Reversing compiled executables for malware analysis via visualization

Daniel A. Quist; Lorie M. Liebrock

首页> 外文期刊>Information visualization >Reversing compiled executables for malware analysis via visualization

【24h】

Reversing compiled executables for malware analysis via visualization

机译：通过可视化反转已编译的可执行文件以进行恶意软件分析

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Reverse engineering-compiled executables is a task with a steep learning curve. It is complicated by the task of translating assembly into a series of abstractions that represent the overall flow of a program. Most of the steps involve finding interesting areas of an executable and determining their general functionality. This article presents a method using dynamic analysis of program execution to visually represent the general flow of a program. We use the Ether hypervisor framework to covertly monitor a program. The data are processed and presented for the reverse engineer. The VERA (Visualization of Executables for Reversing and Analysis) system specifically accelerates the location of the original entry point and understanding of overall executable functionality. Using this method, the amount of time needed to extract key features of an executable is greatly reduced, improving productivity. Two malware samples are used to demonstrate the advantages of using the VERA system to reverse engineer malware. Further, these examples exemplify a reversing process enhanced through effective use of dynamic analysis tools. Preliminary user study indicates that the tool is useful for both new and experienced users.

机译：逆向工程编译的可执行文件是一项具有陡峭学习曲线的任务。将程序集转换为代表程序总体流程的一系列抽象的任务使该过程变得复杂。大多数步骤涉及查找可执行文件的有趣区域并确定其常规功能。本文介绍了一种使用动态分析程序执行来直观地表示程序总体流程的方法。我们使用Ether虚拟机管理程序框架秘密监视程序。数据被处理并提供给逆向工程师。 VERA（用于反转和分析的可执行文件的可视化）系统专门加快了原始入口点的位置，并加速了整体可执行功能的理解。使用此方法，可以大大减少提取可执行文件关键功能所需的时间，从而提高了生产率。使用两个恶意软件样本来演示使用VERA系统对恶意软件进行反向工程的优势。此外，这些示例举例说明了通过有效使用动态分析工具而增强的逆向过程。初步的用户研究表明，该工具对新用户和有经验的用户都有用。

著录项

来源
《Information visualization》 |2011年第2期|p.117-126|共10页
作者
Daniel A. Quist; Lorie M. Liebrock;
展开▼
作者单位

Los Alamos National Laboratory, Los Alamos,New Mexico, 87545, USA;

Computer Science Department, New Mexico Tech, 801 Leroy Place, Socorro, New Mexico,87801, USA;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
reverse engineering; visualization; binary analysis;

机译：逆向工程;可视化二元分析;

相似文献

外文文献
中文文献
专利

1. ARCHITECTURE OF MALWARE TRACKER VISUALIZATION FOR MALWARE ANALYSIS [J] . CHAN LEE YEE, MAHAMOD ISMAIL, NASHARUDDIN ZAINAL, Journal of Theoretical and Applied Information Technology . 2013,第1期

机译：用于恶意软件分析的恶意软件跟踪器可视化架构
2. ARCHITECTURE OF MALWARE TRACKER VISUALIZATION FOR MALWARE ANALYSIS [J] . CHAN LEE YEE, MAHAMOD ISMAIL, NASHARUDDIN ZAINAL, Journal of Theoretical and Applied Information Technology . 2013,第1期

机译：用于恶意软件分析的恶意软件跟踪器可视化架构
3. FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques [J] . SC magazine . 2020,第2Suppla期

机译：FOR610：逆向工程恶意软件：恶意软件分析工具和技术
4. Visualizing compiled executables for malware analysis [C] . Quist Daniel A., Liebrock Lorie M. Visualization for Cyber Security, 2009. VizSec 2009 . 2009

机译：可视化已编译的可执行文件以进行恶意软件分析
5. Enhancing Usability of Malware Analysis Pipelines with Reverse Engineering [D] . Ching, Jeffrey C. 2021

机译：增强恶意软件分析管道的可用性，具有逆向工程
6. Malware Analysis Using Visualized Image Matrices [O] . KyoungSoo Han, BooJoong Kang, Eul Gyu Im -1

机译：使用可视化图像矩阵进行恶意软件分析
7. Visualizing compiled executables for malware analysis [O] . Daniel A. Quist, Lorie M. Liebrock 2009

机译：可视化编译的可执行文件以进行恶意软件分析

Reversing compiled executables for malware analysis via visualization

摘要

著录项

相似文献

相关主题

期刊订阅