恶意软件行为分析使用二进制代码跟踪

2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT) Pub Date : 2017-08-01 DOI:10.1109/CAIPT.2017.8320724

Jihun Kim, Jonghee M. Youn

{"title":"恶意软件行为分析使用二进制代码跟踪","authors":"Jihun Kim, Jonghee M. Youn","doi":"10.1109/CAIPT.2017.8320724","DOIUrl":null,"url":null,"abstract":"The rapidly increasing malware goes beyond personal security threats and has a negative effect on criminal society. To prevent these security threats, many anti-virus vendors and analysts are starving to more efficiently distinguish malicious behavior. In order to contribute to this, in this study, we try to detect malicious behavior by tracking the execution flow of binary code. Our method of tracking the execution flow of the binary code utilizing the BFS(Breath-First Search)algorithm advances static analysis based on binary code, but it can be a method combining the advantage of static analysis and the advantage of dynamic analysis. In addition to visualizing malicious behavior as a graph image based on APIs, it is possible to analyze more obviously malicious behavior.","PeriodicalId":351075,"journal":{"name":"2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Malware behavior analysis using binary code tracking\",\"authors\":\"Jihun Kim, Jonghee M. Youn\",\"doi\":\"10.1109/CAIPT.2017.8320724\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The rapidly increasing malware goes beyond personal security threats and has a negative effect on criminal society. To prevent these security threats, many anti-virus vendors and analysts are starving to more efficiently distinguish malicious behavior. In order to contribute to this, in this study, we try to detect malicious behavior by tracking the execution flow of binary code. Our method of tracking the execution flow of the binary code utilizing the BFS(Breath-First Search)algorithm advances static analysis based on binary code, but it can be a method combining the advantage of static analysis and the advantage of dynamic analysis. In addition to visualizing malicious behavior as a graph image based on APIs, it is possible to analyze more obviously malicious behavior.\",\"PeriodicalId\":351075,\"journal\":{\"name\":\"2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT)\",\"volume\":\"24 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CAIPT.2017.8320724\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CAIPT.2017.8320724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

迅速增加的恶意软件已经超越了个人安全威胁，并对犯罪社会产生了负面影响。为了防止这些安全威胁，许多反病毒供应商和分析人员都渴望更有效地区分恶意行为。为此，在本研究中，我们尝试通过跟踪二进制代码的执行流程来检测恶意行为。我们利用BFS(Breath-First Search)算法跟踪二进制代码执行流程的方法是基于二进制代码的静态分析，但它可以是一种结合静态分析和动态分析优点的方法。除了将恶意行为可视化为基于api的图形图像之外，还可以分析更明显的恶意行为。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Malware behavior analysis using binary code tracking

The rapidly increasing malware goes beyond personal security threats and has a negative effect on criminal society. To prevent these security threats, many anti-virus vendors and analysts are starving to more efficiently distinguish malicious behavior. In order to contribute to this, in this study, we try to detect malicious behavior by tracking the execution flow of binary code. Our method of tracking the execution flow of the binary code utilizing the BFS(Breath-First Search)algorithm advances static analysis based on binary code, but it can be a method combining the advantage of static analysis and the advantage of dynamic analysis. In addition to visualizing malicious behavior as a graph image based on APIs, it is possible to analyze more obviously malicious behavior.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT)

自引率

0.00%

发文量