Search algorithm based on priority in semantic method for malicious code detection

Author

Ke Wang ; Jiansheng Han ; Han Zhang

Author_Institution

Coll. of Inf. Tech. Sci., Nankai Univ., Tianjin, China

fYear

2013

fDate

22-24 Nov. 2013

Firstpage

1

Lastpage

5

Abstract

This paper present a search algorithm based on priority to detect malicious behavior in the semantic method with respect to morph technology in computer viruses. For Win32 PE virus, use disassembly technologies to get the assembly code of the program, and then establish the program flow chart with help of the intermediate representation. Next, match the malicious behavior template with the program flow chart. Search algorithm based on priority is used to find def-use relationship for detecting malicious behavior. The experiment results show that the search algorithm is fast and effective for invalid code insertion, code transposition, and register reassignment and partially effective for instruction substitution.

Keywords

computer viruses; Win32 PE virus; assembly code; code transposition; computer viruses; def-use relationship; disassembly technologies; instruction substitution; invalid code insertion; malicious behavior template; malicious code detection; morph technology; priority-based search algorithm; program flow chart; register reassignment; semantic method; metamorphism; priority; program semantics; win32 PE virus;

fLanguage

English

Publisher

iet

Conference_Titel

Information and Network Security (ICINS 2013), 2013 International Conference on

Conference_Location

Beijing

Electronic_ISBN

978-1-84919-729-8

Type

conf

DOI

10.1049/cp.2013.2448

Filename

6825997