Title :
Method for detecting the obfuscated malicious code based on behavior connection
Author :
Wenwu Li ; Chao Li ; Miyi Duan
Author_Institution :
Beihang Univ., Beijing, China
Abstract :
Authors of obfuscated malicious code generally use the code obfuscation counter technology to improve the difficulty of being reversely analyzed for programming and hide critical code, data and program logic. The detection for malicious code of code obfuscation has become one of the popular topics being researched both domestically and abroad. In this study, a method for detecting the obfuscated malicious code with behavior connection is proposed. In this method, malicious acts are described based on the extended control flow graph to improve the descriptive power of self-modifying and obfuscated code. Furthermore, interference from malicious code brought by shell adding and obfuscation is eliminated by combining the method of stain diffusion and symbolic execution. Then malicious codes are extracted and detected based on behavior connection feature. As a result, accuracy of detecting the obfuscated malicious code is enhanced.
Keywords :
flow graphs; invasive software; safety-critical software; symbol manipulation; behavior connection; code obfuscation counter technology; control flow graph; critical code hiding; critical code programming; malicious code detection; malicious code extraction; obfuscated malicious code detecting method; program logic; stain diffusion; symbolic execution; Engines; Feature extraction; Flow graphs; Interference; Monitoring; Process control; Registers; Analysis of malicious code; detection of malicious code; stain diffusion;
Conference_Titel :
Cloud Computing and Intelligence Systems (CCIS), 2014 IEEE 3rd International Conference on
Print_ISBN :
978-1-4799-4720-1
DOI :
10.1109/CCIS.2014.7175735
