AMCAS: An Automatic Malicious Code Analysis System

Author

Zhang, Jia ; Guan, Yuntao ; Jiang, Xiaoxin ; Duan, Haixin ; Wu, Jianping

Author_Institution

Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing

fYear

2008

fDate

20-22 July 2008

Firstpage

501

Lastpage

507

Abstract

With the development of malicious code technology, the number of malicious code has continued to increase. So it is imperative to optimize the traditional manual analysis method by automatic malicious code analysis system. This paper presents AMCAS - an automatic malicious code analysis system. It includes malicious code static analyzer, dynamic analyzer and network behavior analyzer. Compared with some existing automatic analysis systems, this system integrates the advantages of static and dynamic analysis, and imports network behavior analysis. Static analyzer can get the unpacked binary code and CallGraph; dynamic analyzer can get the host behavior of malicious code and network behavior analyzer can get the malicious network behavior profile. Experiment shows that this system can get malicious code information efficiently.

Keywords

security of data; AMCAS; CallGraph; automatic malicious code analysis system; binary code; dynamic analyzer; malicious code static analyzer; network behavior analyzer; Binary codes; Computer science; Computer worms; Information analysis; Information management; Invasive software; Microcomputers; Optimization methods; Pattern analysis; Viruses (medical);

fLanguage

English

Publisher

ieee

Conference_Titel

Web-Age Information Management, 2008. WAIM '08. The Ninth International Conference on

Conference_Location

Zhangjiajie Hunan

Print_ISBN

978-0-7695-3185-4

Electronic_ISBN

978-0-7695-3185-4

Type

conf

DOI

10.1109/WAIM.2008.44

Filename

4597057