Abstract | ||
---|---|---|
In this paper, we present a novel binary analysis method for malware which combines static and dynamic techniques. In the static phase, the target address of each indirect jump is resolved using backward analysis on static single assignment form of binary code. In the dynamic phase, those target addresses that are not statically resolved are recovered by way of emulation. The method is generic in the sense that it can reveal control flows of self-extracting/obfuscated code without requiring special assumptions on executables such as compliance with standard compiler models, which is requisite for the conventional methods of static binary analysis but does not hold for many malware samples. Case studies on real-world malware examples are presented to demonstrate the effectiveness of our method. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1007/978-3-642-16825-3_14 | IWSEC |
Keywords | Field | DocType |
real-world malware example,conventional method,static phase,binary code,dynamic phase,novel binary analysis method,generic binary analysis method,static single assignment form,static binary analysis,target address,malware sample | Indirect branch,Computer science,Computer security,Binary code,Compiler,Emulation,Obfuscation (software),Malware,Static single assignment form,Executable | Conference |
Volume | ISSN | Citations |
6434 | 0302-9743 | 5 |
PageRank | References | Authors |
0.44 | 16 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Tomonori Izumida | 1 | 15 | 2.28 |
Kokichi Futatsugi | 2 | 945 | 111.37 |
Akira Mori | 3 | 25 | 4.13 |