CN104933359A - 一种恶意软件的多执行路径构造方法 - Google Patents
一种恶意软件的多执行路径构造方法 Download PDFInfo
- Publication number
- CN104933359A CN104933359A CN201510256382.9A CN201510256382A CN104933359A CN 104933359 A CN104933359 A CN 104933359A CN 201510256382 A CN201510256382 A CN 201510256382A CN 104933359 A CN104933359 A CN 104933359A
- Authority
- CN
- China
- Prior art keywords
- target program
- instruction
- program
- snapshot
- label
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000010276 construction Methods 0.000 title abstract description 12
- 238000000034 method Methods 0.000 claims description 73
- 230000006870 function Effects 0.000 claims description 62
- 238000004458 analytical method Methods 0.000 claims description 60
- 230000008569 process Effects 0.000 claims description 49
- 238000012545 processing Methods 0.000 claims description 9
- 238000012544 monitoring process Methods 0.000 claims description 7
- 238000012217 deletion Methods 0.000 claims 1
- 230000037430 deletion Effects 0.000 claims 1
- 238000012546 transfer Methods 0.000 abstract description 16
- 230000006399 behavior Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 4
- 241000700605 Viruses Species 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 3
- 230000008676 import Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 241000283086 Equidae Species 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000002715 modification method Methods 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Debugging And Monitoring (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
Description
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510256382.9A CN104933359B (zh) | 2015-05-19 | 2015-05-19 | 一种恶意软件的多执行路径构造方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510256382.9A CN104933359B (zh) | 2015-05-19 | 2015-05-19 | 一种恶意软件的多执行路径构造方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104933359A true CN104933359A (zh) | 2015-09-23 |
CN104933359B CN104933359B (zh) | 2018-04-24 |
Family
ID=54120522
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510256382.9A Expired - Fee Related CN104933359B (zh) | 2015-05-19 | 2015-05-19 | 一种恶意软件的多执行路径构造方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104933359B (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105808981A (zh) * | 2016-03-10 | 2016-07-27 | 西北大学 | 反污点分析软件保护方法 |
CN107194252A (zh) * | 2017-05-09 | 2017-09-22 | 华中科技大学 | 一种完全上下文敏感的程序控制流完整性保护方法和系统 |
CN111143853A (zh) * | 2019-12-25 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | 一种应用安全的评估方法和装置 |
CN111291371A (zh) * | 2020-01-10 | 2020-06-16 | 北京深之度科技有限公司 | 一种应用程序安全验证方法及装置 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070240215A1 (en) * | 2006-03-28 | 2007-10-11 | Blue Coat Systems, Inc. | Method and system for tracking access to application data and preventing data exploitation by malicious programs |
CN102073825A (zh) * | 2011-01-28 | 2011-05-25 | 李清宝 | 基于路径驱动的可执行程序安全性检测方法及系统 |
CN103810427A (zh) * | 2014-02-20 | 2014-05-21 | 中国科学院信息工程研究所 | 一种恶意代码隐藏行为挖掘方法及系统 |
US20150058984A1 (en) * | 2013-08-23 | 2015-02-26 | Nation Chiao Tung University | Computer-implemented method for distilling a malware program in a system |
-
2015
- 2015-05-19 CN CN201510256382.9A patent/CN104933359B/zh not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070240215A1 (en) * | 2006-03-28 | 2007-10-11 | Blue Coat Systems, Inc. | Method and system for tracking access to application data and preventing data exploitation by malicious programs |
CN102073825A (zh) * | 2011-01-28 | 2011-05-25 | 李清宝 | 基于路径驱动的可执行程序安全性检测方法及系统 |
US20150058984A1 (en) * | 2013-08-23 | 2015-02-26 | Nation Chiao Tung University | Computer-implemented method for distilling a malware program in a system |
