JP6778761B2 - ハイブリッドプログラムバイナリ特徴の抽出及び比較 - Google Patents

ハイブリッドプログラムバイナリ特徴の抽出及び比較 Download PDF

Info

Publication number
JP6778761B2
JP6778761B2 JP2018552688A JP2018552688A JP6778761B2 JP 6778761 B2 JP6778761 B2 JP 6778761B2 JP 2018552688 A JP2018552688 A JP 2018552688A JP 2018552688 A JP2018552688 A JP 2018552688A JP 6778761 B2 JP6778761 B2 JP 6778761B2
Authority
JP
Japan
Prior art keywords
hybrid
binary
program
feature
features
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2018552688A
Other languages
English (en)
Japanese (ja)
Other versions
JP2019514119A (ja
JP2019514119A5 (https=
Inventor
ジュンワン リー、
ジュンワン リー、
ジチュン リ、
ジチュン リ、
ジェンユ ウ、
ジェンユ ウ、
カンクック ジー、
カンクック ジー、
グオフェイ ジアン、
グオフェイ ジアン、
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Laboratories America Inc
Original Assignee
NEC Laboratories America Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Laboratories America Inc filed Critical NEC Laboratories America Inc
Publication of JP2019514119A publication Critical patent/JP2019514119A/ja
Publication of JP2019514119A5 publication Critical patent/JP2019514119A5/ja
Application granted granted Critical
Publication of JP6778761B2 publication Critical patent/JP6778761B2/ja
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Prevention of errors by analysis, debugging or testing of software
    • G06F11/3668Testing of software
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Prevention of errors by analysis, debugging or testing of software
    • G06F11/3668Testing of software
    • G06F11/3672Test management
    • G06F11/3692Test management for test results analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Stored Programmes (AREA)
JP2018552688A 2016-04-06 2017-04-06 ハイブリッドプログラムバイナリ特徴の抽出及び比較 Expired - Fee Related JP6778761B2 (ja)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201662318844P 2016-04-06 2016-04-06
US62/318,844 2016-04-06
US15/479,928 2017-04-05
US15/479,928 US10289843B2 (en) 2016-04-06 2017-04-05 Extraction and comparison of hybrid program binary features
PCT/US2017/026359 WO2017177003A1 (en) 2016-04-06 2017-04-06 Extraction and comparison of hybrid program binary features

Publications (3)

Publication Number Publication Date
JP2019514119A JP2019514119A (ja) 2019-05-30
JP2019514119A5 JP2019514119A5 (https=) 2020-03-19
JP6778761B2 true JP6778761B2 (ja) 2020-11-04

Family

ID=59998743

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2018552688A Expired - Fee Related JP6778761B2 (ja) 2016-04-06 2017-04-06 ハイブリッドプログラムバイナリ特徴の抽出及び比較

Country Status (3)

Country Link
US (1) US10289843B2 (https=)
JP (1) JP6778761B2 (https=)
WO (1) WO2017177003A1 (https=)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11609998B2 (en) * 2017-06-14 2023-03-21 Nippon Telegraph And Telephone Corporation Device, method, and computer program for supporting specification
US10346293B2 (en) * 2017-10-04 2019-07-09 International Business Machines Corporation Testing pre and post system call exits
CN109299609A (zh) * 2018-08-08 2019-02-01 北京奇虎科技有限公司 一种elf文件检测方法及装置
CN111723373A (zh) * 2019-03-19 2020-09-29 国家计算机网络与信息安全管理中心 复合式二进制文档的漏洞利用文件检测方法及装置
CN110852235A (zh) * 2019-11-05 2020-02-28 长安大学 一种图像特征提取方法
CN113378162B (zh) * 2020-02-25 2023-11-07 深信服科技股份有限公司 可执行和可链接格式文件的检验方法、装置及存储介质
US11294804B2 (en) * 2020-03-23 2022-04-05 International Business Machines Corporation Test case failure with root cause isolation
CN113254934B (zh) * 2021-06-29 2021-09-24 湖南大学 基于图匹配网络的二进制代码相似性检测方法及系统
CN115658646B (zh) * 2022-09-28 2025-11-14 中国信息通信研究院 一种二进制特征数据库构建方法及装置
CN117910043B (zh) * 2024-01-18 2024-12-10 北京信息科技大学 电子文档信息隐藏深度挖掘方法、系统和装置

