| With the fast development of Internet, network security is being paid more and more attention. In this field, the threat of malicious code is more and more serious, and new malicious codes emerge endlessly. Therefore, the research on analysis of malicious code is of great significance. Malicious code analysis mainly consists of two key technologies, namely behavior monitoring and behavioral analysis. Behavior monitoring is the basis of behavioral analysis and even malicious code analysis, and provides important information and data. Presently, main monitoring techonology includes virtual machine simulation, API hooking, and API tracing. The virtual machine technology is very complex, and needs a lot of resources, while the others have bad concealment. Meanwhile, the traditional behavior analysis technology is mainly in manual way. Hence, an efficient and reliable malicious code automatic analysis system is urgently needed.Under the circumstances, exploring an easy way to monitor malicious code, and providing an efficient, safe malicious code dynamic monitoring platform with good concealment is mainly focused on. The platform provides a set of interfaces, which malicious code automatic analysis system will use to analyze malicious code. As a result, the analysis system can be a strong analytical tool for ordinary users and network security experts.Dynamic executive monitoring technology based on binary program is first proposed in this paper, where it slices binary code with code slicing technology, and will not rely on the simulation execution of assembly instruction with high efficiency. At the same time, through the study of known self-protecting malicious code technology and anti-debugging technology, a latent debugging engine is designed, in order that the platform has good concealment, and provides efficient monitoring mechanism. After that, a virtual execution environment on operating system level is needed, which will provide a lightweight and isolated executable environmet with good fault tolerance and the invasion of tolerance. According to the discussed technologies above and designing ideas, a malicious code dynamic monitoring platform is then implemented. The paper finally presents the experiment and test results for the platform. From the test results, a conclusion can be made that the platform can achieve the desired goals. The platform will be a great help to malicious code analysis.In this project, the author involved in theoretical research and analytical work, was responsible for the designs of system architecture and module interface, cooperated with team members to achieve the detailed design, and independently accomplished the design and implemention of two modules, namely inter process communication and instruction-level virtual execution engine based on code slicing technology. |
PDF Full Text Request