《计算机应用研究》|Application Research of Computers

基于逻辑一致性判定的广义不透明谓词检测方法

Generalized opaque predicates detecting method based on logical consistency

免费全文下载 (已被下载 次)  
获取PDF全文
作者 史大伟,周季璇,徐良华
机构 江南计算技术研究所,江苏 无锡 214083
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2019)06-043-1808-05
DOI 10.19734/j.issn.1001-3695.2017.12.0824
摘要 不透明谓词是一类轻量级的代码混淆方法,能以单向的执行复杂度对抗程序的逆向分析。广义不透明谓词扩展狭义不透明谓词的值恒定属性至逻辑恒定属性,已经应用于部分恶意代码中以提升抗查杀能力。为消除不透明谓词对程序恶意性判定的影响,以广义不透明谓词后趋依赖的属性为依据,结合逻辑恒定判定,提出了基于逻辑一致性的广义不透明谓词检测方法。通过静态分析提取谓词前置条件约束、后趋逻辑约束和谓词判定表达式,以相交基本块搜寻初筛谓词,并依据约束求解方法判定广义不透明谓词。构造原型系统并进行测试,结果表明该方法能精准高效地检测出恶意代码中的不透明谓词。
关键词 不透明谓词; 约束求解; 执行逻辑; 后趋约束
基金项目 国家“863”计划资助项目(2012AA7111043)
国家自然科学基金资助项目(91318301)
本文URL http://www.arocmag.com/article/01-2019-06-043.html
英文标题 Generalized opaque predicates detecting method based on logical consistency
作者英文名 Shi Dawei, Zhou Jixuan, Xu Lianghua
机构英文名 Jiangnan Institute of Computing Technology,Wuxi Jiangsu 214083,China
英文摘要 Opaque predicate is a lightweight obfuscation method which holds partial observability and is to impede reverse engineering. Generalized opaque predicate extends the property of narrow opaque predicate by turning fixed value to fixed logic, and it is applied in malware. In order to eliminate the disturbance introduced by opaque predicates during malware identifying, this paper proposed a generalized opaque predicate detecting method based on the consistency of logic. This method depended on the reliance on constraint, and combined with the identification of consistency toward logic. This method extracted previous constraint of domain, back constraint of logic and expression of predicate. Then filtered candidates by applying search of intersecting basic blocks, and finally identified opaque predicates through constraint solving. It designed a prototype and the evalua-tion indicates that this method can identify opaque predicates from malware accurately and effectively.
英文关键词 opaque predicate; constraint solving; execution logic; post-constraint
参考文献 查看稿件参考文献
 
收稿日期 2017/12/26
修回日期 2018/2/27
页码 1808-1812
中图分类号 TP311
文献标志码 A