| 基于DynamoRIO的恶意代码行为分析 |
| |
| 引用本文: | 王乾,舒辉,李洋,黄荷洁. 基于DynamoRIO的恶意代码行为分析[J]. 计算机工程, 2011, 37(18): 139-141 |
| |
| 作者姓名: | 王乾 舒辉 李洋 黄荷洁 |
| |
| 作者单位: | 解放军信息工程大学信息工程学院,郑州,450002 |
| |
| 摘 要: | 提出一种基于动态二进制分析的恶意代码行为分析方法,以动态二进制分析平台DynamoRIO为基础设计实现恶意代码行为分析的原型系统.实验结果证明,该系统能够全面地获取恶意代码的API调用序列和参数信息,通过对API调用的关联性进行分析,准确得到恶意代码在文件、注册表、服务及进程线程操作等方面的行为特征.
|
| 关 键 词: | 恶意代码 DynamoRIO平台 插桩 动态二进制分析 API调用序列 关联分析 |
| 收稿时间: | 2011-02-22 |
Malicious Code Behavior Analysis Based on DynamoRIO |
| |
| WANG Qian,SHU Hui,LI Yang,HUANG He-jie. Malicious Code Behavior Analysis Based on DynamoRIO[J]. Computer Engineering, 2011, 37(18): 139-141 |
| |
| Authors: | WANG Qian SHU Hui LI Yang HUANG He-jie |
| |
| Affiliation: | (Institute of Information Engineering,PLA Information Engineering University,Zhengzhou 450002,China) |
| |
| Abstract: | This paper proposes a method based on dynamic binary analysis to analyze malicious code behavior and designs and implements a prototype malicious behavior analysis system based on DynamoRIO.Experimental results show that the system can capture Application Programming Interface(API) functions calling sequence and transfer parameter information completely.Based on correlative analysis of the calling sequence and the parameter information,malicious behaviors which cover files,the registry,services,processes,threads and so on are identified. |
| |
| Keywords: | malicious code DynamoRIO platform instrumentation dynamic binary analysis API calling sequence correlative analysis |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
|
