Communication Protocol Reverse Engineering of Malware Using Dynamic Taint Analysis

LIU Yu; WANG Ming-hua; SU Pu-rui; FENG Deng-Guo

doi:10.3969/j.issn.0372-2112.2012.04.007

您当前的位置：

首页 >

文章列表页 >

Communication Protocol Reverse Engineering of Malware Using Dynamic Taint Analysis

更新时间：2025-07-16

- Communication Protocol Reverse Engineering of Malware Using Dynamic Taint Analysis
- Acta Electronica Sinica Vol. 40, Issue 4, Pages: 661-668(2012)
- 作者机构：
  
  中国科学院软件研究所,信息安全国家重点实验室,北京,100190
- 作者简介：
- 基金信息：
- DOI：10.3969/j.issn.0372-2112.2012.04.007
  CLC： TP302.7
- Published：2012
- 稿件说明：
移动端阅览
LIU Yu, WANG Ming-hua, SU Pu-rui, et al. Communication Protocol Reverse Engineering of Malware Using Dynamic Taint Analysis[J]. Acta Electronica Sinica, 2012, 40(4): 661-668.
DOI：

LIU Yu, WANG Ming-hua, SU Pu-rui, et al. Communication Protocol Reverse Engineering of Malware Using Dynamic Taint Analysis[J]. Acta Electronica Sinica, 2012, 40(4): 661-668. DOI： 10.3969/j.issn.0372-2112.2012.04.007.

摘要

对恶意代码通信协议的逆向分析是多种网络安全应用的重要基础.针对现有方法在协议语法结构划分的完整性和准确性方面存在不足

对协议字段的语义理解尤为薄弱

提出了一种基于动态污点分析的协议逆向分析方法

通过构建恶意进程指令级和函数级行为的扩展污点传播流图(Extended Taint Propagation Graph

ETPG)

完成对协议数据的语法划分和语义理解.通过实现原型系统并使用恶意代码样本进行测试

结果表明本方法可以实现有效的语法和语义分析

具有较高的准确性和可靠性.

Abstract

Communication protocol reverse engineering of malwares is significant base for various network security applications.However

recent works have limited accuracy and integrity in identifying protocol fields and are especially weak in understanding fields' semantics.This paper proposed a method for communication protocol reverse engineering based on dynamic taint analysis.By building an extended taint propagation graph (ETPG) recording both instruction and function level behaviors of a malicious process

dividing the protocol data into different syntax fields and inducing the semantic information of individual fields were achieved.A prototype system was implemented and evaluated with malware samples.The results show that this method can divide the syntax fields and extract semantic information accurately and effectively.

关键词

Keywords

references

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

A Malware Classification Method Based on MP-FSCIL

An Anti-obfuscation Malware Variants Identification System

P2P-Based Super Botnet:Threats and Defenses

An Automatic Malware Homology Identification Method Based on Calling Habits

Malware Visualization Methods Based on N-gram Features

Related Author

WANG Lei

LIU Qiang

WANG Jian

FENG Deng-guo

YANG Yi

SU Pu-rui

WANG Rui

SU Pu-rui

Related Institution

Air Traffic Control and Navigation School, Air Force Engineering University

Air Defense and Antimissile School, Air Force Engineering University

National Engineering Research Center for Information SecurityBeijing 100190China

State Key Laboratory of Information SecurityInstitute of SoftwareChinese Academy of SciencesBeijing 100190China

State Key Laboratory of Information SecurityGraduate University of Chinese Academy of SciencesBeijing 100049China

⁰