文档介绍:一种基于语义的恶意行为分析方法
李佳静,梁知音,韦韬,毛剑
(北京大学计算机科学技术研究所,北京,100871)
{ lijiajing, liangzhiyin, weitao, maojian }***@.
摘要:多态和变形恶意代码的出现给传统的基于语法的恶意代码分析方法带来了挑战。基于语义的恶意代码分析方法试图解决这些问题,但是现有的方法对基于函数调用的攻击的研究存在不足。本文提出了一种基于语义的恶意行为分析方法,可以对基于函数调用的攻击进行完整刻划,支持流敏感、上下文敏感且路径敏感的函数间分析。与现有方法相比可以更加准确地描述基于函数调用的攻击行为,且能对抗更多类型的混淆技术。针对多个恶意程序和应用程序的分析表明,该方法可以有效地识别代码中的恶意行为。
关键词:恶意代码分析,代码混淆,模型检验, 信息安全
A Malicious Behavior Analysis Method Based on Program Semantic
Li Jiajing, Liang Zhiyin, Wei Tao, Mao Jian
(Institute puter Science & Technology of Peking University, Beijing, 100871)
Abstract:Polymorphic and metamorphic malware defeat traditional malware analysis methods. Methods based on program semantic were provided to resolve this problem, but currently few researches were focused on function call based attacks. This paper presents a semantic based method to analysis malicious behavior in software, with more precise description of function call based attacks, and flow sensitive, context sensitive and path sensitive inter-procedure analysis ability. The method can counteract more obfuscation technique. Experiments on malicious and benign programs show it is effective to find malicious behavior in software.
Keywords: malware analysis, code obfuscation, model checking, information security
引言
基金资助:国家高技术研究发展(863)计划,项目编号 2006AA01Z402
作者简介:李佳静,女,博士研究生;研究方向,网络与信息安全
恶意代码已经成为威胁互联网安全的重要因素,对恶意代码的分析和检测是任何安全策略中