Obfuscated malicious code detection with path condition analysis

被引：5

作者：

Fan, Wenqing ^{[1
]}

Lei, Xue ^{[2
]}

An, Jing ^{[2
]}

机构：

[1] Communication University of China, Beijing

[2] Information Security Center, Beijing University of Posts and Telecommunications, National Engineering Laboratory for Disaster Backup and Recovery, Beijing

来源：

Journal of Networks | 2014年 / 9卷 / 05期

关键词：

Code obfuscation; Malicious code detection; Malware detection;

D O I：

10.4304/jnw.9.5.1208-1214

中图分类号：

学科分类号：

摘要：

Code obfuscation is one of the main methods to hide malicious code. This paper proposes a new dynamic method which can effectively detect obfuscated malicious code. This method uses ISR to conduct dynamic debugging. The constraint solving during debugging process can detect deeply hidden malicious code by covering different execution paths. Besides, for malicious code that reads external resources, usually the detection of abnormal behaviors can only be detected by taking the resources into consideration. The method in this paper has better accuracy by locating the external resources precisely and combining it with the analysis of original malicious code. According to the experiment result of some anti-virus software, our prototype system can obviously improve the detection efficiency. © 2014 ACADEMY PUBLISHER.

引用

页码：1208 / 1214

页数：6

共 20 条

[1] Sathyanarayan V., Kohli P., Bruhadeshwar B., Signature generation and detection of malware families, In Information Security and Privacy, pp. 336-349, (2008)
[2] Burguera I., Zurutuza U., Nadjm-Tehrani S., Crowdroid: Behavior-based malware detection system for Android, In Proceedings of the 1st ACM Workshop On Security and Privacy In Smartphones and Mobile Devices, pp. 15-26, (2011)
[3] Polychronakis M., Anagnostakis K.G., Markatos E.P., Emulation-based detection of non-self-contained polymorphic shellcode, In Proceedings of the 10th International Conference On Recent Advances In Intrusion Detection, pp. 87-106, (2007)
[4] Linn C., Debray S., Obfuscation of executable code to improve resistance to static disassembly, In Proceedings of the 10th ACM Conference On Computer and Communications Security, pp. 290-299, (2003)
[5] Snow K.Z., Krishnan S., Monrose F., Provos N., ShellOS: Enabling fast detection and forensic analysis of code injection attacks, In Proceedings of the 20th USENIX Security Symposium, (2011)
[6] Song D., Brumley D., Yin H., Caballero J., Jager I., Kang M., Liang Z., Newsome J., Poosankam P., Saxena P., BitBlaze: A new approach to computer security via binary analysis, Inf. Syst. Secur, pp. 1-25, (2008)
[7] Kirda E., Kruegel C., Banks G., Vigna G., Kemmerer R., Behavior-based spyware detection, In Usenix Security Symposium, 15, (2006)
[8] Fratantonio Y., Kruegel C., Vigna G., Shellzer: A tool for the dynamic analysis of malicious shellcode, In Recent Advances In Intrusion Detection, pp. 61-80, (2011)
[9] Sharif M., Lanzi A., Giffin J., Lee W., Impeding malware analysis using conditional code obfuscation, In Network and Distributed System Security (NDSS), (2008)
[10] Skoudis E., Zeltser L., Malware: Fighting Malicious Code, (2004)

← 1 2 →