Exploring Malware Behaviors Based on Environment Constitution
作者: Purui Su , Lingyun Ying , Dengguo Feng
DOI: 10.1109/CIS.2008.130
关键词:
摘要: Executing malware in a controlled environment is one of the most popular and effective methods extracting behavior characters malware. In this paper, we propose dynamic analysis technique to explore different behaviors We utilized constitution create comprehensive reports on This allowed us extract common paths identify what seems be typical behavior. likewise used static document interactions between environment, after which, based constitution, dynamically triggered path selections that observed have been pursued by Different inputs were generated reverse selection conditions, method for exploration all possible paths, thereby permitted generate relatively report study. The also filter invalid data unable earlier process. became even more helpful when implemented vulnerability among types commercial software; here, prototype system was set up, finished experiments evaluate system. result showed could without exploring its paths.
iscas.ac.cn参考文章(13)
Fredrik Valeur, Christopher Kruegel, Giovanni Vigna, William Robertson, Static disassembly of obfuscated binaries usenix security symposium. pp. 18- 18 ,(2004)
Gogul Balakrishnan, Radu Gruian, Thomas Reps, Tim Teitelbaum, CodeSurfer/x86—A Platform for Analyzing x86 Executables Lecture Notes in Computer Science. pp. 250- 254 ,(2005) , 10.1007/978-3-540-31985-6_19
Gogul Balakrishnan, Thomas Reps, Analyzing Memory Accesses in x86 Executables compiler construction. pp. 5- 23 ,(2006) , 10.1007/978-3-540-24723-4_2
Hiralal Agrawal, Joseph R. Horgan, Dynamic program slicing programming language design and implementation. ,vol. 25, pp. 246- 256 ,(1990) , 10.1145/93542.93576
Christopher Colby, Peter Lee, Trace-based program analysis symposium on principles of programming languages. pp. 195- 207 ,(1996) , 10.1145/237721.237776
Mihai Christodorescu, Somesh Jha, Christopher Kruegel, Mining specifications of malicious behavior Proceedings of the 1st conference on India software engineering conference - ISEC '08. pp. 5- 14 ,(2008) , 10.1145/1342211.1342215
James Clause, Wanchun Li, Alessandro Orso, Dytan: a generic dynamic taint analysis framework international symposium on software testing and analysis. pp. 196- 206 ,(2007) , 10.1145/1273463.1273490
Dawn Xiaodong Song, James Newsome, Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software network and distributed system security symposium. ,(2005)
Andreas Moser, Christopher Kruegel, Engin Kirda, Exploring Multiple Execution Paths for Malware Analysis ieee symposium on security and privacy. pp. 231- 245 ,(2007) , 10.1109/SP.2007.17
Ulrich Bayer, Andreas Moser, Christopher Kruegel, Engin Kirda, Dynamic Analysis of Malicious Code Journal in Computer Virology. ,vol. 2, pp. 67- 77 ,(2006) , 10.1007/S11416-006-0012-2