|
JAIST Repository >
b. 情報科学研究科・情報科学系 >
b30. リサーチレポート >
Research Report - School of Information Science : ISSN 0918-7553 >
IS-RR-2014 >
このアイテムの引用には次の識別子を使用してください:
http://hdl.handle.net/10119/12136
|
| タイトル: | Pushdown Model Generation of Malware |
| 著者: | Nguyen, Minh Hai
Ogawa, Mizuhito
Quan, Thanh Tho |
| キーワード: | concolic testing
pushdown system
malware detection
binary code analysis
self-modifying code |
| 発行日: | 2014-06-24 |
| 出版者: | 北陸先端科学技術大学院大学情報科学研究科 |
| 誌名: | Research report (School of Information Science, Japan Advanced Institute of Science and Technology) |
| 巻: | IS-RR-2014-003 |
| 開始ページ: | 1 |
| 終了ページ: | 18 |
| 抄録: | Model checking software consists of two steps: model generation and model checking. A model is often generated statically by abstraction, and sometimes refined iteratively. However, model generation is not easy for malware, since malware is often distributed without source codes, but as binary executables. Worse, sophisticated malware tries to obfuscate its behavior, like self-modification, which dynamically modifies itself and destination of indirect jumps. This paper proposes a pushdown model generation of x86 binaries in an on-the-fly manner with concolic testing to decide the precise destinations of indirect jumps. A tool BE-PUM (Binary Emulation for Pushdown Model generation) is built on JakStab, and currently it covers 52 popular x86 instructions. Experiments are performed on 1700 malwares taken from malware database. Compared to JakStab and IDA Pro, two state-of-the-art tools in this field, BE-PUM shows better tracing ability, which sometimes shows significant differences. |
| URI: | http://hdl.handle.net/10119/12136 |
| 資料タイプ: | publisher |
| 出現コレクション: | IS-RR-2014
|
このアイテムのファイル:
| ファイル |
記述 |
サイズ | 形式 |
|---|
| IS-RR-2014-003.pdf | | 545Kb | Adobe PDF | 見る/開く |
|
当システムに保管されているアイテムはすべて著作権により保護されています。
|