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6775780B1 (en) 2000-03-16 2004-08-10 Networks Associates Technology, Inc. Detecting malicious software by analyzing patterns of system calls generated during emulation
US7752667B2 (en) 2004-12-28 2010-07-06 Lenovo (Singapore) Pte Ltd. Rapid virus scan using file signature created during file write
US20070239993A1 (en) 2006-03-17 2007-10-11 The Trustees Of The University Of Pennsylvania System and method for comparing similarity of computer programs
JP2010198565A (ja) * 2009-02-27 2010-09-09 Hitachi Ltd 不正プログラム検知方法、不正プログラム検知プログラム、および情報処理装置
US8621233B1 (en) * 2010-01-13 2013-12-31 Symantec Corporation Malware detection using file names
US8516446B2 (en) * 2010-05-21 2013-08-20 Apple Inc. Automated qualification of a binary application program
US8463797B2 (en) * 2010-07-20 2013-06-11 Barracuda Networks Inc. Method for measuring similarity of diverse binary objects comprising bit patterns
JP5569935B2 (ja) * 2010-07-23 2014-08-13 日本電信電話株式会社 ソフトウェア検出方法及び装置及びプログラム
KR101162051B1 (ko) * 2010-12-21 2012-07-03 한국인터넷진흥원 문자열 비교 기법을 이용한 악성코드 탐지 및 분류 시스템 및 그 방법
JP5667957B2 (ja) * 2011-09-30 2015-02-12 Kddi株式会社 マルウェア検知装置およびプログラム
US8584235B2 (en) * 2011-11-02 2013-11-12 Bitdefender IPR Management Ltd. Fuzzy whitelisting anti-malware systems and methods
US9215245B1 (en) * 2011-11-10 2015-12-15 Google Inc. Exploration system and method for analyzing behavior of binary executable programs
US9223554B1 (en) * 2012-04-12 2015-12-29 SourceDNA, Inc. Recovering source code structure from program binaries
US9021589B2 (en) * 2012-06-05 2015-04-28 Los Alamos National Security, Llc Integrating multiple data sources for malware classification
CN105793864A (zh) * 2013-12-27 2016-07-20 迈克菲股份有限公司 检测恶意多媒体文件的系统和方法
US9197665B1 (en) * 2014-10-31 2015-11-24 Cyberpoint International Llc Similarity search and malware prioritization

Also Published As

Publication number Publication date
JP2019514119A (ja) 2019-05-30
US10289843B2 (en) 2019-05-14
US20170293761A1 (en) 2017-10-12
WO2017177003A1 (en) 2017-10-12

Similar Documents

Publication Publication Date Title
JP6778761B2 (ja) ハイブリッドプログラムバイナリ特徴の抽出及び比較
Kirat et al. Malgene: Automatic extraction of malware analysis evasion signature
Sharif et al. Eureka: A framework for enabling static malware analysis
Carmony et al. Extract Me If You Can: Abusing PDF Parsers in Malware Detectors.
Cesare et al. Classification of malware using structured control flow
US20200311271A1 (en) Method of malware detection and system thereof
Yang et al. Appspear: Bytecode decrypting and dex reassembling for packed android malware
US9876812B1 (en) Automatic malware signature extraction from runtime information
TWI553503B (zh) 產生候選鈎點以偵測惡意程式之方法及其系統
Sun et al. Detecting code reuse in android applications using component-based control flow graph
US10534914B2 (en) Vulnerability finding device, vulnerability finding method, and vulnerability finding program
US11475133B2 (en) Method for machine learning of malicious code detecting model and method for detecting malicious code using the same
Ghiasi et al. Dynamic VSA: a framework for malware detection based on register contents
CN110414239B (zh) 一种软件供应链安全分析方法及装置
EP3200115A1 (en) Specification device, specification method, and specification program
US20090313700A1 (en) Method and system for generating malware definitions using a comparison of normalized assembly code
US20120240231A1 (en) Apparatus and method for detecting malicious code, malicious code visualization device and malicious code determination device
Zhang et al. BDA: practical dependence analysis for binary executables by unbiased whole-program path sampling and per-path abstract interpretation
US9916448B1 (en) Detection of malicious mobile apps
CN102622536A (zh) 一种恶意代码捕获方法
CN115146282A (zh) 基于ast的源代码异常检测方法及其装置
CN104933364B (zh) 一种基于调用行为的恶意代码自动化同源判定方法及系统
CN107292168A (zh) 检测程序代码的方法及装置、服务器
Karbalaie et al. Semantic malware detection by deploying graph mining
Mimura Impact of benign sample size on binary classification accuracy

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20181120

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20190930

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20191029

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20200129

A524 Written submission of copy of amendment under article 19 pct

Free format text: JAPANESE INTERMEDIATE CODE: A524

Effective date: 20200129

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20200728

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20200902

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20200915

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20201012

R150 Certificate of patent or registration of utility model

Ref document number: 6778761

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

LAPS Cancellation because of no payment of annual fees