Institutional Repository
| 基于动态污点分析的恶意代码通信协议逆向分析方法 | |
| Alternative Title | communication protocol reverse engineering of malware using dynamic taint analysis |
| 刘豫; 王明华; 苏璞睿; 冯登国 | |
| 2012 | |
| Source | 电子学报
 |
| ISSN | 3722112 |
| Volume | 40Issue:4Pages:661-668 |
| English Abstract | 对恶意代码通信协议的逆向分析是多种网络安全应用的重要基础.针对现有方法在协议语法结构划分的完整性和准确性方面存在不足,对协议字段的语义理解尤为薄弱,提出了一种基于动态污点分析的协议逆向分析方法,通过构建恶意进程指令级和函数级行为的扩展污点传播流图(Extended Taint Propagation Graph,ETPG),完成对协议数据的语法划分和语义理解.通过实现原型系统并使用恶意代码样本进行测试,结果表明本方法可以实现有效的语法和语义分析,具有较高的准确性和可靠性. |
| Indexed Type | cnki,ei,cscd,wanfang |
| Abstract | Communication protocol reverse engineering of malwares is significant base for various network security applications. However, recent works have limited accuracy and integrity in identifying protocol fields and are especially weak in understanding fields' semantics. This paper proposed a method for communication protocol reverse engineering based on dynamic taint analysis. By building an extended taint propagation graph (ETPG) recording both instruction and function level behaviors of a malicious process, dividing the protocol data into different syntax fields and inducing the semantic information of individual fields were achieved. A prototype system was implemented and evaluated with malware samples. The results show that this method can divide the syntax fields and extract semantic information accurately and effectively. |
| Keyword | Computer Crime Semantics Syntactics |
| Department | 中国科学院软件研究所信息安全国家重点实验室; |
| Subject | Computer Science (Provided By Thomson Reuters) |
| Language | 中文 |
| Content Type | 期刊论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/14675 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | 刘豫,王明华,苏璞睿,等. 基于动态污点分析的恶意代码通信协议逆向分析方法[J]. 电子学报,2012,40(4):661-668. |
| APA | 刘豫,王明华,苏璞睿,&冯登国.(2012).基于动态污点分析的恶意代码通信协议逆向分析方法.电子学报,40(4),661-668. |
| MLA | 刘豫,et al."基于动态污点分析的恶意代码通信协议逆向分析方法".电子学报 40.4(2012):661-668. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| 基于动态污点分析的恶意代码通信协议逆向分(898KB) | 开放获取 | License | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment