A parallel target-directed analysis method for malware behaviors

摘要

To improve the efficiency of analyzing malware behaviors and increase the validity of the test data, this paper proposes a parallel target-directed analysis method for malware behaviors, which combines static analysis with concolic testing techniques. It first uses static analysis techniques to identify and locate those interactive or input points and sensitive behavior functions. Then based on the distributed platform, by combining symbolic execution and concrete dynamic execution together and taking malware sensitive behaviors as the leading target, the parallel target-directed algorithm of searching sensitive paths and the method of leading and approaching sensitive behaviors are designed. It leads to traverse the sensitive functions, obtain the sensitive paths which can reach the sensitive behavior areas by path backtracking, and generate the corresponding test data. Finally, it finishes the analysis and test of malware behaviors. Experiments show that, compared with fuzz and full paths covering and traversing technique, this method can generate test data more efficiently, reduce the number of paths to be analyzed, and improve the analysis speed and efficiency of malware behaviors.