With the development of malware detection and analysis techniques,a large number of malwares use evasion techniques to fight against security analysis.Among these evasion techniques,code-hiding evasion techniques hide application code from static analysis,thus cause analysis results wrong or incomplete.The explosive growth of malware required automated detection of code-hiding evasion techniques.Through manual analysis of 142 malicious samples,this paper summarized an approach for detecting code-hiding evasion techniques and implemented a generic automated detection framework.We use the detection framework to do experiments on 2 278 samples in a third party applications market,and find that 34.9% samples use code-hiding evasion techniques.%随着恶意软件检测和分析技术的发展,大量恶意软件采用规避技术来对抗安全分析.其中,代码隐藏类规避技术将应用代码对静态分析隐藏起来,使分析结果错误或缺失.爆炸式增长的恶意软件数量要求了对代码隐藏类规避技术的自动化检测.通过对142个恶意样本进行人工分析,总结出一种代码隐藏类规避技术的检测方法,并实现了一个通用的自动化检测框架.使用检测框架在第三方应用市场2 278个样本上进行了实验,发现有34.9%的样本使用了代码隐藏类规避技术.
展开▼
