Survey on malware anti-analysis

摘要

The anti-analysis technology of malware has always been the focus in the computer security field. Malware implements the self-protection by anti-static analysis and anti-dynamic analysis: anti-static analysis uses the method of packers and code obfuscation to disturb disassembly and the identification of control flow; anti-dynamic analysis detects system operating environment information to realize the anti-tracking for debugger and virtual machines. This paper in-depth analyzes and summarizes the principle of various technologies of anti-analysis methods used by malware, explores the advantages, disadvantages and applicability of these technologies, and provides some ideas and technical direction for the development of malware analysis techniques.