Obfuscated malicious code detection with path condition analysis

被引:5
|
作者
Fan, Wenqing [1 ]
Lei, Xue [2 ]
An, Jing [2 ]
机构
[1] Communication University of China, Beijing, China
[2] Information Security Center, Beijing University of Posts and Telecommunications, National Engineering Laboratory for Disaster Backup and Recovery, Beijing, China
来源
Journal of Networks | 2014年 / 9卷 / 05期
关键词
Abnormal behavior - Antivirus softwares - Code obfuscation - Constraint Solving - Detection efficiency - External resources - Malicious code detection - Malware detection;
D O I
10.4304/jnw.9.5.1208-1214
中图分类号
学科分类号
摘要
Code obfuscation is one of the main methods to hide malicious code. This paper proposes a new dynamic method which can effectively detect obfuscated malicious code. This method uses ISR to conduct dynamic debugging. The constraint solving during debugging process can detect deeply hidden malicious code by covering different execution paths. Besides, for malicious code that reads external resources, usually the detection of abnormal behaviors can only be detected by taking the resources into consideration. The method in this paper has better accuracy by locating the external resources precisely and combining it with the analysis of original malicious code. According to the experiment result of some anti-virus software, our prototype system can obviously improve the detection efficiency. © 2014 ACADEMY PUBLISHER.
引用
收藏
页码:1208 / 1214
相关论文
共 50 条
  • [1] Detection of Obfuscated Malicious Java']JavaScript Code
    Alazab, Ammar
    Khraisat, Ansam
    Alazab, Moutaz
    Singh, Sarabjot
    FUTURE INTERNET, 2022, 14 (08):
  • [2] Static analysis of the disassembly against malicious code obfuscated with conditional jumps
    Dai, Chao
    Pang, Jianmin
    Zhao, Rongcai
    Ma, Xiaojun
    7TH IEEE/ACIS INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION SCIENCE IN CONJUNCTION WITH 2ND IEEE/ACIS INTERNATIONAL WORKSHOP ON E-ACTIVITY, PROCEEDINGS, 2008, : 525 - 530
  • [3] Detecting and De-Obfuscating Obfuscated Malicious JavaScript Code
    Wang, Wei (wangwei1@bjtu.edu.cn), 1699, Science Press (40):
  • [4] METHOD FOR DETECTING THE OBFUSCATED MALICIOUS CODE BASED ON BEHAVIOR CONNECTION
    Li, Wenwu
    Li, Chao
    Duan, Miyi
    2014 IEEE 3RD INTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND INTELLIGENCE SYSTEMS (CCIS), 2014, : 234 - 240
  • [5] Researches on deobfuscation against malicious code obfuscated with conditional jumps
    Dai, C.
    Pang, J. M.
    Zhao, R. C.
    Fu, W.
    2008 PROCEEDINGS OF INFORMATION TECHNOLOGY AND ENVIRONMENTAL SYSTEM SCIENCES: ITESS 2008, VOL 2, 2008, : 1093 - 1099
  • [6] Obfuscated Malicious Java']JavaScript Detection by Machine Learning
    Pan, Jinkun
    Mao, Xiaoguang
    PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON ADVANCES IN MECHANICAL ENGINEERING AND INDUSTRIAL INFORMATICS (AMEII 2016), 2016, 73 : 805 - 810
  • [7] Obfuscated malicious JavaScript detection by causal relations finding
    Al-Taharwa, Ismail Adel
    Mao, Ching-Hao
    Pao, Hsin-Kuo
    Wu, Kuo-Ping
    Faloutsos, Christos
    Lee, Hahn-Ming
    Chen, Shyi-Ming
    Jeng, Albert B.
    International Conference on Advanced Communication Technology, ICACT, 2011, : 787 - 792
  • [8] ANALYSIS OF RESNET MODEL FOR MALICIOUS CODE DETECTION
    Khan, Riaz Ullah
    Zhang, Xiaosong
    Kumar, Rajesh
    Tariq, Hussain Ahmad
    2017 14TH INTERNATIONAL COMPUTER CONFERENCE ON WAVELET ACTIVE MEDIA TECHNOLOGY AND INFORMATION PROCESSING (ICCWAMTIP), 2017, : 239 - 242
  • [9] MALICIOUS CODE DETECTION WITH INTEGRATED BEHAVIOR ANALYSIS
    Li, Xiao-Yong
    Liu, Wei-Wei
    PROCEEDINGS OF 2009 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS, VOLS 1-6, 2009, : 2797 - 2801
  • [10] A detection framework for semantic code clones and obfuscated code
    Sheneamer, Abdullah
    Roy, Swarup
    Kalita, Jugal
    EXPERT SYSTEMS WITH APPLICATIONS, 2018, 97 : 405 - 420
12345