Obfuscated malicious code detection with path condition analysis

被引:5
|
作者
Fan, Wenqing [1 ]
Lei, Xue [2 ]
An, Jing [2 ]
机构
[1] Communication University of China, Beijing, China
[2] Information Security Center, Beijing University of Posts and Telecommunications, National Engineering Laboratory for Disaster Backup and Recovery, Beijing, China
来源
Journal of Networks | 2014年 / 9卷 / 05期
关键词
Abnormal behavior - Antivirus softwares - Code obfuscation - Constraint Solving - Detection efficiency - External resources - Malicious code detection - Malware detection;
D O I
10.4304/jnw.9.5.1208-1214
中图分类号
学科分类号
摘要
Code obfuscation is one of the main methods to hide malicious code. This paper proposes a new dynamic method which can effectively detect obfuscated malicious code. This method uses ISR to conduct dynamic debugging. The constraint solving during debugging process can detect deeply hidden malicious code by covering different execution paths. Besides, for malicious code that reads external resources, usually the detection of abnormal behaviors can only be detected by taking the resources into consideration. The method in this paper has better accuracy by locating the external resources precisely and combining it with the analysis of original malicious code. According to the experiment result of some anti-virus software, our prototype system can obviously improve the detection efficiency. © 2014 ACADEMY PUBLISHER.
引用
收藏
页码:1208 / 1214
相关论文
共 50 条
  • [21] A Half-Dynamic Classification Method on Obfuscated Malicious Java']JavaScript Detection
    Fang, Zhaolin
    Zhu, Renhuan
    Zhang, Weihui
    Chen, Bo
    INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2015, 9 (06): : 251 - 262
  • [22] Malicious Code Detection Based on Code Semantic Features
    Zhang, Yu
    Li, Binglong
    IEEE ACCESS, 2020, 8 : 176728 - 176737
  • [23] Obfuscated code is identifiable by a token-based code clone detection technique
    Akram, Junaid
    Vasan, Danish
    Luo, Ping
    INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTER SECURITY, 2022, 19 (3-4) : 254 - 273
  • [24] Detection of malicious code in user mode
    Sangeetha, R.
    2013 INTERNATIONAL CONFERENCE ON INFORMATION COMMUNICATION AND EMBEDDED SYSTEMS (ICICES), 2013, : 146 - 149
  • [25] Malicious Code Detection Using LLM
    Hossain, Al Amin
    Kumar, Mithun P. K.
    Zhang, Junjie
    Amsaad, Fathi
    IEEE NATIONAL AEROSPACE AND ELECTRONICS CONFERENCE, NAECON 2024, 2024, : 414 - 416
  • [26] Malicious code detection for open firmware
    Adelstein, F
    Stillerman, M
    Kozen, D
    18TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2002, : 403 - 412
  • [27] Understanding obfuscated code
    Madou, Matias
    Van Put, Ludo
    De Bosschere, Koen
    14TH IEEE INTERNATIONAL CONFERENCE ON PROGRAM COMPREHENSION (ICPC 2006), PROCEEDINGS, 2006, : 268 - +
  • [28] Dynamic Analysis of Malicious Code
    Ulrich Bayer
    Andreas Moser
    Christopher Kruegel
    Engin Kirda
    Journal in Computer Virology, 2006, 2 (1): : 67 - 77
  • [29] Dynamic analysis of malicious code
    Bayer, Ulrich
    Moser, Andreas
    Kruegel, Christopher
    Kirda, Engin
    JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2006, 2 (01): : 67 - 77
  • [30] Membrane: A Posteriori Detection of Malicious Code Loading by Memory Paging Analysis
    Pek, Gabor
    Lazar, Zsombor
    Varnagy, Zoltan
    Felegyhazi, Mark
    Buttyan, Levente
    COMPUTER SECURITY - ESORICS 2016, PT I, 2016, 9878 : 199 - 216
12345