Obfuscated malicious code detection with path condition analysis

被引:5
|
作者
Fan, Wenqing [1 ]
Lei, Xue [2 ]
An, Jing [2 ]
机构
[1] Communication University of China, Beijing, China
[2] Information Security Center, Beijing University of Posts and Telecommunications, National Engineering Laboratory for Disaster Backup and Recovery, Beijing, China
来源
Journal of Networks | 2014年 / 9卷 / 05期
关键词
Abnormal behavior - Antivirus softwares - Code obfuscation - Constraint Solving - Detection efficiency - External resources - Malicious code detection - Malware detection;
D O I
10.4304/jnw.9.5.1208-1214
中图分类号
学科分类号
摘要
Code obfuscation is one of the main methods to hide malicious code. This paper proposes a new dynamic method which can effectively detect obfuscated malicious code. This method uses ISR to conduct dynamic debugging. The constraint solving during debugging process can detect deeply hidden malicious code by covering different execution paths. Besides, for malicious code that reads external resources, usually the detection of abnormal behaviors can only be detected by taking the resources into consideration. The method in this paper has better accuracy by locating the external resources precisely and combining it with the analysis of original malicious code. According to the experiment result of some anti-virus software, our prototype system can obviously improve the detection efficiency. © 2014 ACADEMY PUBLISHER.
引用
收藏
页码:1208 / 1214
相关论文
共 50 条
  • [41] Symbolic Execution of Obfuscated Code
    Yadegari, Babak
    Debray, Saumya
    CCS'15: PROCEEDINGS OF THE 22ND ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2015, : 732 - 744
  • [42] Malicious Code Detection Based on Software Fingerprint
    Yin, Zhimin
    Yu, Xiangzhan
    Niu, Linhua
    PROCEEDINGS OF THE 2013 THE INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE AND SOFTWARE ENGINEERING (ICAISE 2013), 2013, 37 : 212 - 216
  • [43] Malicious XSS Code Detection with Decision Tree
    Kasim, Omer
    JOURNAL OF POLYTECHNIC-POLITEKNIK DERGISI, 2020, 23 (01): : 67 - 72
  • [44] Early detection of malicious behavior in javascript code
    Schütt, Kristof
    Kloft, Marius
    Bikadorov, Alexander
    Rieck, Konrad
    Proceedings of the ACM Conference on Computer and Communications Security, 2012, : 15 - 24
  • [45] Detection technology of malicious code based on semantic
    Qingmei Lu
    Yulin Wang
    Multimedia Tools and Applications, 2017, 76 : 19543 - 19555
  • [46] Unknown Malicious Code Detection Based on Bayesian
    Lai, Yingxu
    Liu, Zhenghui
    CEIS 2011, 2011, 15
  • [47] Malicious code characteristics extraction and analysis
    Zuo, Liming
    Liu, Ergen
    Xu, Baogen
    Tang, Pengzhi
    Huazhong Keji Daxue Xuebao (Ziran Kexue Ban)/Journal of Huazhong University of Science and Technology (Natural Science Edition), 2010, 38 (04): : 46 - 49
  • [48] Design of malicious code detection system based on binar code slicin
    Zhang, Zhiyuan
    Zhang, Zhenjiang
    Li, Wei
    Zhou, Hongde
    Shen, Bo
    Journal of Computers (Taiwan), 2021, 32 (04) : 225 - 238
  • [49] Performance evaluations of AI-based obfuscated and encrypted malicious script detection with feature optimization
    Kim, Kookjin
    Shin, Jisoo
    Park, Jong-Geun
    Kim, Jung-Tae
    ETRI JOURNAL, 2024,
  • [50] Static detection of application backdoorsDetecting both malicious software behavior and malicious indicators from the static analysis of executable code
    Chris Wysopal
    Chris Eng
    Tyler Shields
    Datenschutz und Datensicherheit - DuD, 2010, 34 (3) : 149 - 155
12345