Title :
Search algorithm based on priority in semantic method for malicious code detection
Author :
Ke Wang ; Jiansheng Han ; Han Zhang
Author_Institution :
Coll. of Inf. Tech. Sci., Nankai Univ., Tianjin, China
Abstract :
This paper present a search algorithm based on priority to detect malicious behavior in the semantic method with respect to morph technology in computer viruses. For Win32 PE virus, use disassembly technologies to get the assembly code of the program, and then establish the program flow chart with help of the intermediate representation. Next, match the malicious behavior template with the program flow chart. Search algorithm based on priority is used to find def-use relationship for detecting malicious behavior. The experiment results show that the search algorithm is fast and effective for invalid code insertion, code transposition, and register reassignment and partially effective for instruction substitution.
Keywords :
computer viruses; Win32 PE virus; assembly code; code transposition; computer viruses; def-use relationship; disassembly technologies; instruction substitution; invalid code insertion; malicious behavior template; malicious code detection; morph technology; priority-based search algorithm; program flow chart; register reassignment; semantic method; metamorphism; priority; program semantics; win32 PE virus;
Conference_Titel :
Information and Network Security (ICINS 2013), 2013 International Conference on
Conference_Location :
Beijing
Electronic_ISBN :
978-1-84919-729-8
DOI :
10.1049/cp.2013.2448
