Research on a malicious code behavior acquisition method based on the Bochs virtual machine

被引：0

作者：

Liu, H. Y. ^{[1
]}

Cui, Y. J. ^{[1
]}

机构：

[1] Acad Armored Forces Engn, Dept Informat Engn, Beijing, Peoples R China

来源：

CIVIL, ARCHITECTURE AND ENVIRONMENTAL ENGINEERING, VOLS 1 AND 2 | 2017年

关键词：

D O I：

暂无

中图分类号：

X [环境科学、安全科学];

学科分类号：

08 ; 0830 ;

摘要：

Bochs is an open source IA-32 (x86) emulator written in C++ that simulates the entire PC platform, including CPU, I/O devices, memory, and BIOS. This paper presents a method to acquire the behavior of a malicious code based on the Bochs virtual machine. It intercepts the instruction stream and data stream information conditionally when a malicious code is running in Bochs by redesigning the Bochs system, and then it records and parses the intercepted information. It also gets the system call information by linear address analysis so as to provide the executed system calls of a malicious code for the following behavior analysis. Experiments show that this method can effectively acquire the behavior characteristics of malicious codes.

引用

页码：1309 / 1312

页数：4

共 50 条

[1] METHOD FOR DETECTING THE OBFUSCATED MALICIOUS CODE BASED ON BEHAVIOR CONNECTION
Li, Wenwu
Li, Chao
Duan, Miyi
[J]. 2014 IEEE 3RD INTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND INTELLIGENCE SYSTEMS (CCIS), 2014, : 234 - 240
[2] A Malicious Code Detection Method Based on Ensemble Learning of Behavior
Xu, Xiao-Bo
Zhang, Wen-Bo
He, Chao
Luo, Yi
[J]. Beijing Youdian Daxue Xuebao/Journal of Beijing University of Posts and Telecommunications, 2019, 42 (04): : 89 - 95
[3] Malicious code detection and prevention in virtual behavior mechanism
Li, Xiao-Yong
Zhou, Li-Tao
Shi, Yong
Guo, Yu
[J]. Guofang Keji Daxue Xuebao/Journal of National University of Defense Technology, 2010, 32 (01): : 101 - 106
[4] Research of Malicious Code Attack Effect Based on Synthetic Entropy Method
Li Peng
Wang Ruchuan
[J]. CHINESE JOURNAL OF ELECTRONICS, 2013, 22 (03) : 449 - 454
[5] Detecting malicious Java']Java code using virtual machine auditing
Soman, S
Krintz, C
Vigna, G
[J]. USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, 2003, : 153 - 167
[6] Research on Malicious Code Homology Analysis Method Based on Texture Fingerprint Clustering
Zhao, Xiaolin
Zhang, Yiman
Li, Xuhui
Chen, Quanbao
[J]. 2018 17TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (IEEE TRUSTCOM) / 12TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING (IEEE BIGDATASE), 2018, : 1914 - 1921
[7] Malicious Code Detection Model Based on Behavior Association
Lansheng Han
Mengxiao Qian
Xingbo Xu
Cai Fu
Hamza Kwisaba
[J]. Tsinghua Science and Technology, 2014, 19 (05) : 508 - 515
[8] Malicious Code Detection Model Based on Behavior Association
Han, Lansheng
Qian, Mengxiao
Xu, Xingbo
Fu, Cai
Kwisaba, Hamza
[J]. TSINGHUA SCIENCE AND TECHNOLOGY, 2014, 19 (05) : 508 - 515
[9] A Feature Extraction Method of Hybrid Gram for Malicious Behavior Based on Machine Learning
Zhao, Yuntao
Bo, Bo
Feng, Yongxin
Xu, ChunYu
Yu, Bo
[J]. SECURITY AND COMMUNICATION NETWORKS, 2019, 2019
[10] Malicious Code Classification Method Based on Deep Forest
Lu, Xi-Dong
Duan, Zhe-Min
Qian, Ye-Kui
Zhou, Wei
[J]. Ruan Jian Xue Bao/Journal of Software, 2020, 31 (05): : 1454 - 1464

← 1 2 3 4 5 →