中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Subject: Computer Science
Title:
一种抗混淆的恶意代码变种识别系统
Alternative Title: an anti-obfuscation malware variants identification system
Author: 王蕊 ; 苏璞睿 ; 杨轶 ; 冯登国
Keyword: 恶意代码变种 ; 动态污点分析 ; 行为分析 ; 混淆技术
Source: 电子学报
Issued Date: 2011
Volume: 39, Issue:10, Pages:2322-2330
Indexed Type: CNKI ; EI ; CSCD ; WANFANG
Department: 中国科学院研究生院信息安全国家重点实验室;中国科学院软件研究所信息安全国家重点实验室;信息安全共性技术国家工程研究中心;
Sponsorship: 国家863高技术研究发展计划(No.2009AA01Z435)|国家自然科学基金(No.60703076,No.61073179)
Abstract: 恶意代码变种是当前恶意代码防范的重点和难点.混淆技术是恶意代码产生变种的主要技术,恶意代码通过混淆技术改变代码特征,在短时间内产生大量变种,躲避现有基于代码特征的恶意代码防范方法,对信息系统造成巨大威胁.本文提出一种抗混淆的恶意代码变种识别方法,采用可回溯的动态污点分析方法,配合触发条件处理引擎,对恶意代码及其变种进行细粒度地分析,挖掘其内在行为逻辑,形成可用于识别一类恶意代码的特征,并通过特征融合优化以及权值匹配等方式,提高了对恶意代码变种的识别能力.通过实验,验证了本文的识别方法对恶意代码及其混淆变种的识别能力.
English Abstract: Malware variants are one of the major challenges in malware detecting today. Obfuscation, as a most popular technology to generate these variants, can change the signatures of malware to avoid the current signature-based malware preventing method, which is a big threat to information system. This paper proposes a novel anti-obfuscate malware detecting method. By making use of dynamic taint analysis methods and trigger-based behavior processing engine, this method can abstract the essential behavior logic of malware in fine-grained and form it as signatures of a class of malware, and identify variants more precisely associated with signature merging optimizing process and fuzzy matching methods. Experiment results show that the detecting method in this paper can identify malwares and its variants efficiently.
Language: 中文
Citation statistics:
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/16031
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
王蕊,苏璞睿,杨轶,等. 一种抗混淆的恶意代码变种识别系统[J]. 电子学报,2011-01-01,39(10):2322-2330.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[王蕊]'s Articles
[苏璞睿]'s Articles
[杨轶]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[王蕊]‘s Articles
[苏璞睿]‘s Articles
[杨轶]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace