Abstract: A semantic based method is presented to analyze malicious behavior in software, with more precise description of function call based attacks, and flow sensitive, context sensitive and path sensitive inter-procedure analysis ability. Experiments on malicious and benign programs show that it is effective to identify malicious behavior in software.

Key words: malware analysis, code obfuscation, model checking, information security

摘要： 提出了一种基于语义的恶意行为分析方法，可以对基于函数调用的攻击进行完整刻画，支持流敏感、上下文敏感且路径敏感的函数间分析。与现有方法相比可以更加准确地描述全局状态中的基于函数调用的攻击行为。针对多个恶意程序和应用程序的分析表明，该方法可以有效地识别代码中的恶意行为。

关键词: 恶意代码分析, 代码混淆, 模型检验, 信息安全