{"title":"BTMD:一个基于二进制翻译的恶意码检测框架","authors":"Zheng Shan, Haoran Guo, J. Pang","doi":"10.1109/CyberC.2012.16","DOIUrl":null,"url":null,"abstract":"Binary Translation technology is used to convert binary code of one Instruction Set Architecture (ISA) into another. This technology can solve the software-inheritance problem and ISA-compatibility between different computers architecture. In this paper, we describe BTMD (Binary Translation based Malcode Detector), a novel framework that exploits static and dynamic binary translation features to detect broad spectrum malware and prevent its execution. By operating directly on binary code with MD Rules on the availability of source code, BTMD is appropriate for translating low-level binary code to high-level proper representation, obtaining CFG (Control Flow Graph) and other high-level Control Structure by MD Parser. Then Critical API Graph based on CFG is generated to do sub graph matching with the defined Malware Behavior Template. MD Engine in BTMD is called to undertake the process to take on the remaining code analysis. Compared with other detection approaches, BTMD is found to be very efficient in terms of detection capability and false alarm rate.","PeriodicalId":416468,"journal":{"name":"2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"BTMD: A Framework of Binary Translation Based Malcode Detector\",\"authors\":\"Zheng Shan, Haoran Guo, J. Pang\",\"doi\":\"10.1109/CyberC.2012.16\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Binary Translation technology is used to convert binary code of one Instruction Set Architecture (ISA) into another. This technology can solve the software-inheritance problem and ISA-compatibility between different computers architecture. In this paper, we describe BTMD (Binary Translation based Malcode Detector), a novel framework that exploits static and dynamic binary translation features to detect broad spectrum malware and prevent its execution. By operating directly on binary code with MD Rules on the availability of source code, BTMD is appropriate for translating low-level binary code to high-level proper representation, obtaining CFG (Control Flow Graph) and other high-level Control Structure by MD Parser. Then Critical API Graph based on CFG is generated to do sub graph matching with the defined Malware Behavior Template. MD Engine in BTMD is called to undertake the process to take on the remaining code analysis. Compared with other detection approaches, BTMD is found to be very efficient in terms of detection capability and false alarm rate.\",\"PeriodicalId\":416468,\"journal\":{\"name\":\"2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-10-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberC.2012.16\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberC.2012.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
BTMD: A Framework of Binary Translation Based Malcode Detector
Binary Translation technology is used to convert binary code of one Instruction Set Architecture (ISA) into another. This technology can solve the software-inheritance problem and ISA-compatibility between different computers architecture. In this paper, we describe BTMD (Binary Translation based Malcode Detector), a novel framework that exploits static and dynamic binary translation features to detect broad spectrum malware and prevent its execution. By operating directly on binary code with MD Rules on the availability of source code, BTMD is appropriate for translating low-level binary code to high-level proper representation, obtaining CFG (Control Flow Graph) and other high-level Control Structure by MD Parser. Then Critical API Graph based on CFG is generated to do sub graph matching with the defined Malware Behavior Template. MD Engine in BTMD is called to undertake the process to take on the remaining code analysis. Compared with other detection approaches, BTMD is found to be very efficient in terms of detection capability and false alarm rate.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
