论文信息 - A static and dynamic visual debugger for malware analysis

A static and dynamic visual debugger for malware analysis

The number of viruses and malware has grown dramatically over the last few years, and this number is expected to grow in all likelihood. Due to the increasing amount of malicious software circulated over the Internet, it is almost impossible to reverse engineering all binary executable software line by line as it is very challenging and time consuming. In order to provide immediate security solutions and reduce the amount of time on understanding malicious portion consisted in viruses, Trojans and other general security flow, a comprehensive design of visual debugger is introduced in this paper. The research involves with the reverse engineering of binary executable by transforming a stream of bytes that constitutes the program into a corresponding sequence of machine instructions. Both static and dynamic debugger will be developed and interacted with a graph visualization system to visualize the parse instructions of a targeted executable file in execution flow graph. With the intention of improving the effectiveness, graph visualization is developed to accelerate the analysis progress. We reconstruct the targeted program's control flow and broke it into smaller regions. Fragment of malicious instructions can be easily determined via the control flow graph information.

Mahamod Ismail | Nasharuddin Zainal | Chan Lee Yee | Lee Ling Chuan

[1] Abhishek Singh,et al. Vulnerability Analysis and Defense for the Internet , 2008, Advances in Information Security.

[2] Alexander Meduna,et al. Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis , 2011, ISA.

[3] Lenny Zeltser. Analyzing Malicious Software , 2010 .

[4] David Harley,et al. AVIEN Malware Defense Guide for the Enterprise , 2007 .

[5] Vinod Yegneswaran,et al. Eureka: A Framework for Enabling Static Malware Analysis , 2008, ESORICS.

[6] Chris Eagle,et al. The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler , 2008 .

[7] Andrew Honig,et al. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012 .

[8] Lorie M. Liebrock,et al. Visualizing compiled executables for malware analysis , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[9] R. K. Shyamasundar,et al. Refinement calculus: A basis for translation validation, debugging and certification , 2006, Theor. Comput. Sci..

[10] Henry L. Owen,et al. Visual Analysis of Program Flow Data with Data Propagation , 2008, VizSEC.

[11] Justin Ferguson. Reverse engineering code with IDA Pro , 2008 .