| 基于代码进化的恶意代码沙箱规避检测技术研究 |
| |
| 引用本文: | 梁光辉, 庞建民, 单征. 基于代码进化的恶意代码沙箱规避检测技术研究[J]. 电子与信息学报, 2019, 41(2): 341-347. doi: 10.11999/JEIT180257 |
| |
| 作者姓名: | 梁光辉 庞建民 单征 |
| |
| 作者单位: | 1.解放军信息工程大学 郑州 450001;;2.数学工程与先进计算国家重点实验室 郑州 450001 |
| |
| 基金项目: | 国家自然科学基金;国家自然科学基金;国家自然科学基金 |
| |
| 摘 要: | 为了对抗恶意代码的沙箱规避行为,提高恶意代码的分析效率,该文提出基于代码进化的恶意代码沙箱规避检测技术。提取恶意代码的静态语义信息和动态运行时信息,利用沙箱规避行为在代码进化过程中所产生的动静态语义上的差异,设计了基于相似度差异的判定算法。在7个实际恶意家族中共检测出240个具有沙箱规避行为的恶意样本,相比于JOE分析系统,准确率提高了12.5%,同时将误报率降低到1%,其验证了该文方法的正确性和有效性。
|
| 关 键 词: | 恶意代码 沙箱规避 静态相似度 |
| 收稿时间: | 2018-03-21 |
| 修稿时间: | 2018-11-06 |
Malware Sandbox Evasion Detection Based on Code Evolution |
| |
| Guanghui LIANG, Jianmin PANG, Zheng SHAN. Malware Sandbox Evasion Detection Based on Code Evolution[J]. Journal of Electronics & Information Technology, 2019, 41(2): 341-347. doi: 10.11999/JEIT180257 |
| |
| Authors: | Guanghui LIANG Jianmin PANG Zheng SHAN |
| |
| Affiliation: | 1. PLA Information Engineering University, Zhengzhou 450001, China;;2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China |
| |
| Abstract: | In order to resist the malware sandbox evasion behavior, improve the efficiency of malware analysis, a code-evolution-based sandbox evasion technique for detecting the malware behavior is proposed. The approach can effectively accomplish the detection and identification of malware by first extracting the static and dynamic features of malware software and then differentiating the variations of such features during code evolution using sandbox evasion techniques. With the proposed algorithm, 240 malware samples with sandbox-bypassing behaviors can be uncovered successfully from 7 malware families. Compared with the JOE analysis system, the proposed algorithm improves the accuracy by 12.5% and reduces the false positive to 1%, which validates the proposed correctness and effectiveness. |
| |
| Keywords: | Malware Sandbox evasion Static similarity |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《电子与信息学报》浏览原始摘要信息 |
|
点击此处可从《电子与信息学报》下载全文 |
