Malicious code detection based on reverse engineering
Jiang Qianyu
1
姜倩玉(1995-),女,研究生,主要研究方向:网络与信息安全
Wang Fengying
1
王凤英(1962-)女,教授,硕导,主要研究方向:网络与信息安全
1、School of computer science and technology, Shandong University of Technology,Zibo City, Shandong Province 255000
Abstract:The existing methods of detecting malicious code through behavior information usually adopt graph matching or API call sequence pattern mining, which has limitations. Picture matching will become more and more complex as the number of malicious code increases. In order to improve the accuracy of malicious code, a method of detecting malicious code based on reverse engineering is proposed. Samples through reverse API behavior sequence of behavior, behavior were first introduced in matching module to test the sample, the sample was divided into black and white ash three regions, the black area representative sample for malware white area representative sample as normal procedure, grey areas represent not determine the nature of the sample, the sample of grey area further by testing module, the sample of the API calling sequence is converted to markov images, tested by CNN algorithm, experiment measurement accuracy of 99.7%.