Software Backdoor Analysis Based on Sensitive Flow Tracking and Concolic Execution  被引量：3

作　　者：XU Xin WANG Jiajie CHENG Shaoyin ZHANG Tao JIANG Fan 

机构地区：[1]School of Computer Science and Technology, University of Science and Technology of China, Hefei 230027, Anhui, China [2]China Information Technology Security Evaluation Center, Beijing 100085, China [3]Anhui Province Key Lab of Software in Computing and Communication, Hefei 230026, Anhui, China

出　　处：《Wuhan University Journal of Natural Sciences》2016年第5期421-427,共7页武汉大学学报（自然科学英文版）

基　　金：Supported in part by the National Natural Science Foundation of China(61272493);the Specialized Research Fund for the Doctoral Program of Higher Education of China(20113402120026);Oversea Academic Training Funds of University of Science and Technology of China

摘　　要：In order to effectively detect and analyze the backdoors this paper introduces a method named Backdoor Analysis based on Sensitive flow tracking and Concolic Execution（BASEC）.BASEC uses sensitive flow tracking to effectively discover backdoor behaviors, such as stealing secret information and injecting evil data into system, with less false negatives. With concolic execution on predetermined path, the backdoor trigger condition can be extracted and analyzed to achieve high accuracy. BASEC has been implemented and experimented on several software backdoor samples widespread on the Internet, and over 90% of them can be detected. Compared with behavior-based and system-call-based detection methods, BASEC relies less on the historical sample collections, and is more effective in detecting software backdoors, especially those injected into software by modifying and recompiling source codes.In order to effectively detect and analyze the backdoors this paper introduces a method named Backdoor Analysis based on Sensitive flow tracking and Concolic Execution（BASEC）.BASEC uses sensitive flow tracking to effectively discover backdoor behaviors, such as stealing secret information and injecting evil data into system, with less false negatives. With concolic execution on predetermined path, the backdoor trigger condition can be extracted and analyzed to achieve high accuracy. BASEC has been implemented and experimented on several software backdoor samples widespread on the Internet, and over 90% of them can be detected. Compared with behavior-based and system-call-based detection methods, BASEC relies less on the historical sample collections, and is more effective in detecting software backdoors, especially those injected into software by modifying and recompiling source codes.

关 键 词：software backdoor detection data flow tracking concolic execution malware detection 

分 类 号：TP311.56[自动化与计算机技术—计算机软件与理论] TP309.5[自动化与计算机技术—计算机科学与技术]