计算机应用与软件2013,Vol.30Issue(4):1-4,39,5.DOI:10.3969/j.issn.1000-386x.2013.04.001
一种检测具有反分析能力的恶意软件的方法
APPROACH FOR DETECTING ANTI-ANALYSIS MALWARE
摘要
Abstract
This paper proposes a method to automatically detect anti-analysis malware. This approach records the traces of system calls and instructions executed by malware across four different analysis platform based on two monitoring and recording technologies. At first, the system call traces are compared. If a deviation exists, further comparison on instruction traces is needed to determine whether the root cause is anti-analysis or not. Experimental results have demonstrated that the approach can detect varies of analysis evasion technology.关键词
虚拟机发现/行为比较/序列对齐/动态后向切片Key words
Virtual machine detection/ Behaviour comparison/ Trace alignment/ Dynamic backwards slicing分类
信息技术与安全科学引用本文复制引用
杨兆,曾庆凯..一种检测具有反分析能力的恶意软件的方法[J].计算机应用与软件,2013,30(4):1-4,39,5.基金项目
国家自然科学基金项目(61170070) (61170070)
国家科技支撑计划项目(2012BAK26B01) (2012BAK26B01)
江苏省科技支撑计划项目(BE2010032) (BE2010032)
