期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于语义的二进制代码自动化反混淆方法 被引量:3

Semantics-based binary code automated de-obfuscation approach
原文传递
导出
摘要 针对已有的二进制代码反混淆方法只针对特定的混淆方法、不适用于未知的混淆方法,且代码覆盖率低的问题,提出了一种基于语义的二进制代码自动化反混淆方法,通过语义相关指令识别对混淆后程序的指令序列进行优化,能同时适用于已有的和未知的混淆方法.此外,提出了一种低开销的多执行路径构造方法,在提高代码覆盖率的同时降低了开销.实验结果表明:该方法具有较好的反混淆效果,对于恶意软件分析具有很好的辅助性作用,可有效地降低分析恶意软件的难度,提高分析恶意软件的效率. Current binary code de-obfuscation approaches only target a limited set of specific obfuscations and are ineffective against new obfuscations.State-of-the-art approaches of this problem are based on dynamic analysis and face the challenge of low code coverage.A semantics-based automated de-obfuscation approach was introduced.The key point of this approach is to optimize the instruction traces of the obfuscated program with the results of semantically relevant instruction identification,which can be applied to both existing and new obfuscation techniques.Moreover,a low-cost solution for multiple execution paths exploration was introduced.The proposed solution can enhance the code coverage and reduce the overhead at the same time.Experiment results show that the de-obfuscation approach is particularly effective and can be an invaluable aid for malware analysis.It can reduce the difficulty,and improve the efficiency of malware analysis effectively.
作者 郭军 王蕾 汤战勇 房鼎益
机构地区 西北大学信息科学与技术学院 西北大学爱迪德物联网信息安全联合实验室
出处 《华中科技大学学报(自然科学版)》 EI CAS CSCD 北大核心 2016年第3期55-59,共5页 Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金 国家科技支撑计划资助项目(2013BAK01B02) 国家自然科学基金资助项目(61170218 61272461 61202393) 陕西省教育厅产业化培育项目(2013JC07) 陕西省自然科学基础研究计划资助项目(2012JQ8049) 陕西省国际合作与交流项目(2015KW-003)
关键词 恶意软件 动态分析 语义 混淆 代码反混淆 代码覆盖率 malware dynamic analysis semantics obfuscation code de-obfuscation code coverage
分类号 TP391 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献13

  • 1Collberg C, Thomborson C, Low D. A taxonomy of obfuscating transformationsJ-R~. Auckland: Depart- ment of Computer Seienee, The University of Auck- land, 1997. 被引量:1
  • 2Sharif M, Lanzi A, Giffin J, et al. Automatic reverse engineering of malware emulators[C]//Proc of Secur- ity and Privacy. Piseataway: IEE;E;, 2009: 94-109. 被引量:1
  • 3Kang M G, Poosankam P, Yin H. Renovo: a hidden code extractor for packed executables[C]///Proc of 2007 ACM Workshop on Recurring Malcode. New York.. ACM, 2007: 46-53. 被引量:1
  • 4Udupa S K, Debray S K, Madou M. Deobfuscation~ reverse engineering obfuscated code]-C2//Proc of 12th Working Conference on Reverse Engineering. Piscat- away: IEEE;, 2005: 45-54. 被引量:1
  • 5Cadar C, Dunbar D, Engler D R. KLEE;: unassisted and automatic generation of high-coverage tests for complex systems programs [C] //Proc of USE;NIX Symposium on Operating Systems Design and Imple-mentation. Berkeley: USENIX, 2008: 209-224. 被引量:1
  • 6Moser A, Kruegel C, Kirda E. Exploring multiple execution paths for malware analysisJ-C~//Proc of Se- curity and Privacy. Piscataway: IEEE, 2007: 231- 245. 被引量:1
  • 7Luk C K, Cohn R, Muth R, et al. Pin: building cus- tomized program analysis tools with dynamic instru- mentation~C-]//Proc of ACM Sigplan Notices. New York.. ACM, 2005: 190-200. 被引量:1
  • 8Saxena P, Sekar R, Puranik V. Efficient fine-grained binary instrumentation with applications to taint- trackingFC~//Proe of 6th Annual IEEE/ACM Inter- national Symposium on Code Generation and Optimi- zation. New York: ACM, 2008: 74-83. 被引量:1
  • 9Zeng J, Fu Y, Miller K A, et al. Obfuscation resili- ent binary code reuse through trace-oriented program- ming[C]//Proc of 2013 ACM SIGSAC Conference on Computer ~ Communications Security. New York: ACM, 2013: 487-498. 被引量:1
  • 10Aho A V, Sethi R, Ullman J D. Compilers, princi- ples, techniques [ M1. Bergen County: Addison- Wesley, 1986. 被引量:1

二级参考文献13

  • 1Chow S,Eisen P,Johnson H. A white-box DES implementation for DRM applications[A].Berlin:Springer,2003.1-15. 被引量:1
  • 2Kanzaki Y,Monden A,Nakamura M. Exploiting selfmodification mechanism for program protection[A].Dallas,USA:IEEE,2003.170-179. 被引量:1
  • 3Kanzaki Y,Monden A,Nakamura M. Program camouflage:A systematic instruction hiding method for protecting secrets[J].World Acedemy of Science Engineering and Technology,2008,(09):509-515. 被引量:1
  • 4Kanzaki Y,Monden A. A software protection method based on time-sensitive code and self-modification mechanism[A].Anaheim:ACTA Press,2010.325-331. 被引量:1
  • 5Madou M,Anckaert B,Moseley P. Software protection through dynamic code mutation[J].Information Security Applications,2006.194-206. 被引量:1
  • 6Wu Y,Zhao Z,Chui T. An attack on SMC-based software protection[J].Information and Communications Security,2006.352-368. 被引量:1
  • 7Dux B,Iyer A,Debray S. Visualizing the behavior of dynamically modifiable code[A].Washington DC:IEEE Computer Society Press,2005.337-340. 被引量:1
  • 8Birrer B D,Raines R A,Baldwin R O. Program fragmentation as a metamorphic software protection[A].Washington DC:IEEE Computer Society,2007.369-374. 被引量:1
  • 9Oreans Technologies Corporation. Code virtualizer[EB/OL].http://www.oreans.com/codevirtualizer.php,2013,2013. 被引量:1
  • 10Collberg C,Thomborson C,Low D. A taxonomy of obfuscating transformations[R].New Zealand:The University of Auckland,1997.1173-3500. 被引量:1

共引文献4

同被引文献5

引证文献3

华中科技大学学报(自然科学版)
2016年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部