Hybrid Method to Analyze Cryptography in Software

Author

Li Ji-Zhong ; Jiang Lie-Hui ; Yin Qing ; Xie Yao-Bin

Author_Institution

Inf. Sci. & Technol. Inst., Zhengzhou, China

fYear

2012

fDate

2-4 Nov. 2012

Firstpage

930

Lastpage

933

Abstract

Cryptography reversing of software has playing an important role in malware detecting and vulnerability mining recently. This paper has proposed a four-level cryptography reversing model which contains crypto algorithms recognition, crypto mechanism reversing, wrong/weak implement, vulnerability mining. Both dynamic and static analysis technology takes its shortage, for solving this problem, we have brought forward a hybrid method based on the assumption that static disassemble result is correct, and have studied the density of arithmetic and bit wise operation, crypto dynamic constants and entropy value of memory operation data to filter the cryptography primitives.

Keywords

cryptography; data mining; entropy; invasive software; program diagnostics; safety-critical software; arithmetic operation; bitwise operation; crypto algorithm recognition; crypto dynamic constants; crypto mechanism reversing; cryptography primitives filtering; dynamic analysis technology; entropy value; four-level cryptography reversing model; hybrid method; malware detection mining; malware vulnerability mining; memory operation data; security software; static analysis technology; Algorithm design and analysis; Encryption; Entropy; Heuristic algorithms; Software; Software algorithms; cryptography reversing model; dynamic constant; entropy value; hybrid analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Multimedia Information Networking and Security (MINES), 2012 Fourth International Conference on

Conference_Location

Nanjing

Print_ISBN

978-1-4673-3093-0

Type

conf

DOI

10.1109/MINES.2012.121

Filename

6405838