Title :
AMCAS: An Automatic Malicious Code Analysis System
Author :
Zhang, Jia ; Guan, Yuntao ; Jiang, Xiaoxin ; Duan, Haixin ; Wu, Jianping
Author_Institution :
Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing
Abstract :
With the development of malicious code technology, the number of malicious code has continued to increase. So it is imperative to optimize the traditional manual analysis method by automatic malicious code analysis system. This paper presents AMCAS - an automatic malicious code analysis system. It includes malicious code static analyzer, dynamic analyzer and network behavior analyzer. Compared with some existing automatic analysis systems, this system integrates the advantages of static and dynamic analysis, and imports network behavior analysis. Static analyzer can get the unpacked binary code and CallGraph; dynamic analyzer can get the host behavior of malicious code and network behavior analyzer can get the malicious network behavior profile. Experiment shows that this system can get malicious code information efficiently.
Keywords :
security of data; AMCAS; CallGraph; automatic malicious code analysis system; binary code; dynamic analyzer; malicious code static analyzer; network behavior analyzer; Binary codes; Computer science; Computer worms; Information analysis; Information management; Invasive software; Microcomputers; Optimization methods; Pattern analysis; Viruses (medical);
Conference_Titel :
Web-Age Information Management, 2008. WAIM '08. The Ninth International Conference on
Conference_Location :
Zhangjiajie Hunan
Print_ISBN :
978-0-7695-3185-4
Electronic_ISBN :
978-0-7695-3185-4
DOI :
10.1109/WAIM.2008.44
