| 动态指令流差分分析在恶意软件分析中的应用* |
| |
| 引用本文: | 孙明,谷大武,李卷孺,罗宇皓. 动态指令流差分分析在恶意软件分析中的应用*[J]. 计算机应用研究, 2012, 29(2): 658-660 |
| |
| 作者姓名: | 孙明 谷大武 李卷孺 罗宇皓 |
| |
| 作者单位: | 上海交通大学计算机科学与工程系,上海,200240 |
| |
| 基金项目: | 国家自然科学基金资助项目(61073150);SafeNet东北亚科研计划资助项目 |
| |
| 摘 要: | 针对静态分析方法已不能满足安全分析的需求,而传统的动态分析技术不能快速定位关键信息,且分析效率不高,提出了一种动态指令流差分分析技术,描述了差分分析模型和分析方法。该分析技术能够高速有效地分析恶意软件的关键数据,识别加密算法,分析混淆代码的功能模块和数据扩散情况。通过实验对其可行性和高效性进行了验证。
|
| 关 键 词: | 恶意软件分析 动态指令流 差分分析 数据流 |
Differential analysis on dynamic binary and its application in malicious code analysis |
| |
| SUN Ming,GU Da-wu,LI Juan-ru,LUO Yu-hao. Differential analysis on dynamic binary and its application in malicious code analysis[J]. Application Research of Computers, 2012, 29(2): 658-660 |
| |
| Authors: | SUN Ming GU Da-wu LI Juan-ru LUO Yu-hao |
| |
| Affiliation: | (Dept. of Computer Science & Engineering, Shanghai Jiaotong University, Shanghai 200240, China) |
| |
| Abstract: | Static binary analysis methods cannot meet the demand for malicious code analysis, and the traditional dynamic analysis approaches cannot effectively find the critical information among the huge amount of dynamic binary code. This paper gave a kind of differential analysis approach on dynamic binary code and provided its model and method. This approach could effectively extract the sensitive information from malicious code and make the function module or data spread understood. Finally, it provided an experiment based on differential binary analysis system, which validated the capability and efficiency of the approach. |
| |
| Keywords: | malware analysis dynamic code differential analysis dataflow analysis |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
