北京大学学报(自然科学版)

一种基于语义的恶意行为分析方法

李佳静,梁知音,韦韬,毛剑   

  1. 北京大学计算机科学技术研究所,北京100871;
  • 收稿日期:2007-07-04 出版日期:2008-07-20 发布日期:2008-07-20

A Malicious Behavior Analysis Method Based on Program Semantic

LI Jiajing, LIANG Zhiyin, WEI Tao, MAO Jian   

  1. Institute of Computer Science & Technology, Peking University, Beijing 100871;
  • Received:2007-07-04 Online:2008-07-20 Published:2008-07-20

摘要: 提出了一种基于语义的恶意行为分析方法,可以对基于函数调用的攻击进行完整刻画,支持流敏感、上下文敏感且路径敏感的函数间分析。与现有方法相比可以更加准确地描述全局状态中的基于函数调用的攻击行为。针对多个恶意程序和应用程序的分析表明,该方法可以有效地识别代码中的恶意行为。

关键词: 恶意代码分析, 代码混淆, 模型检验, 信息安全

Abstract: A semantic based method is presented to analyze malicious behavior in software, with more precise description of function call based attacks, and flow sensitive, context sensitive and path sensitive inter-procedure analysis ability. Experiments on malicious and benign programs show that it is effective to identify malicious behavior in software.

Key words: malware analysis, code obfuscation, model checking, information security

中图分类号: