期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

识别恶意软件中的加密函数 被引量:1

Identification of encrypted function in malicious software
在线阅读 下载PDF
导出
摘要 针对恶意软件通过加密函数规避安全检测和流量分析这一问题,提出了一种识别恶意软件中加密函数的方法。通过识别恶意软件动态执行路径中的循环、循环的输入和输出参数,构建恶意软件的动态循环数据流图,通过循环数据流图提取循环的输入和输出参数集合,设计已知加密函数的参考实现对循环输入集合中的元素进行运算,判断输出是否能够匹配输出集合中的元素从而识别恶意软件中的加密函数。实验证明此分析方法能够分析严重混淆的恶意软件其传输载荷所采用的加密函数。 To resolve that the malware ( malicious software) usually avoids security detection and flow analysis through encryption function, this paper proposed a scheme which can identify the encrypted function in malware. The scheme generated the dynamic loop data flow graph by identifying the loop and input/output of the loop in the dynamic trace. Then the sets of input/output were abstracted according to the loop data flow graph, the reference of known encrypted function was designed and the reference whose parameters were elements of the input sets was computed. If the result could match any element of the output sets, then the scheme could conclude the malware encrypts information by the known encrypted function. The experimental results prove that the proposed scheme can analyze the encrypted function of payload in the obfuscated malware.
作者 蔡建章 魏强 祝跃飞
机构地区 信息工程大学网络空间安全学院
出处 《计算机应用》 CSCD 北大核心 2013年第11期3239-3243,共5页 journal of Computer Applications
基金 国家863计划项目(2008AA01Z420)
关键词 加密函数识别 循环的输入和输出参数 循环数据流图 循环输入输出集合 动态二进制插桩 encrypted function identification input/output parameter of loop loop data flow graph input/output set inloop dynamic binary instrument
分类号 TP309.7 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献13

  • 1PEiD Krypto Analyzer ( KANAL). [ 2013- 02- 20]. http://www. softpedia, corn/get/Programming/'Other-Programming-Files/Kanal. shtml.
  • 2LEVIN I O. Draft Crypto Analyzer (DRACA) [ EB/OL]. [ 2003- 05-01 ]. http://www, literatecode, com/draca.
  • 3AURIEMMA L. SIGNSRCH tool [ EB/OL]. [2013-04-25]. ht- tp://aluigi, ahervista, org/mytoolz, htm.
  • 4LUTZ N. Towards revealing attacker's intent by automatically de- crypting network traffic [ D]. Ztirich, Switzerland: ETH Zttrich, 2008.
  • 5PUNTAMBEKAR A A. Principles of compiler design [ M]. Maha- rashtra, India: Technical Publications, 2009.
  • 6TUBELLA J, GONZALEZ A. Control speculation in muhithreaded processors through dynamic loop detection [ C] // Proceedings of the Fourth International Symposium on High-Performance Computer Ar- chitecture. Piscataway: IEEE Press, 1998:14-23.
  • 7KOBAYASHI M. Dynamic characteristics of loops [ J]. IEEE Trans- actions on Computers, 1984, 100(2): 125-132.
  • 8WANG Z, JIANG X X, CU! W D, et al. ReFormat: automatic re- verse engineering of encrypted messages [ M]// ESORICS'09: Pro- ceedings of the 14th European Conference on Research in Computer Security. Berlin: Springer, 2009:200-215.
  • 9CABALLERO J, POOSANKAM P, KREIBICH C, et al. Dispatch- er: enabling active bother infiltration using automatic protocol re- verse-engineering [ C]// Proceedings of the 16th ACM Conference on Computer and Communications Security. New York: ACM Press, 2009:621-634.
  • 10CALVET J, DAVIS C R, BUREAU P M. Malware authors don't learn, and that's good! [ C]// Proceedings of the 4th International Conference on Malicious and Unwanted Software. Piscataway: IEEE Press, 2009:88-97.

同被引文献2

引证文献1

二级引证文献1

计算机应用
2013年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部