Multi-execution path construction method for malicious software
A technology with multiple execution paths and construction methods, applied in the fields of instrumentation, computing, electrical and digital data processing, etc., can solve problems such as economic losses, software analysts' erroneous conclusions, and single execution path of analysis programs, and achieve the effect of reducing system overhead.
Inactive Publication Date: 2015-09-23
NORTHWEST UNIV
View PDF4 Cites 7 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0005] The current analysis system has a serious problem: these analyzes are based on a single execution path of the program
That is, when a single execution path is used to determine the behavior of a program, it is easy to cause many actions to be unobservable, which may lead software analysts to draw wrong conclusions about the risks of certain samples, resulting in economic losses
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0053] The present invention provides a method for constructing multiple execution paths of malicious software, such as figure 1 As shown, the multi-execution path construction method of the malware includes:
[0054] Step 1, importing the target program, detecting whether the target program is an executable file, and executing the target program if the target program is the executable file.
[0055] Step 2: When a conditional branch instruction is detected during the execution of the target program, a program snapshot is created, and the program snapshot is saved in a snapshot linked list.
[0056] Step 3, during the execution of the target program, monitor the running state of the target program, and when the target program is about to end, suspend the running of the target program, according to the execution process information of the target program at this time , constructing a primary control flow graph, performing taint analysis and control dependency analysis, performi...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a multi-execution path construction method for malicious software and belongs to the field of safety of computerscomputer security. The multi-execution path construction method comprises two parts of obtaining an initial control flow diagram and constructing a complete control flow diagram according to the initial control flow diagram. The control flow diagram of a target program is constructed through establishing a program snapshot corresponding to the target program when the target program is nearly finished; the program snapshot is loaded and an execution path of a condition transferring instruction is modified; the target program is continually executed according to the modified execution path; the steps are repeated; and finally, the complete control flow diagram is constructed according to all the initial control flow diagrams, and all execution paths of the target program, namely the malicious software, can be obtained according to the complete control flow diagram. Compared to the prior art, partial behaviors only capable of obtaining the target program when the target program is analyzed according to the single path only can be avoided; and the potential safety hazards and the economic losses, caused by the fact that all the execution paths of the target program cannot be obtained, are reduced, and the system expenditure is reduced.
Description
technical field [0001] The invention belongs to the field of computer software security, in particular to a multi-execution path construction method of malicious software. Background technique [0002] In recent years, more and more malicious software not only poses a serious threat to the security and privacy of computer user data, but also causes huge economic losses. Malware is defined as viruses, worms, and Trojan horse programs that perform malicious tasks on a computer system. It controls the program by destroying the software process and makes the victim's computer pop up pornographic websites or malicious advertisements. It is also called rogue software. . Malware analysis is the process of determining the behavior and purpose of a malware sample such as viruses, worms, and Trojan horses. This process is a necessary step in being able to develop effective detection techniques and removal tools. [0003] For example, the CwSandbox system adopts dynamic analysis met...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 王蕾汤战勇张洁王华李光辉房鼎益陈晓江叶贵鑫张恒吕留东陈锋
Owner NORTHWEST UNIV