Model checking obfuscated binary malicious code

Computer Engineering and Applications ›› 2008, Vol. 44 ›› Issue (15): 61-64.

• 研发、设计、测试 • Previous Articles Next Articles

Model checking obfuscated binary malicious code

CHEN Chao,LI Jun,KONG De-guang,SHUAI Jian-mei

Department of Automation，University of Science & Technology of China，Hefei 230027，China

Received:2007-10-18 Revised:2008-01-11 Online:2008-05-21 Published:2008-05-21
Contact: CHEN Chao

模型检测迷惑二进制恶意代码

陈超,李俊,孔德光,帅建梅

中国科学技术大学自动化系，合肥 230027

通讯作者: 陈超

Abstract

Abstract: Introduce model checking method to built model for binary executable，develop a useful model checker.This paper produces a finite state machine，which is used to model a normal malicious binary executable，then make use of model checker to check obfuscated binary executable.If obfuscated binary executable can be identified by finite state machine，this binary executable is malicious executable.The experiment result shows model checking for obfuscated binary executable is an effective static analysis method and can check out some obfuscated binary executable.

Key words: static analysis, model checking, disassembly, malicious code, automata

摘要： 对二进制恶意代码进行形式化建模，开发了一个检查迷惑恶意代码的模型检查器。生成迷惑前的二进制恶意代码的有限状态机模型，再使用模型检查器检测迷惑二进制恶意代码，如果迷惑二进制恶意代码能被有限状态机模型识别，可判定其为恶意代码。实验结果表明模型检查迷惑二进制恶意代码是一种有效的静态分析方法，可以检测出一些常用的迷惑恶意代码。

关键词: 静态分析, 模型检查, 反汇编, 恶意代码, 自动机

CHEN Chao,LI Jun,KONG De-guang,SHUAI Jian-mei. Model checking obfuscated binary malicious code[J]. Computer Engineering and Applications, 2008, 44(15): 61-64.

陈超,李俊,孔德光,帅建梅. 模型检测迷惑二进制恶意代码[J]. 计算机工程与应用, 2008, 44(15): 61-64.

[1]	DU Yao. Android Malicious Family Detection Algorithm Based on Local Optimization Matching [J]. Computer Engineering and Applications, 2021, 57(8): 84-90.
[2]	CHEN Xiaohan, WEI Shuning, QIN Zhengze. Malware Family Classification Based on Deep Learning Visualization [J]. Computer Engineering and Applications, 2021, 57(22): 131-138.
[3]	CHEN Yaoyang, CHEN Wei. Control Flow Obfuscation Technology Based on Implicit Jump [J]. Computer Engineering and Applications, 2021, 57(20): 125-132.
[4]	ZHONG Qidong, ZHANG Jingxiang. Chinese Composition Scoring Algorithm Embedded with Language Deep Perception [J]. Computer Engineering and Applications, 2020, 56(8): 124-129.
[5]	JIANG Jinchuan, WANG Chong. Research on PageRank Algorithm Based on Learning Automata and User Interest [J]. Computer Engineering and Applications, 2020, 56(3): 80-85.
[6]	WANG Guodong, LU Tianliang, YIN Haoran, ZHANG Jianlin. Malicious Code Family Detection Technology Based on CNN-BiLSTM [J]. Computer Engineering and Applications, 2020, 56(24): 72-77.
[7]	ZHOU Yang, LU Tianliang, DU Yanhui, GUO Rui, BAO Yuxuan, LI Mo. Detection and Analysis of Windows Malicious Code Based on Thread Fusion Feature [J]. Computer Engineering and Applications, 2020, 56(23): 103-108.
[8]	WANG Peng, Nurbol, SU Rui. Bibliometric Analysis of Current Studies and Developing Trends on Malicious Code Research [J]. Computer Engineering and Applications, 2019, 55(8): 92-101.
[9]	HUANG Simeng1, CHENG Lianglun2, WANG Tao2. Multi-Pattern Complex Event Detection Method Based on Double-Array Trie-Tree [J]. Computer Engineering and Applications, 2019, 55(4): 91-95.
[10]	ZHANG Sheng, LI Yuqing, LI Yuanqingzhen. Multi-Value Cellular Automata Simulation and Application Combined with User Perception Model [J]. Computer Engineering and Applications, 2019, 55(20): 250-256.
[11]	HE Hong, CHEN Yong. HE Hong, CHEN Yong [J]. Computer Engineering and Applications, 2019, 55(14): 209-214.
[12]	LIN Hongyang, PENG Jianshan, ZHAO Shibin, ZHU Junhu, XU Hang. Survey on JavaScript Engine Vulnerability Detection [J]. Computer Engineering and Applications, 2019, 55(11): 16-24.
[13]	CHEN Lu, MA Yuanyuan, SHI Congcong, LI Nige, LI Weiwei. Research on Android application security flaws static analysis technology [J]. Computer Engineering and Applications, 2018, 54(4): 117-121.
[14]	FU Zhe1，2, LI Jun2. Survey on high performance regular expression matching algorithms [J]. Computer Engineering and Applications, 2018, 54(20): 1-13.
[15]	LI Qian1, WANG Zheng1, MA Jianfen1, LI Na2. Lightweight mobile payment protocol fairness analysis [J]. Computer Engineering and Applications, 2018, 54(19): 82-87.

Model checking obfuscated binary malicious code

模型检测迷惑二进制恶意代码

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics