Name
Abstract | ||
|---|---|---|
Network communication protocol reverse-engineering is important for malicious software analysis. Security analysts need to rewrite messages sent and received by malicious software according to the protocol to control the malware's malicious behaviors. To enable such rewriting, we need detailed information about the sent message by the malware program in target host in the network dialog. However, recent works on sent message extraction have limitations and the source code of malware program is usually not obtained. This paper proposes an analysis method to extract sent message format by processing executables. This paper obtains the reliable execution trace of malware program firstly, then gets the syntax structure of the send buffer of sent function combining the binary code analysis technique with the binary dynamic backward program slicing technique. Finally we exploit the dynamic taint analysis to extract the semantic information of different syntax fields. The experimental results show that our analysis framework can effectively analyze format information of malware's sent message. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1109/EIDWT.2013.71 | EIDWT |
Keywords | Field | DocType |
malware program firstly,extracting sent message formats,invasive software,malware program,malicious software analysis,analysis framework,reliable execution trace,binary dynamic backward program slicing technique,program slicing,malicious software,reverse engineering,dynamic program slicing,sent message format,message format,detailed information,dynamic taint analysis,network communication protocol,syntax structure,analysis method,binary code analysis technique,sent message extraction,sent message,reverse-engineering,source code,backward slicing,message extraction,semantic information | Program slicing,Cryptovirology,Message format,Source code,Computer science,Reverse engineering,Taint checking,Malware,Operating system,Executable | Conference |
ISBN | Citations | PageRank |
978-1-4799-2140-9 | 2 | 0.39 |
References | Authors | |
7 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Min Liu | 1 | 335 | 40.49 |
| Chunfu Jia | 2 | 602 | 45.16 |
| Lu Liu | 3 | 1501 | 170.70 |
| Zhi Wang | 4 | 142 | 24.61 |