- Inicio
- Atrás
|
Título: |
An Approach to Detect Malicious Behaviors by Evading Stalling Code |
Autores: |
You, Chao; National Digital Switching System Engineering & Technology Research Center Pang, Jianmin; National Digital Switching System Engineering & Technology Research Center Zhang, Yichi; National Digital Switching System Engineering & Technology Research Center Dai, Chao; National Digital Switching System Engineering & Technology Research Center Liu, Xiaonan; National Digital Switching System Engineering & Technology Research Center |
Fecha: |
2012-11-01 |
Publicador: |
TELKOMNIKA: Indonesian journal of electrical engineering |
Fuente: |
|
Tipo: |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion |
Tema: |
No aplica |
Descripción: |
Since malwares contain stalling codes, malicious behaviors can’t be detected in emulated analysis environment. This paper proposes an approach to detect malicious behaviors by evade stalling codes. First, we executed a malware in the emulated analysis environment, and saved every executed instruction in a trace file; Second, we began to detect stalling codes with the trace file, and constructed stalling code evasive points; At last, we executed the malware again and evade stalling codes with the evasive points, and then the malicious behaviors detected. It has been proven by experiments that the approach can evade stalling codes to detect the later malware behaviors effectively, and improve the performance of detecting the malicious behaviors in the emulated analysis environment. |
Idioma: |
Inglés |