基于逻辑一致性判定的广义不透明谓词检测方法  被引量:1

Generalized opaque predicates detecting method based on logical consistency

在线阅读下载全文

作  者:史大伟[1] 周季璇 徐良华[1] Shi Dawei;Zhou Jixuan;Xu Lianghua(Jiangnan Institute of Computing Technology, Wuxi Jiangsu 214083, China)

机构地区:[1]江南计算技术研究所

出  处:《计算机应用研究》2019年第6期1808-1812,共5页Application Research of Computers

基  金:国家“863”计划资助项目(2012AA7111043);国家自然科学基金资助项目(91318301)

摘  要:不透明谓词是一类轻量级的代码混淆方法,能以单向的执行复杂度对抗程序的逆向分析。广义不透明谓词扩展狭义不透明谓词的值恒定属性至逻辑恒定属性,已经应用于部分恶意代码中以提升抗查杀能力。为消除不透明谓词对程序恶意性判定的影响,以广义不透明谓词后趋依赖的属性为依据,结合逻辑恒定判定,提出了基于逻辑一致性的广义不透明谓词检测方法。通过静态分析提取谓词前置条件约束、后趋逻辑约束和谓词判定表达式,以相交基本块搜寻初筛谓词,并依据约束求解方法判定广义不透明谓词。构造原型系统并进行测试,结果表明该方法能精准高效地检测出恶意代码中的不透明谓词。Opaque predicate is a lightweight obfuscation method which holds partial observability and is to impede reverse engineering. Generalized opaque predicate extends the property of narrow opaque predicate by turning fixed value to fixed logic, and it is applied in malware. In order to eliminate the disturbance introduced by opaque predicates during malware identifying, this paper proposed a generalized opaque predicate detecting method based on the consistency of logic. This method depended on the reliance on constraint, and combined with the identification of consistency toward logic. This method extracted previous constraint of domain, back constraint of logic and expression of predicate. Then filtered candidates by applying search of intersecting basic blocks, and finally identified opaque predicates through constraint solving. It designed a prototype and the evalua- tion indicates that this method can identify opaque predicates from malware accurately and effectively.

关 键 词:不透明谓词 约束求解 执行逻辑 后趋约束 

分 类 号:TP311[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象