摘要： 针对网络安全领域中应用程序内部密码算法识别问题，提出一种基于动态二进制分析的密码算法识别方法。该方法以二进制分析平台DynamoRIO作为支撑，动态记录程序执行期间的数据信息，并综合利用基于统计特征的过滤和分类、基于密码算法常数特征的匹配以及基于数据流分析的函数参数识别等技术，对密码算法进行识别。测试结果表明，该方法能够迅速识别并准确定位应用程序中所使用的密码算法。

关键词: 密码算法识别, 动态二进制分析, DynamoRIO平台, 特征统计, 常数特征匹配, 函数参数识别

Abstract: For the cryptographic algorithm recognition problem in the current network security, this paper puts forward a method of cryptogram algorithm recognition based on dynamic binary analysis. It uses DynamoRIO platform to record data flow information during the execution of the program dynamically, and uses some technologies comprehensively to recognize cryptographic algorithm, such as filtering and classification based on statistical features, signature matching based on constant characteristics of cryptographic algorithms and parameter identification based on data flow analysis technology. Test result shows that it can identify and locate the cryptographic algorithm in application quickly and accurately.

Key words: cryptographic algorithm recognition, dynamic binary analysis, DynamoRIO platform, feature statistics, constant feature matching, function parameter identification

中图分类号: 

• TP309.2