| Malware analysis is an important foundation of malware detection and defense. Inpractical applications, we concern much about the inner characteristic about homologyand evolution beside the action in the field of anti-virus, derived evolutionaryrelationships between malwares, including source code and how to develop and changeas well as the relation of each other. Currently there are only a few researches on thespecial homologous analysis of malware.It is assumed that there is a similarity between the field of homology analysis ofmalwares and bioinformatics. The great mass of characters of samples can be describedas a sequence or a net. Therefore, the homology can be analysed based on the sequenceor net. This thesis proposes a malware homology analysis method based on thesequence of the system functions, which is used to solve the problem of constructing thephylogenetic tree for a set of similar program clones with the help of the bioinformaticsalgorithms and tools, especially for sequence comparing and network comparing. Themain contributions of our work are three-fold. First we design a standardization ofcharacters of malware. Second we use IDA Pro to extract the sequence of systemfunctions. At last, we construct the phylogenetic tree with the help of the bioinformaticstools.We conduct the experiments through two tools: IDA Pro, which is a tool widelyused in Disassembly, and UGENE, which is a mature bioinformatics sequencecomparing and large-scale network comparing tool. We verified effects by twoexperiments. The experiment showed that the proposed mechanism used for themalware phylogeny analysis can successfully identify the variant samples which comefrom the same family. In addition, it also reflects the direction of phylogeny correctly,and reliably detected programs which come from the different family. The method ofsequence homology analysis which provide an effective technical and open source toolfor depth understanding and prevention of malware as well as forensics on computercrime. |
PDF Full Text Request