期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于API依赖关系的代码相似度分析 被引量:2

Code Similarity Analysis Based on API Dependence Relation
在线阅读 下载PDF
导出
摘要 针对传统系统调用依赖图(SCDG)不能很好地消除API噪声、API重排等API特征混淆的问题,提出一种基于API依赖关系的恶意代码相似度分析方法。采用由API控制依赖关系和4类数据依赖关系组成的SCDG程序行为描述方式,通过数据依赖关系分析和控制依赖关系归一化,消除SCDG中的API噪声和API重排。实验结果表明,与API序列相似度分析方式相比,该方法能提高恶意代码相似度分析的准确性。 Aiming at the problem of API feature obfuscation caused by API noise and API rearrangement which traditional System Call Dependence Graph(SCDG) can not eliminate,this paper presents a malicious code similarity analysis method based on API dependence.The method uses a program behavior description based on SCDG composed of control dependence and four types of data dependence between APIs.API noise and API rearrangement are eliminated through data dependence analysis and control dependence normalization.Experimental results show that,compared with API sequence similarity analysis method,this method significantly improves the accuracy of the similarity analysis of malicious code.
作者 姚新磊 庞建民 岳峰 余勇
机构地区 信息工程大学信息工程学院
出处 《计算机工程》 CAS CSCD 2013年第1期80-84,共5页 Computer Engineering
基金 国家"863"计划基金资助重点项目(2009AA012201) 河南省重大科技攻关计划基金资助项目(092101210501)
关键词 恶意代码 相似度分析 数据依赖 控制依赖 系统调用依赖图 Jaccard系数 malicious code similarity analysis data dependence control dependence System Call Dependence Graph(SCDG) Jaccard index
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献10

  • 1Wang Xinran,Jhi Yoon-Chan,Zhu Sencun. Detecting Software Theft via System Call Based Birthmarks[A].Honolulu,USA:[s.n.],2009.149-158.
  • 2Christodorescu M,Jha S,Kruegel C. Mining Specifications of Malicious Behavior[A].New York,US:ACM Press,2007.5-14.
  • 3Bayer U,Comparetti P M,Hlauscheck C. Scalable,Behavior-based Malware Clustering[A].San Diego,USA:[s.n.],2009.
  • 4Wang Xinran,Jhi Yoon-Chan,Zhu Sencun. Behavior Based Software Theft Detection[A].New York,US:ACM Press,2009.
  • 5Woods S,Yang Qiang. The Program Understand Problem:Analysis of Heuristic Approach[A].Berlin,Germany:[s.n.],1996.25-29.
  • 6The Symantec Enterprise. Understanding and Managing Polymorphic Virus[EB/OL].http://www.symantec.com/avcenter/reference/striker.pdf,2012.
  • 7Kaze A. Stealth API-based Decryptor[EB/OL].http://vxheavens.com/lib/vkz00.html,2012.
  • 8杨轶,苏璞睿,应凌云,冯登国.基于行为依赖特征的恶意代码相似性比较方法[J].软件学报,2011,22(10):2438-2453. 被引量:21
  • 9Newsome J,Song D. Dynamic Taint Analysis for Automatic Detection,Analysis,and Signature Generation of Exploits on Commodity Software[A].IEEE Press,2005.
  • 10Cordella L P,Foggia P,Sansone C. A (Sub) Graph Isomorphism Algorithm for Matching Large Graphs[J].IEEE Transactions on Pattern Analysis and Machine Intelligence,2004,(10):1367-1372.

二级参考文献18

  • 1Microsoft security intelligence report. 2007. http://www.microsoft.com/downloads/details.aspx?FamilylD=4EDE2572-1D39-46EA- 94C6-4851750A2CB0.
  • 2Wang Z, Pierce K, McFarling S. BMAT--A binary matching tool for stale profile propagation. The Journal of Instruction-Level Parallelism, 2000,2:23-43.
  • 3Bayer U, Comparetti PM, Hlauscheck C, Kruegel C, Kirda E. Scalable, behavior-based malware clustering. In: Proc. of the Network and Distributed System Security Symp. (NDSS). San Diego, 2009. http://www.isoc.org/isoc/conferences/ndss/09/ proceedings.shtml.
  • 4Flake H. Structural comparison of executable objects. In: Proc. of the Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2004). 2004.83-97.
  • 5Dullien T, Rolles R. Graph-Based comparison of executable objects (English version). In: Proc. of the SSTIC 2005. 2005. http://www.sstic.org/2005/programme/.
  • 6Rabek JC, Khazan RI, Lewandowski SM, Cunningham RK. Detection of injected, dynamically generated, and obfuscated malicious code. In: Staniford S, Savage S, eds. Proc. of the 2003 ACM Workshop on Rapid Malcode. New York: Association for Computing Machinery, 2003.76-82. [doi: 10.1145/948187.948201].
  • 7Gao DB, Reiter MK, Song D. Binhunt: Automatically finding semantic differences in binary programs. In: Proc. of the Int'l Conf. on Information and Communications Security. Berlin, Heidelberg: Springer-Verlag, 2008. 238-255. [doi: 10.1007/978-3-540- 88625-9].
  • 8Bayer U, Moser A, Kruegel C, Kirda E. Dynamic analysis of malicious code. Journal in Computer Virology, 2006,2(1):67 77. [doi: 10.1007/s11416-006-0012-2].
  • 9Yin H, Song D, Egele M, Kruegel C, Kirda E. Panorama: Capturing system-wide information flow for malware detection and analysis. In: Ning P, ed. Proc. of the 14th ACM Conf. on Computer and Communications Security. New York: Association for Computing Machinery, 2007. 116 -127. [doi: 10.1145/1315245.1315261].
  • 10Bailey M, Oberheide J, Andersen J, Mao ZM, Jahanian F, Nazario J. Automated classification and analysis of internet malware. In: Kruegel C, Lippmann R, Clark A, eds. Proc. of the 10th Int'l Conf. on Recent Advances in Intrusion Detection. Berlin, Heidelberg: Springer-Verlag, 2007. 178-197. [doi: 10.1007/978-3-540-74320-0 10].

共引文献20

同被引文献22

引证文献2

二级引证文献6

计算机工程
2013年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部