期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于DynamoRIO的恶意代码行为分析 被引量:6

Malicious Code Behavior Analysis Based on DynamoRIO
在线阅读 下载PDF
导出
摘要 提出一种基于动态二进制分析的恶意代码行为分析方法,以动态二进制分析平台DynamoRIO为基础设计实现恶意代码行为分析的原型系统。实验结果证明,该系统能够全面地获取恶意代码的API调用序列和参数信息,通过对API调用的关联性进行分析,准确得到恶意代码在文件、注册表、服务及进程线程操作等方面的行为特征。 This paper proposes a method based on dynamic binary analysis to analyze malicious code behavior and designs and implements a prototype malicious behavior analysis system based on DynamoRIO.Experimental results show that the system can capture Application Programming Interface(API) functions calling sequence and transfer parameter information completely.Based on correlative analysis of the calling sequence and the parameter information,malicious behaviors which cover files,the registry,services,processes,threads and so on are identified.
作者 王乾 舒辉 李洋 黄荷洁
机构地区 解放军信息工程大学信息工程学院
出处 《计算机工程》 CAS CSCD 北大核心 2011年第18期139-141,144,共4页 Computer Engineering
关键词 恶意代码 DynamoRIO平台 插桩 动态二进制分析 API调用序列 关联分析 malicious code DynamoRIO platform instrumentation dynamic binary analysis API calling sequence correlative analysis
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献9

  • 1卡巴斯基实验室. 卡巴斯基2010年一季度信息安全威胁报告[EB/OL]. (2010-06-11). http://www.kaspersky.com.cn/KL-AboutUs/ news2010/06n/100609a.htm.
  • 2Bruening D L. Efficient, Transparent, and Comprehensive Runtime Code Manipulation[D]. Massachusetts, USA: Massachusetts Institute of Technology, 2004.
  • 3Seiferta C, Steensona R, Welcha I, et al. Capture: A Behavioral Analysis Tool for Applications and Documents[C]//Proc. of the 7th Annual Digital Forensic Research Workshop. Boston, USA: [s. n.], 2007.
  • 4Willems C, Holz T, Freiling F. Toward Automated Dynamic Malware Analysis Using CWSandbox[J]. IEEE Security Privacy, 2007: 5(2): 32-39.
  • 5Bayer U, Kruegel C, Kirda E. TTAnalyze: A Tool for Analyzing Malware[C]//Proc. of the 15th EICAR Conference. Hamburg, Germany: [s. n.], 2006.
  • 6Bellard F. QEMU: A Fast and Portable Dynamic Translator[C]// Proc. of USE NIX Annual Technical Conference. San Francisco, USA: [s. n.], 2005: 41-46.
  • 7陈培,高维.恶意代码行为获取的研究与实现[J].计算机应用,2009,29(B12):76-78. 被引量:7
  • 8何永君,舒辉,熊小兵.基于动态二进制分析的网络协议逆向解析[J].计算机工程,2010,36(9):268-270. 被引量:11
  • 9Anubis: Analyzing Unknown Binaries[EB/OL]. (2010-08-21). http://anubis .iseclab.org.

二级参考文献15

  • 1BAYER U, MOSER A, ICRUEGEL C, et al. Dynamic analysis of malicious code[J]. Journal of Computer Virology, 2006, 2( 1):67 -77.
  • 2VIX API introduce [ EB/OL]. [ 2009 - 01 - 01]. http://www. vmware.com.
  • 3张银奎.调试软件[M].北京:电子工业出版社,2008:194-224.
  • 4LISTON T, SKOUDIS E. On the cutting edge: Thwarting virtual machine detection [ J/OL]. [ 2009 - 02 - 01 ]. http://www.intelguardians. com.
  • 5WILLEMS C, HOLZ T, FREILING F. CWSandbox: Towards automated dynamic binary analysis [ J]. IEEE Security and Privacy, 2007, 5(2) : 32 - 39.
  • 6Caballero J,Yin Heng,Liang Zhenkai,et al.Polyglot:Automatic Extraction of Protocol Format Using Dynamic Binary Analysis[C]// Proc.of the 14th ACM Conference on Computer and Communications Security.Alexandria,USA:[s.n.],2007.
  • 7Beddoe M.The Protocol Informatics Project[EB/OL].[2009-08-24].http://www.4tphi.net/~awalters/PI/PI.Html.
  • 8Cui Weidong,Kannan J,Wang H J.Discoverer:Automatic Protocol Reverse Engineering from Network Traces[C]//Proc.of the 16th Usenix Security Symposium.Boston,VA:USA:[s.n.],2007.
  • 9Lin Zhiqiang,Jiang Xuxian,Xu Dongyan,et al.Automatic Protocol Format Reverse Engineering Through Context-aware Monitored Execution[C]//Proc.of the 15th Symposium on Network and Distributed System Security.San Diego,California,USA:[s.n.],2008.
  • 10Cui Weidong,Peinado M,Chen K,et al.Tupni:Automatic Reverse Engineering of Input Formats[C]//Proc.of ACM Conference on Computer and Communications Security.Alexandria,VA,USA:[s.n.].2008.

共引文献16

同被引文献53

  • 1Microsoft MSDN Library. Windows Sockets2 (Windows) [ EB/OL]. [2012 - 10 - 26]. http://msdn, microsoft, com/en-us/library/win- dows/desktop/ms740673 ( v = vs. 85). aspx.
  • 2Microsoft MSDN Library. About WinINet [ EB/OL]. [ 2012 - 10 - 26 ]. http://msdn, microsoft, com/en-us/library/aa383630 ( VS. 85). aspx.
  • 3Microsoft MSDN Library. About WinHTrP [EB/OL]. [2012 - 1 0 - 26]. http://msdn, microsoft, com/en-us/library/aa383630 ( VS. 85). aspx.
  • 4NICHOLAS N. Dynamic binary analysis and instrumentation or building tools is easy [ D]. Cambridge: University of Cambridge, 2004.
  • 5SION B. Pin - a dynamic binary instrumentation tool [ EB/OL]. [ 2012 - 06 - 13]. http://www, pintool, org/.
  • 6赵天福,周丹平,王康,等.一种基于网络行为分析的反弹式木马检测方法[C]//第26次全国计算机安全学术交流会议论文集.北京:中国学术期刊电子出版社,2011:80-83.
  • 7段刚.加密与解密[M].3版.北京:电子工业出版社,2010:121-126.
  • 8Deepa Srinivasan,Zhi Wang,Xuxian Jiang,et al.Process out-grafting:an efficient“out-of-VM”approach for fine-grained process execution monitoring[C]//Proceedings of the 18th ACM conference on Computer and communications security(CCS’11),2011.
  • 9Zhi Wang,Xuxian Jiang,Weidong Cui,et al.Countering kernel rootkits with lightweight hook protection[C]//Proceedings of the 16th ACM conference on Computer and communications security(CCS’09),2009.
  • 10Monirul I Sharif,Wenke Lee,Weidong Cui,et al.Secure in-VM monitoring using hardware virtualization[C]//Proceedings of the 16th ACM conference on Computer and communications security(CCS’09),2009.

引证文献6

二级引证文献16

计算机工程
2011年 第18期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部