Indonesian Journal of Electrical Engineering and Computer Science
Vol 10, No 7: November 2012

An Approach to Detect Malicious Behaviors by Evading Stalling Code

Chao You (National Digital Switching System Engineering & Technology Research Center)
Jianmin Pang (National Digital Switching System Engineering & Technology Research Center)
Yichi Zhang (National Digital Switching System Engineering & Technology Research Center)
Chao Dai (National Digital Switching System Engineering & Technology Research Center)
Xiaonan Liu (National Digital Switching System Engineering & Technology Research Center)

Article Info

Publish Date
01 Nov 2012

Abstract

Since malwares contain stalling codes, malicious behaviors can’t be detected in emulated analysis environment. This paper proposes an approach to detect malicious behaviors by evade stalling codes. First, we executed a malware in the emulated analysis environment, and saved every executed instruction in a trace file; Second, we began to detect stalling codes with the trace file, and constructed stalling code evasive points; At last, we executed the malware again and evade stalling codes with the evasive points, and then the malicious behaviors detected. It has been proven by experiments that the approach can evade stalling codes to detect the later malware behaviors effectively, and improve the performance of detecting the malicious behaviors in the emulated analysis environment. DOI: http://dx.doi.org/10.11591/telkomnika.v10i7.1573

Copyrights © 2012




Citation Download
RIS
EndNote, Reference Manager, ProCite
BibTex
Latex, Jabref
Original Source
Download Original
Google Scholar
Check in Google Scholar
Journal Info
Indonesian Journal of Electrical Engineering and Computer Science
Website

Abbrev

IJEECS

Publisher

Institute of Advanced Engineering and Science

Subject

Description

...