The Design And Implementation Of Malicious Code Dynamic Analysis Platform Based On API Relevance

With the rapid development of the Internet,the number of new types of malicious code continues to increase.Most of the current mainstream malicious code analysis work uses static disassembly and dynamic debugging to perform reverse analysis,which is highly dependent on professionals and has low work efficiency.Researching malicious code automation analysis technology can effectively improve the analysis efficiency of malicious code and extract malicious code related programming techniques and methods from it,which is of great significance for maintaining network security.Aiming at the problems in the field of automatic analysis of malicious code,this paper proposes a new malicious code automated dynamic analysis framework.Under this framework,an API parameter information database is constructed,and malicious code behavior extraction and description methods are designed.Firstly,by studying the rules of API calls,a dynamic analysis method based on API relevance is proposed,and the general method of behavior extraction is summarized.Based on this,API information acquisition technology based on dynamic instrumentation technology is implemented,and malicious information is successfully extracted.The API call sequence and its parameter information of the code,based on the self-built API function parsing library,the correlation extraction algorithm is designed,the API association extraction is implemented,the behavior description database is established,the behavior description algorithm is designed,and the behavior-based description library is further implemented.The malicious code behavior extraction method completely automates the analysis of malicious code behavior.In the end,this paper designs and implements a malicious code dynamic analysis platform based on API relevance,selects a large number of malicious code examples for analysis and testing,and conducts in-depth analysis of some popular classic virus samples to verify system functions.The results show that the platform can quickly and accurately extract malicious code behavior.