论文信息 - Semantic detection of malicious code based on the normalized system call

Semantic detection of malicious code based on the normalized system call

This paper presents a new semantic detection of malicious code method based on the normalized system call to obtain perfect malicious code system sequence and related parameters through the control of virtual environment, And to normalize the called sequence again. In order to effectively determine the malicious code, we establish a highly efficient abstract behavior vector's database of malicious code. By a large number of malicious codes experimental verification, the method is compared with existing methods that can be more accurate description of the malicious code attacks based on system call, and effectively in identifying unknown malicious code.

Dan Liu | Yichao Li | Zilong Liu | Changgeng Shao

[1] Somesh Jha,et al. A semantics-based approach to malware detection , 2008, TOPL.

[2] Huang Hao. Detection method of Trojan horse based on attack tree , 2008 .

[3] Wu Hao. An Attack Tree Approach for SCRIPT Virus Sample Analysis , 2005 .

[4] Mao Jian. A Malicious Behavior Analysis Method Based on Program Semantic , 2008 .

[5] Sun Xiao-yan. Hierarchical method to analyze malware behavior , 2010 .

[6] U. Bayer,et al. TTAnalyze: A Tool for Analyzing Malware , 2006 .

[7] Qian Huang,et al. Hierarchical method to analyze malware behavior: Hierarchical method to analyze malware behavior , 2010 .

[8] Felix C. Freiling,et al. Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[9] Somesh Jha,et al. A Layered Architecture for Detecting Malicious Behaviors , 2008, RAID.

[10] Somesh Jha,et al. Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[11] Su Pu. Intrusion Detection Model Based on Executable Static Analysis , 2006 .