基于谓词时序逻辑的恶意代码行为描述及检测

计算机科学 ›› 2013, Vol. 40 ›› Issue (9): 116-119.

基于谓词时序逻辑的恶意代码行为描述及检测

金然,范荣荣,顾小琪

江南计算技术研究所无锡214083;江南计算技术研究所无锡214083;江南计算技术研究所无锡214083

出版日期:2018-11-16 发布日期:2018-11-16

Predicate Temporal Logic Based Description and Detection of Malware Behavior

JIN Ran,FAN Rong-rong and GU Xiao-qi

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 基于行为的判别已成为恶意代码检测技术研究的主流方向,现有方法容易受到拟态攻击或影子攻击的影响。针对这些问题,提出了一种全新的使用谓词时序逻辑描述恶意代码行为的方法,该方法能够同时刻画一组函数调用之间的逻辑组合、时序、参数依赖和主客体关联等关系,因此能更准确细致地描述恶意代码行为。在此基础上,提出了相应的恶意行为检测算法,通过实例测试验证了该方法的有效性。

关键词: 行为,逻辑,恶意代码中图法分类号TP393.08文献标识码A

Abstract: The behavior based security has become main-stream in the research of malware detection techniques．Although there have been some behavior based malware detection methods introduced in public papers,they are prone to suffer from mimicry attack or shadow attack．Towards these problems,a novel technique using predicate temporal logic to describe malware behavior was proposed in this paper．A variety of relations among system function calls,such as logic combination,precedence,parameter decencies and subject-object associations,can be depicted by one logic formula,therefore our method can describe malware behavior more subtlety and accurately．An algorithm of detecting malware behavior based on the logic was given and its feasibility was justified through real example test.

Key words: Behavior,Logic,Malware

金然,范荣荣,顾小琪. 基于谓词时序逻辑的恶意代码行为描述及检测[J]. 计算机科学, 2013, 40(9): 116-119. https://doi.org/

JIN Ran,FAN Rong-rong and GU Xiao-qi. Predicate Temporal Logic Based Description and Detection of Malware Behavior[J]. Computer Science, 2013, 40(9): 116-119. https://doi.org/

参考文献

[1] Idike N,Mathur A P．A Survey of Malware Detection Techniques[R]．Technical Report．Purdue University,2007
[2] Geer D．Behavior-Based Network Security Goes Mainstream[J].Computer,2006,39(3):14-17
[3] Canali D,Lanzi A,Balzarotti B,et al.A Quantitative Study of Accuracy in System Call-Based Malware Detection[C]∥Proceedings of the the International Symposium on Software Testing and Analysis．2012
[4] Sami A,Rahimi H,Yadegari B,et al．Malware Detection Based on Mining API Calls[C]∥ACM Symposium on Applied Computing．2010
[5] Alazab M,Venkatraman S,Watters P．Malware Detection Based on Structural and Behavioural Features of API Calls[C]∥1st International Cyber Resilience Conference．Edith Cowan University,Perth Western Australia,2010
[6] 李鹏,王汝传,高德华．基于模糊识别和支持向量机的联合Rootkit动态检测技术研究[J]．电子学报,2012,40(1):115-120
[7] Parampalli C,Sekar R,Johnson R．A Practical Mimicry Attack Against Powerful System-Call Monitors[C]∥ACM Symposium on Information,Computer and Communications Security(Asia-CCS)．Japan,2008:156-167
[8] Kolbitsch C,Comparetti P M,Kruegel C,et al．Effective and Efficient Malware Detection at the End Host[C]∥Proceedings of 18th USENIX Security Symposium．2009
[9] Martignoni L,Stinson E,Fredrikson M,et al．A Layered Architecture for Detecting Malicious Behaviors[C]∥Proceedings of the 11th international Symposium on Recent Advances in intrusion Detection．2008
[10] Ma W,Duan P,Liu S,et al.Shadow Attacks:Automatically Evading System-Call-Behavior Based Malware Detection Based Malware Detection[J]．Journal in Computer Virology,2012,8(1/2):1-13
[11] Harbour N．Stealth Secrets of the Malware Ninjas[EB/OL]．https://www.blackhat.com/ presentations/bh-usa-07/Harbour/Presentation/bh-usa-07-harbour.pdf,2012-09-20
[12] 杨彦,黄浩．基于攻击树的木马监测方法[J]．计算机工程与设计,2008,29(11):2711-2714

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed