| Malicious code is an increasingly important problem that threatens the security of computer systems. Malware a term that refers to viruses, trojans, worms, spyware or any form of malicious code is widespread today. Given the devastating effects that malware have on the computing world, detecting and countering malware is an important goal. Malware analyst is a challenging and multi-step process providing insight into malware structure and functionality, facilitating the development of an antidote. Unfortunately, the traditional technology of defense against malware uses pattern matching to identify malware, such as virus and spyware scanners, which can be easily evaded by simple code transformations. To successfully detect and counter malware, malware analysts must be able to analyze them in binary dynamically. The malicious code has the inner self protection function to prevent to be analyzed. With the development of software, protection technique analysis in binary is facing severe challenges.In this thesis, it concerns technique of malicious code. Then it introduces current detection technique and analysis technique of malicious code. After deep research it finds that most current detecting and analysis methods are effective to identify known malicious code while unable to recognize unknown virus and its variation, especially for those who have the ability to against debugging and analyzing.To address these problems, we aim to implement a system with stealthy and automatic analysis process, accurate analysis result, and complete analysis report. In this tool of dynamic binary analysis of malicious code, the detecting technique bases on paging management mechanism which is supported by the system, and we propose a new approach oriented dynamic behavior analysis to detect malicious codes through catching up the system call in malware process and analyzing its calling parameters. The detecting technique is designed and completed witch uses the system paging management mechanism to debug malcodes. Comparing with the traditional technology of monitor, this is more stealth. We make behavioral modeling, and then extract malware behavior signatures to construct behavior rule database, which is used to identify malware automatically by simulating security experts. This analysis technique supports measurable behavior analysis, which finally improves the automatization, intelligentization of the process, and it will be able to become an important tool for security experts. The results of experiment showed that this tool offered nice approach for analysis of malicious code. |
PDF Full Text Request