为提高恶意代码及其变种的检测效率和准确率,提出了一种动静态结合的基于敏感点覆盖的恶意代码检测分析方法。首先通过静态分析技术识别包含敏感恶意行为的敏感点及敏感路径,然后通过动态符号执行技术对敏感路径进行执行分析,提取能够表达恶意代码行为语义的系统函数调用图特征,最后采用特征图匹配的方法进行恶意代码的检测识别。实验表明,该方法能够有效提高恶意代码及其变种的分析效率和检测识别率。%In order to improve the detection efficiency and accuracy of the malicious code and the variant,this paper proposed a malicious code detection method based on covering sensitive points,using the dynamic and static analysis technology.First-ly,it used the static analysis technology to identify those sensitive points and sensitive paths that contained malicious or sensi-tive behaviors.Then it executed and analyzed these sensitive paths using the dynamic symbolic execution technology,and ex-tracted the feature of the system call graph which could express the behavior semantic of malicious codes.Finally,it detected and identified the family of the object code by matching the feature graph.The experiment shows that this method can improve the analysis efficiency and recognition rate of malicious codes and their variants.
展开▼
