Institutional Repository
| 基于语义的恶意代码行为特征提取及检测方法 | |
| Alternative Title | semantics-based malware behavior signature extraction and detection method |
| 王蕊; 冯登国; 杨轶; 苏璞睿 | |
| 2012 | |
| Source | Journal of Software
 |
| ISSN | 1000-9825 |
| Volume | 23Issue:2Pages:378-393 |
| English Abstract | 提出一种基于语义的恶意代码行为特征提取及检测方法,通过结合指令层的污点传播分析与行为层的语义分析,提取恶意代码的关键行为及行为间的依赖关系;然后 ,利用抗混淆引擎识别语义无关及语义等价行为,获取具有一定抗干扰能力的恶意代码行为特征。在此基础上,实现特征提取及检测原型系统。通过对多个恶意代码 样本的分析和检测,完成了对该系统的实验验证。实验结果表明,基于上述方法提取的特征具有抗干扰能力强等特点,基于此特征的检测对恶意代码具有较好的识别 能力. |
| Indexed Type | cscd,ei,wanfang |
| Abstract | This paper proposes a semantic-based approach to malware behavioral signature extraction and detection.This approach extracts critical malware behaviors as well as dependencies among these behaviors,integrating instruction-level taint analysis and behavior-level semantics analysis.Then,it acquires anti-interference malware behavior signatures using anti-obfuscation engine to identify semantic irrelevance and semantically equivalence.Further,a prototype system based on this signature extraction and detection approach is developed and evaluated by multiple malware samples.Experimental results have demonstrated that the malware signatures extracted show good ability to anti obfuscation and the detection based on theses signatures could recognize malware variants effectively. |
| Keyword | Malware Semantics Behavior Signature Extraction Malware Detection |
| Department | 王蕊, 中国科学院研究生院, 信息安全国家重点实验室, 北京 100049, 中国. 冯登国, 中国科学院研究生院, 北京 100049, 中国. 杨轶, 中国科学院软件研究所, 北京 100190, 中国. 苏璞睿, 中国科学院软件研究所, 北京 100190, 中国. |
| Subject | Computer Science |
| Language | 中文 |
| Content Type | 期刊论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/14657 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | 王蕊,冯登国,杨轶,等. 基于语义的恶意代码行为特征提取及检测方法[J]. Journal of Software,2012,23(2):378-393. |
| APA | 王蕊,冯登国,杨轶,&苏璞睿.(2012).基于语义的恶意代码行为特征提取及检测方法.Journal of Software,23(2),378-393. |
| MLA | 王蕊,et al."基于语义的恶意代码行为特征提取及检测方法".Journal of Software 23.2(2012):378-393. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| 基于语义的恶意代码行为特征提取及检测方法(1231KB) | 开放获取 | License | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment