现代电子技术Issue(13):76-80,5.
污点标记技术在恶意代码分析中的应用
Application of stain labeling technique in malicious code analysis
摘要
Abstract
The method to dynamically analyze the malicious code with virtual machine technology has become a research emphasis in security domain. Generally speaking,most of relevant researches at home and abroad focused on theory,while less on application. In this paper,a new method is proposed,which takes full⁃system emulator QEMU as monitoring platform to pro⁃ceed dynamic real⁃time analysis on the target program by programming remote control program,and to extract the API calling se⁃quence and its corresponding parameter information of the target program. The stain labeling technique is used to relate the gen⁃erated data to extract behavior features of the target program effectively. It provides a theoretical basis for judging whether un⁃known programs are malicious codes. Experimental results indicate that the realized automatic analysis platform can achieve bet⁃ter analysis result than other similar tools.关键词
恶意代码/行为监控/QEMU/动态污点标记Key words
malicious code/behavior monitoring/QEMU/dynamic stain labeling分类
信息技术与安全科学引用本文复制引用
杨思燕,归达伟,杨元柱..污点标记技术在恶意代码分析中的应用[J].现代电子技术,2015,(13):76-80,5.基金项目
陕西工商职业学院课题(13G-08-B22);陕西省教育科学“十二五”规划课题 ()