CN103810427A (zh) * | 2014-02-20 | 2014-05-21 | 中国科学院信息工程研究所 | 一种恶意代码隐藏行为挖掘方法及系统 |
Non-Patent Citations (3)
Title |
---|
ANDREAS MOSER .ETL: ""Exploring Multiple Execution Paths for Malware Analysis"", 《SECURITY AND PRIVACY》 * |
王祥根: ""基于代码覆盖的恶意代码多路径分析方法"", 《电子学报》 * |
王蕊 等: ""一种抗混淆的恶意代码变种识别系统"", 《电子学报》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105808981A (zh) * | 2016-03-10 | 2016-07-27 | 西北大学 | 反污点分析软件保护方法 |
CN105808981B (zh) * | 2016-03-10 | 2018-06-19 | 西北大学 | 反污点分析软件保护方法 |
CN107194252A (zh) * | 2017-05-09 | 2017-09-22 | 华中科技大学 | 一种完全上下文敏感的程序控制流完整性保护方法和系统 |
CN107194252B (zh) * | 2017-05-09 | 2019-11-22 | 华中科技大学 | 一种完全上下文敏感的程序控制流完整性保护方法和系统 |
CN111143853A (zh) * | 2019-12-25 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | 一种应用安全的评估方法和装置 |
CN111143853B (zh) * | 2019-12-25 | 2023-03-07 | 支付宝(杭州)信息技术有限公司 | 一种应用安全的评估方法和装置 |
CN111291371A (zh) * | 2020-01-10 | 2020-06-16 | 北京深之度科技有限公司 | 一种应用程序安全验证方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN104933359B (zh) | 2018-04-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11562071B2 (en) | Detecting malware via scanning for dynamically generated function pointers in memory | |
EP3200115B1 (en) | Specification device, specification method, and specification program | |
CA2856268C (en) | Methods of detection of software exploitation | |
KR101519845B1 (ko) | 안티디버깅 방법 | |
US20160300063A1 (en) | Software vulnerabilities detection system and methods | |
US20150213260A1 (en) | Device and method for detecting vulnerability attack in program | |
JP6122562B2 (ja) | 特定装置、特定方法および特定プログラム | |
US8819644B2 (en) | Selective data flow analysis of bounded regions of computer software applications | |
US10691798B2 (en) | Analysis device, analysis method, and analysis program | |
CN104933359B (zh) | 一种恶意软件的多执行路径构造方法 | |
CN106372507A (zh) | 恶意文档的检测方法及装置 | |
US20240386092A1 (en) | Early exit dynamic analysis of a virtual machine | |
US10275596B1 (en) | Activating malicious actions within electronic documents | |
US10893090B2 (en) | Monitoring a process on an IoT device | |
US10521588B1 (en) | Dynamic analysis of malware that has evasion code | |
JP6817454B2 (ja) | コールスタック取得装置、コールスタック取得方法およびコールスタック取得プログラム | |
CN113852623B (zh) | 一种病毒工控行为检测方法及装置 | |
JP7568129B2 (ja) | 解析機能付与方法、解析機能付与装置及び解析機能付与プログラム | |
KR20110057297A (ko) | 악성 봇 동적 분석 시스템 및 방법 | |
KR101842263B1 (ko) | 어플리케이션에 대한 역공학 차단 방법 및 장치 | |
CN106372508B (zh) | 恶意文档的处理方法及装置 | |
CN111382416B (zh) | 应用程序的运行识别方法、装置,终端设备及存储介质 | |
CN116861418B (zh) | 面向32位Windows沙盒的渗透测试方法、装置、设备及存储介质 | |
Lee et al. | Appwrapping providing fine-grained security policy enforcement per method unit in Android | |
WO2019231000A1 (ko) | 프로그램 보호를 위한 자바 디버거 차단 방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information |
Inventor after: Xiao Yun Inventor after: Zhang Heng Inventor after: Lv Liudong Inventor after: Chen Feng Inventor after: Wang Lei Inventor after: Tang Zhanyong Inventor after: Zhang Jie Inventor after: Wang Hua Inventor after: Li Guanghui Inventor after: Fang Dingyi Inventor after: Chen Xiaojiang Inventor after: Ye Guixin Inventor before: Wang Lei Inventor before: Lv Liudong Inventor before: Chen Feng Inventor before: Tang Zhanyong Inventor before: Zhang Jie Inventor before: Wang Hua Inventor before: Li Guanghui Inventor before: Fang Dingyi Inventor before: Chen Xiaojiang Inventor before: Ye Guixin Inventor before: Zhang Heng |
|
CB03 | Change of inventor or designer information | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180424 Termination date: 20200519 |
|
CF01 | Termination of patent right due to non-payment of annual fee |