提出一种基于语义的恶意代码行为特征提取及检测方法,通过结合指令层的污点传播分析与行为层的语义分析,提取恶意代码的关键行为及行为间的依赖关系;然后,利用抗混淆引擎识别语义无关及语义等价行为,获取具有一定抗干扰能力的恶意代码行为特征.在此基础上,实现特征提取及检测原型系统.通过对多个恶意代码样本的分析和检测,完成了对该系统的实验验证.实验结果表明,基于上述方法提取的特征具有抗干扰能力强等特点,基于此特征的检测对恶意代码具有较好的识别能力.%This paper proposes a semantic-based approach to malware behavioral signature extraction and detection. This approach extracts critical malware behaviors as well as dependencies among these behaviors, integrating instruction-level taint analysis and behavior-level semantics analysis. Then, it acquires anti-interference malware behavior signatures using anti-obfuscation engine to identify semantic irrelevance and semantically equivalence. Further, a prototype system based on this signature extraction and detection approach is developed and evaluated by multiple malware samples. Experimental results have demonstrated that the malware signatures extracted show good ability to anti obfuscation and the detection based on theses signatures could recognize malware variants effectively.
展开▼
