|
|
![]() |
|
當前位置:首頁 >
優秀論文
|
|
|
基于數據結構隨機化的多態技術的研究 |
|
| 作者:陳惠羽 茅 兵 謝 立 |
| 來源:本站原創 |
| 更新時間:2012/5/10 10:47:00 |
| 正文: |
(南京大學計算機科學與技術系南京 210093)
摘 要: 惡意程序常常使用一些多態或變形技術來抵制逆向工程和一些反病毒軟件�����。然而���,近年來基于結構體信息的惡意軟件簽名技術使得傳統的多態或變形技術逐漸失效�����。本文����,我們從目標可執行文件的入手����,從二進制的角度分析出其中的數據結構并對這些數據結構進行隨機化��。我們的這個工具簡單靈活����,甚至可以作為惡意程序的一部分來工作�����。實驗結果表明���,該工具僅需要很少的額外性能損耗即能獲得顯著的數據結構多樣性����。
關鍵詞: 惡意程序���,數據結構�,隨機化
A Metamorphic Tool for Data Structure Obfuscation
Chen Huiyu1+, Mao Bing2, Xie Li3
(Department of Computer Science and Technology, Nanjing University,
Nanjing 210093, China)
【Abstract】Metamorphism and polymorphism are often applied on some malwares to protect their programs against reverse engineering or detected by some anti virus products. However, data structure information based malware signatures invalidate traditional metamorphic technologies. In this paper, we propose a metamorphism tool, which obfuscates data structure in binary code level. This obfuscation technology is more flexible compared to the previous randomizations. Preliminary experimental results show that our tool could obfuscate data structure remarkably with little performance overhead.
【Key words】malware, data structure, obfuscation
參考文獻
[1] A. Cozzie, Frank Stratton, Hui Xue, and Samuel T. King. Digging for data structures. In Richard Draves and Robbert van Renesse, editors, OSDI. USENIX Association, 2008.
[2] P.Szor. The Art of Computer Virus Research and Defense. 2005.
[3] M. Christodorescu and S. Jha. Testing malware detectors. In Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis 2004 (ISSTA’04), pages 34–44, Boston, MA, USA, July 2004. ACM Press.
[4] M. Christodorescu, Somesh Jha, Sanjit A. Seshia, Dawn Song, and Randal E. Bryant. Semantics-aware malware detection. In SP '05: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 32-46, Washington, DC, USA, 2005. IEEE Computer Society.
[5] Anubis: Analyzing unknown binaries. 2009.
[6] Cwsandbox. 2009.
[7] Z. Lin, Ryan D. Riley, and Dongyan Xu. Polymorphing Software by Randomizing Data Structure Layout. In Proceedings of the 6th SIG SIDAR Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA'09), Milan, Italy, July 2009.
[8] Zhi Xin, Huiyu Chen, Hao Han, Bing Mao, Li Xie: Misleading Malware Similarities Analysis by Automatic Data Structure Obfuscation. ISC 2010: 181-195.
[9] Sandeep Bhatkar, Daniel C. Duvarney, and R. Sekar. Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105-120, 2003.
[10] Gogul Balakrishnan, Thomas W. Reps: WYSINWYX: What you see is not what you eXecute. ACM Trans. Program. Lang. Syst. 32(6): (2010).
[11] z0mbie. http://z0mbie.daemonlab.org/ade32
[12] Monirul I. Sharif, Andrea Lanzi, Jonathon T. Giffn, and Wenke Lee. Impeding malware analysis using conditional code obfuscation. In NDSS. The Internet Society, 2008.
[13] Davide Balzarotti, Marco Cova, Christoph Karlberger, Engin Kirda, Christopher Kruegel, Giovanni Vigna: Efficient Detection of Split Personalities in Malware. NDSS 2010
|
|
|
|
|
