Obfuscated malicious code detection with path condition analysis

被引:5
|
作者
Fan, Wenqing [1 ]
Lei, Xue [2 ]
An, Jing [2 ]
机构
[1] Communication University of China, Beijing, China
[2] Information Security Center, Beijing University of Posts and Telecommunications, National Engineering Laboratory for Disaster Backup and Recovery, Beijing, China
来源
Journal of Networks | 2014年 / 9卷 / 05期
关键词
Abnormal behavior - Antivirus softwares - Code obfuscation - Constraint Solving - Detection efficiency - External resources - Malicious code detection - Malware detection;
D O I
10.4304/jnw.9.5.1208-1214
中图分类号
学科分类号
摘要
Code obfuscation is one of the main methods to hide malicious code. This paper proposes a new dynamic method which can effectively detect obfuscated malicious code. This method uses ISR to conduct dynamic debugging. The constraint solving during debugging process can detect deeply hidden malicious code by covering different execution paths. Besides, for malicious code that reads external resources, usually the detection of abnormal behaviors can only be detected by taking the resources into consideration. The method in this paper has better accuracy by locating the external resources precisely and combining it with the analysis of original malicious code. According to the experiment result of some anti-virus software, our prototype system can obviously improve the detection efficiency. © 2014 ACADEMY PUBLISHER.
引用
收藏
页码:1208 / 1214
相关论文
共 50 条
  • [31] Classification and Analysis of Malicious Code Detection Techniques Based on the APT Attack
    Lee, Kyungroul
    Lee, Jaehyuk
    Yim, Kangbin
    APPLIED SCIENCES-BASEL, 2023, 13 (05):
  • [32] AMA: Static Code Analysis of Web Page For The Detection of Malicious Scripts
    Seshagiri, Prabhu
    Vazhayil, Anu
    Sriram, Padmamala
    PROCEEDINGS OF THE 6TH INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING AND COMMUNICATIONS, 2016, 93 : 768 - 773
  • [33] Obfuscated Malicious Java']JavaScript Detection Scheme Using the Feature Based on Divided URL
    Morishige, Shoya
    Haruta, Shuichiro
    Asahina, Hiromu
    Sasase, Iwao
    2017 23RD ASIA-PACIFIC CONFERENCE ON COMMUNICATIONS (APCC): BRIDGING THE METROPOLITAN AND THE REMOTE, 2017, : 518 - 523
  • [34] A method for detecting obfuscated calls in malicious binaries
    Lakhotia, A
    Kumar, EU
    Venable, M
    IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2005, 31 (11) : 955 - 968
  • [35] TransAST: A Machine Translation-Based Approach for Obfuscated Malicious Java']JavaScript Detection
    Qin, Yan
    Wang, Weiping
    Chen, Zixian
    Song, Hong
    Zhang, Shigeng
    2023 53RD ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, DSN, 2023, : 327 - 338
  • [36] Detection technology of malicious code based on semantic
    Lu, Qingmei
    Wang, Yulin
    MULTIMEDIA TOOLS AND APPLICATIONS, 2017, 76 (19) : 19543 - 19555
  • [37] THE BEHAVIOR ORIENTED DETECTION OF MALICIOUS CODE OVERVIEW
    Deng, Jin-Cheng
    Liu, Dan
    Hu, Yue
    Liang, Zong-Wen
    2012 INTERNATIONAL CONFERENCE ON WAVELET ACTIVE MEDIA TECHNOLOGY AND INFORMATION PROCESSING (LCWAMTIP), 2012, : 235 - 238
  • [38] Unknown Malicious Code Detection - Practical Issues
    Moskovitch, Robert
    Elovici, Yuval
    PROCEEDINGS OF THE 7TH EUROPEAN CONFERENCE ON INFORMATION WARFARE AND SECURITY, 2008, : 145 - 152
  • [39] An ensemble framework for interpretable malicious code detection
    Cheng, Jieren
    Zheng, Jiachen
    Yu, Xiaomei
    INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS, 2022, 37 (12) : 10100 - 10117
  • [40] Malicious Code Detection Using Active Learning
    Moskovitch, Robert
    Nissim, Nir
    Elovici, Yuval
    PRIVACY, SECURITY, AND TRUST IN KDD, 2009, 5456 : 74 - 91
12345