摘要: Malware is a pervasive problem in distributed computer and network systems. Identification of malware variants provides great benefit early detection. Control flow has been proposed as characteristic that can be identified across variants, resulting flowgraph based classification. Static analysis widely used for the classification but ineffective if undergoes code packing transformation to hide its real content. This paper proposes novel algorithm constructing control graph signature using decompilation technique structuring. Similarity between structured graphs quickly determined string edit distances. To reverse transformation, fast application level emulator proposed. demonstrate effectiveness automated unpacking classification, we implement complete system evaluate it synthetic malware. The evaluation shows our highly effective terms accuracy revealing all hidden code, execution time unpacking,
acm.org 参考文章(22)
Thomas Dullien, Graph-based comparison of Executable Objects ,(2005)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Ismael Briones, Aitor Gomez, Gran Vía, GRAPHS, ENTROPY AND GRID COMPUTING: AUTOMATIC COMPARISON OF MALWARE ,(2008)
Fredrik Valeur, Christopher Kruegel, Giovanni Vigna, William Robertson, Static disassembly of obfuscated binaries usenix security symposium. pp. 18- 18 ,(2004)
Debin Gao, Michael K. Reiter, Dawn Song, BinHunt: Automatically Finding Semantic Differences in Binary Programs international conference on information and communication security. pp. 238- 255 ,(2008) , 10.1007/978-3-540-88625-9_16
Yanjun Wu, Tzi-cker Chiueh, Chen Zhao, Efficient and Automatic Instrumentation for Packed Binaries information security and assurance. pp. 307- 316 ,(2009) , 10.1007/978-3-642-02617-1_32
R. Baeza-Yates, G. Navarro, Fast approximate string matching in a dictionary string processing and information retrieval. pp. 14- 22 ,(1998) , 10.1109/SPIRE.1998.712978
Lorenzo Martignoni, Roberto Paleari, Giampaolo Fresi Roglia, Danilo Bruschi, Testing CPU emulators Proceedings of the eighteenth international symposium on Software testing and analysis - ISSTA '09. pp. 261- 272 ,(2009) , 10.1145/1572272.1572303
Komal Babar, Faiza Khalid, Generic unpacking techniques international conference on computer, control and communication. pp. 1- 6 ,(2009) , 10.1109/IC4.2009.4909168
Lorenzo Martignoni, Mihai Christodorescu, Somesh Jha, OmniUnpack: Fast, Generic, and Safe Unpacking of Malware annual computer security applications conference. pp. 431- 441 ,(2007) , 10.1109/ACSAC.2007.15