| 基于动态污点分析的恶意代码通信协议逆向分析方法 |
| 其他题名 | communication protocol reverse engineering of malware using dynamic taint analysis
|
| 刘豫; 王明华; 苏璞睿; 冯登国
|
| 2012
|
| 发表期刊 | 电子学报
 |
| ISSN | 3722112
|
| 卷号 | 40期号:4页码:661-668 |
| 摘要 | 对恶意代码通信协议的逆向分析是多种网络安全应用的重要基础.针对现有方法在协议语法结构划分的完整性和准确性方面存在不足,对协议字段的语义理解尤为薄弱,提出了一种基于动态污点分析的协议逆向分析方法,通过构建恶意进程指令级和函数级行为的扩展污点传播流图(Extended Taint Propagation Graph,ETPG),完成对协议数据的语法划分和语义理解.通过实现原型系统并使用恶意代码样本进行测试,结果表明本方法可以实现有效的语法和语义分析,具有较高的准确性和可靠性. |
| 收录类别 | cnki,ei,cscd,wanfang
|
| 其他摘要 | Communication protocol reverse engineering of malwares is significant base for various network security applications. However, recent works have limited accuracy and integrity in identifying protocol fields and are especially weak in understanding fields' semantics. This paper proposed a method for communication protocol reverse engineering based on dynamic taint analysis. By building an extended taint propagation graph (ETPG) recording both instruction and function level behaviors of a malicious process, dividing the protocol data into different syntax fields and inducing the semantic information of individual fields were achieved. A prototype system was implemented and evaluated with malware samples. The results show that this method can divide the syntax fields and extract semantic information accurately and effectively. |
| 关键词 | Computer Crime
Semantics
Syntactics
|
| 部门归属 | 中国科学院软件研究所信息安全国家重点实验室;
|
| 学科领域 | Computer Science (Provided By Thomson Reuters)
|
| 语种 | 中文
|
| 内容类型 | 期刊论文
|
| URI标识 | http://ir.iscas.ac.cn/handle/311060/14675
|
| 专题 | 中国科学院软件研究所
|
推荐引用方式
GB/T 7714 |
刘豫,王明华,苏璞睿,等. 基于动态污点分析的恶意代码通信协议逆向分析方法[J]. 电子学报,2012,40(4):661-668.
|
| APA |
刘豫,王明华,苏璞睿,&冯登国.(2012).基于动态污点分析的恶意代码通信协议逆向分析方法.电子学报,40(4),661-668.
|
| MLA |
刘豫,et al."基于动态污点分析的恶意代码通信协议逆向分析方法".电子学报 40.4(2012):661-668.
|
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论