicious code variants analysis structrual fingerprint static analysis |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
