网络与信息安全学报2025,Vol.11Issue(6):1-16,16.DOI:10.11959/j.issn.2096-109x.2025063
恶意代码动态分析对抗与反对抗技术综述
Survey on malicious code dynamic analysis evasion and anti-evasion techniques
摘要
Abstract
Dynamic analysis serves as a fundamental technique in malicious code analysis and detection,enabling the observation of real-time behaviors exhibited by malicious samples.In the ongoing adversarial arms race,mali-cious code employs dynamic analysis evasion techniques to evade detection,while defenders develop countermea-sures to enhance the capability of dynamic analysis systems to cope with evasive malware.Existing surveys pre-dominantly focus on the design and implementation of individual offensive and defensive techniques,lacking a comprehensive examination of their integration with the core stages of dynamic malicious code analysis.To ad-dress this limitation,a systematic survey of evasion techniques and anti-evasion techniques was conducted from an adversarial perspective,structured around the dynamic analysis workflow.First,the typical workflow of malicious code dynamic analysis was introduced.Next,the design and implementation methods of evasion techniques were summarized,including malware payload hiding,environment detection,behavior capture evasion,and analysis model deception,and their evasion strategies were analyzed.Then,the corresponding countermeasures were re-viewed,including malicious payload extraction,evasion-resistant environment construction,behavior triggering and monitoring enhancements,and model hardening,and the adversarial interplay driving the evolution of dynamic analysis systems was revealed.Finally,the future development trends and key research directions in the field of dy-namic analysis of malicious code were discussed,with the aim of providing references for the research on mali-cious code analysis and detection.关键词
恶意代码/动态分析/调试器/沙箱/对抗与反对抗Key words
malicious code/dynamic analysis/debugger/sandbox/evasion and anti-evasion分类
信息技术与安全科学引用本文复制引用
WANG Chenyang,PENG Guojun,YANG Xiuzhang,ZHOU Yilin..恶意代码动态分析对抗与反对抗技术综述[J].网络与信息安全学报,2025,11(6):1-16,16.基金项目
国家自然科学基金(62172308,61972297,62172144,62562012) (62172308,61972297,62172144,62562012)
贵州省基础研究计划(MS[2025]686) The National Natural Science Foundation of China(62172308,61972297,62172144,62562012),Guizhou Pro-vincial Basic Research Program(MS[2025]686) (MS[2025]686)
