Search algorithm based on priority in semantic method for malicious code detection

摘要

This paper present a search algorithm based on priority to detect malicious behavior in the semantic method with respect to morph technology in computer viruses. For Win32 PE virus, use disassembly technologies to get the assembly code of the program, and then establish the program flow chart with help of the intermediate representation. Next, match the malicious behavior template with the program flow chart. Search algorithm based on priority is used to find def-use relationship for detecting malicious behavior. The experiment results show that the search algorithm is fast and effective for invalid code insertion, code transposition, and register reassignment and partially effective for instruction substitution.