Visualizing compiled executables for malware analysis

机译：可视化已编译的可执行文件以进行恶意软件分析

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Reverse engineering compiled executables is a task with a steep learning curve. It is complicated by the task of translating assembly into a series of abstractions that represent the overall flow of a program. Most of the steps involve finding interesting areas of an executable and determining their overall functionality. This paper presents a method using dynamic analysis of program execution to visually represent the overall flow of a program. We use the Ether hypervisor framework to covertly monitor a program. The data is processed and presented for the reverse engineer. Using this method the amount of time needed to extract key features of an executable is greatly reduced, improving productivity. A preliminary user study indicates that the tool is useful for both new and experienced users.

机译：逆向工程编译的可执行文件是一项学习曲线陡峭的任务。将程序集转换为代表程序总体流程的一系列抽象的任务使该过程变得复杂。大多数步骤涉及查找可执行文件的有趣区域并确定其整体功能。本文提出了一种使用程序执行动态分析来直观地表示程序总体流程的方法。我们使用Ether虚拟机管理程序框架秘密监视程序。数据被处理并提供给逆向工程师。使用此方法，可以大大减少提取可执行文件关键功能所需的时间，从而提高了生产率。初步的用户研究表明，该工具对新用户和有经验的用户都有用。

著录项

来源
《Visualization for Cyber Security, 2009. VizSec 2009》|2009年|27-32|共6页
会议地点 Atlantic City NJ(US);Atlantic City NJ(US)
作者
Quist Daniel A.; Liebrock Lorie M.;
展开▼
作者单位

New Mexico Tech, Los Alamos National Laboratory;

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Dynamic Analysis; K.6.1 Management of Computing and Information Systems: Project and People Management-Life Cycle; K.7.m The Computing Profession: Miscellaneous-Ethics; Reverse Engineering; Visualization;

机译：动态分析； K.6.1 [计算和信息系统的管理]：项目和人员管理-生命周期； K.7.m [计算专业]：杂项伦理学；逆向工程；可视化;

相似文献

外文文献
中文文献
专利

1. Reversing compiled executables for malware analysis via visualization [J] . Daniel A. Quist, Lorie M. Liebrock Information visualization . 2011,第2期

机译：通过可视化反转已编译的可执行文件以进行恶意软件分析
2. ARCHITECTURE OF MALWARE TRACKER VISUALIZATION FOR MALWARE ANALYSIS [J] . CHAN LEE YEE, MAHAMOD ISMAIL, NASHARUDDIN ZAINAL, Journal of Theoretical and Applied Information Technology . 2013,第1期

机译：用于恶意软件分析的恶意软件跟踪器可视化架构
3. ARCHITECTURE OF MALWARE TRACKER VISUALIZATION FOR MALWARE ANALYSIS [J] . CHAN LEE YEE, MAHAMOD ISMAIL, NASHARUDDIN ZAINAL, Journal of Theoretical and Applied Information Technology . 2013,第1期

机译：用于恶意软件分析的恶意软件跟踪器可视化架构
4. Visualizing Compiled Executables for Malware Analysis [C] . Daniel A. Quist, Lorie M. Liebrock International Workshop on Visualization for Cyber Security . 2009

机译：可视化编译的可执行文件以获取恶意软件分析
5. Robust Classification of Portable Executable Malware [D] . Kucuk, Yunus. 2020

机译：便携式可执行恶意软件的强大分类
6. Malware Analysis Using Visualized Image Matrices [O] . KyoungSoo Han, BooJoong Kang, Eul Gyu Im -1

机译：使用可视化图像矩阵进行恶意软件分析
7. Visualizing compiled executables for malware analysis [O] . Daniel A. Quist, Lorie M. Liebrock 2009

机译：可视化编译的可执行文件以进行恶意软件分析

Visualizing compiled executables for malware analysis

摘要

著录项

相似文献

相关主题

期刊订阅