| Along with the fast development of the Internet,the rising value of the user data and the expansion of the terminal equipment make computer programs more and more integrated into the real life.In order to protect the user's privacy and property,the importance of detecting and identifying the behavior of binary programs is becoming more and more obvious.This paper presents a program function identification technology for program dynamic behavior,which has the characteristics of instruction level,heuristic,high precision and wide range.And its technical fields include software reverse,bioinformatics,machine learning and other fields.We design the offline analysis architecture as the overall framework.Firstly,the dynamic instruction behavior of the program is recorded by the dynamic program behavior monitoring technology,which is optimized by the log structure of basic block index.Then the abstract encoding method is proposed,which is based on the semantics of the assembly instructions,so that assembly instructions can be ed instruction into specific data structure for further analysis.On the basis of the above,three kinds of feature systems are designed to describe the behavior of the program.And we design a series of feature extraction technique based on the principle of taint track and sequence alignment.Then,this paper proposes a machine learning classification model based on the model fusion technology,which can integrate the implicit behavior description information of the feature system.The design and implementation of the whole set of intelligent identification technology,with high efficiency and accuracy of the characteristics,can be achieved in a broad sense of recognition results. |
PDF Full Text Request