METHOD FOR DETECTING THE OBFUSCATED MALICIOUS CODE BASED ON BEHAVIOR CONNECTION

被引:0
作者
Li, Wenwu [1 ]
Li, Chao [1 ]
Duan, Miyi [1 ]
机构
[1] Beihang Univ, Beijing 100191, Peoples R China
来源
2014 IEEE 3RD INTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND INTELLIGENCE SYSTEMS (CCIS) | 2014年
关键词
Analysis of malicious code; detection of malicious code; stain diffusion;
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Authors of obfuscated malicious code generally use the code obfuscation counter technology to improve the difficulty of being reversely analyzed for programming and hide critical code, data and program logic. The detection for malicious code of code obfuscation has become one of the popular topics being researched both domestically and abroad. In this study, a method for detecting the obfuscated malicious code with behavior connection is proposed. In this method, malicious acts are described based on the extended control flow graph to improve the descriptive power of self-modifying and obfuscated code. Furthermore, interference from malicious code brought by shell adding and obfuscation is eliminated by combining the method of stain diffusion and symbolic execution. Then malicious codes are extracted and detected based on behavior connection feature. As a result, accuracy of detecting the obfuscated malicious code is enhanced.
引用
收藏
页码:234 / 240
页数:7
相关论文
共 15 条
[1]  
Anckaert B, 2007, LECT NOTES COMPUT SC, V4437, P232
[2]   Some human dimensions of computer virus creation and infection [J].
Bissett, A .
INTERNATIONAL JOURNAL OF HUMAN-COMPUTER STUDIES, 2000, 52 (05) :899-913
[3]  
Christodorescu M, 2003, P 12 C USENIX SEC S, V12, P12, DOI DOI 10.21236/ADA449067
[4]  
Cmelik B., 1994, Performance Evaluation Review, V22, P128, DOI 10.1145/183019.183032
[5]  
Coogan K, 2011, PROCEEDINGS OF THE 18TH ACM CONFERENCE ON COMPUTER & COMMUNICATIONS SECURITY (CCS 11), P275
[6]  
DUBE TE, 2006, METAMORPHISM SOFTWAR
[7]  
Engler D. R., 1995, Operating Systems Review, V29, P251, DOI 10.1145/224057.224076
[8]   Exploiting self-modification mechanism for program protection [J].
Kanzaki, Y ;
Monden, A ;
Nakamura, M ;
Matsumoto, K .
27TH ANNUAL INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, PROCEEDINGS, 2003, :170-179
[9]  
Kolbitsch C, 2011, PROCEEDINGS OF THE 18TH ACM CONFERENCE ON COMPUTER & COMMUNICATIONS SECURITY (CCS 11), P285
[10]  
Linn C., 2003, P 10 ACM C COMP COMM, P290, DOI DOI 10.1145/948109.948149