According to the software network communication behavior,a reverse analytical method based on session association was proposed in this paper.The method restored the network traffic communication session and Application Programming Interface (API) sequence session produced by software firstly,then associated the sessions restored.Through the association,a direct mapping was built between two kinds of software network behavior analytical methods based on execution trace analysis and network traffic analysis respectively.The prototype system was designed and completed.Based on the system,the function call list was extracted.The reverse analytical method based on session association makes the reverse analysis of software network behaviors fast and convenient.%针对软件网络通信过程,提出一种基于会话关联的逆向分析方法,该方法首先对软件产生的网络通信流量和软件执行的应用程序编程接口(API)序列分别进行会话还原,再对还原的会话进行会话关联,为软件网络行为分析中的基于网络流量的分析方法和基于执行轨迹的分析方法建立了直接映射.设计并实现了相关的会话关联系统,并在此系统上进行了函数调用链的提取,使针对软件网络通信过程的分析更快捷.
展开▼
