计算机工程 ›› 2011, Vol. 37 ›› Issue (18): 139-141.doi: 10.3969/j.issn.1000-3428.2011.18.046

• 安全技术 • 上一篇    下一篇

基于DynamoRIO的恶意代码行为分析

王 乾,舒 辉,李 洋,黄荷洁   

  1. (解放军信息工程大学信息工程学院,郑州 450002)
  • 收稿日期:2011-02-22 出版日期:2011-09-20 发布日期:2011-09-20
  • 作者简介:王 乾(1984-),男,硕士研究生,主研方向:网络与信息安全;舒 辉,副教授、博士;李 洋,硕士研究生;黄荷洁,本科生

Malicious Code Behavior Analysis Based on DynamoRIO

WANG Qian, SHU Hui, LI Yang, HUANG He-jie   

  1. (Institute of Information Engineering, PLA Information Engineering University, Zhengzhou 450002, China)
  • Received:2011-02-22 Online:2011-09-20 Published:2011-09-20

摘要: 提出一种基于动态二进制分析的恶意代码行为分析方法,以动态二进制分析平台DynamoRIO为基础设计实现恶意代码行为分析的原型系统。实验结果证明,该系统能够全面地获取恶意代码的API调用序列和参数信息,通过对API调用的关联性进行分析,准确得到恶意代码在文件、注册表、服务及进程线程操作等方面的行为特征。

关键词: 恶意代码, DynamoRIO平台, 插桩, 动态二进制分析, API调用序列, 关联分析

Abstract: This paper proposes a method based on dynamic binary analysis to analyze malicious code behavior and designs and implements a prototype malicious behavior analysis system based on DynamoRIO. Experimental results show that the system can capture Application Programming Interface(API) functions calling sequence and transfer parameter information completely. Based on correlative analysis of the calling sequence and the parameter information, malicious behaviors which cover files, the registry, services, processes, threads and so on are identified.

Key words: malicious code, DynamoRIO platform, instrumentation, dynamic binary analysis, API calling sequence, correlative analysis

中图分类号: