Abstract :
To improve the efficiency of analyzing malware behaviors and increase the validity of the test data, this paper proposes a parallel target-directed analysis method for malware behaviors, which combines static analysis with concolic testing techniques. It first uses static analysis techniques to identify and locate those interactive or input points and sensitive behavior functions. Then based on the distributed platform, by combining symbolic execution and concrete dynamic execution together and taking malware sensitive behaviors as the leading target, the parallel target-directed algorithm of searching sensitive paths and the method of leading and approaching sensitive behaviors are designed. It leads to traverse the sensitive functions, obtain the sensitive paths which can reach the sensitive behavior areas by path backtracking, and generate the corresponding test data. Finally, it finishes the analysis and test of malware behaviors. Experiments show that, compared with fuzz and full paths covering and traversing technique, this method can generate test data more efficiently, reduce the number of paths to be analyzed, and improve the analysis speed and efficiency of malware behaviors.
Keywords :
invasive software; parallel algorithms; program diagnostics; program testing; concolic testing techniques; concrete dynamic execution; distributed platform; input points; interactive points; malware behavior efficiency analysis; malware behavior speed analysis; parallel target-directed algorithm; parallel target-directed analysis method; path backtracking; searching sensitive paths; sensitive behavior functions; static analysis techniques; symbolic execution; test data generation; test data validity; malware; parallel analysis; sensitive behavior function; sensitive path; symbolic execution; target-directed;
