自修改代码的可达性分析

IF 0.6 4区计算机科学 Q4 COMPUTER SCIENCE, THEORY & METHODS

International Journal of Foundations of Computer Science Pub Date : 2023-01-30 DOI:10.1142/s0129054122500290

Tayssir Touili, Xin Ye

{"title":"自修改代码的可达性分析","authors":"Tayssir Touili, Xin Ye","doi":"10.1142/s0129054122500290","DOIUrl":null,"url":null,"abstract":"A Self modifying code is code that modifies its own instructions during execution time. It is nowadays widely used, especially in malware to make the code hard to analyse and to detect by anti-viruses. Thus, the analysis of such self modifying programs is a big challenge. Pushdown systems (PDSs) is a natural model that is extensively used for the analysis of sequential programs because they allow to accurately model procedure calls and mimic the program’s stack. In this work, we propose to extend the PushDown System model with self-modifying rules. We call the new model Self-Modifying PushDown System (SM-PDS). A SM-PDS is a PDS that can modify its own set of transitions during execution. We show how SM-PDSs can be used to naturally represent self-modifying programs and provide efficient algorithms to compute the backward and forward reachable configurations of SM-PDSs. We implemented our techniques in a tool and obtained encouraging results. In particular, we successfully applied our tool for the detection of self-modifying malware.","PeriodicalId":50323,"journal":{"name":"International Journal of Foundations of Computer Science","volume":null,"pages":null},"PeriodicalIF":0.6000,"publicationDate":"2023-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Reachability Analysis of Self Modifying Code\",\"authors\":\"Tayssir Touili, Xin Ye\",\"doi\":\"10.1142/s0129054122500290\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A Self modifying code is code that modifies its own instructions during execution time. It is nowadays widely used, especially in malware to make the code hard to analyse and to detect by anti-viruses. Thus, the analysis of such self modifying programs is a big challenge. Pushdown systems (PDSs) is a natural model that is extensively used for the analysis of sequential programs because they allow to accurately model procedure calls and mimic the program’s stack. In this work, we propose to extend the PushDown System model with self-modifying rules. We call the new model Self-Modifying PushDown System (SM-PDS). A SM-PDS is a PDS that can modify its own set of transitions during execution. We show how SM-PDSs can be used to naturally represent self-modifying programs and provide efficient algorithms to compute the backward and forward reachable configurations of SM-PDSs. We implemented our techniques in a tool and obtained encouraging results. In particular, we successfully applied our tool for the detection of self-modifying malware.\",\"PeriodicalId\":50323,\"journal\":{\"name\":\"International Journal of Foundations of Computer Science\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2023-01-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Foundations of Computer Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1142/s0129054122500290\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Foundations of Computer Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1142/s0129054122500290","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

摘要

自我修改代码是指在执行过程中修改自身指令的代码。它现在被广泛使用，特别是在恶意软件中，使代码难以被反病毒程序分析和检测。因此，分析这样的自我修改程序是一个很大的挑战。下推系统(pds)是一种自然模型，广泛用于顺序程序的分析，因为它们允许对过程调用进行精确建模并模拟程序的堆栈。在这项工作中，我们提出用自修改规则扩展PushDown系统模型。我们称之为自修改下推系统(SM-PDS)。SM-PDS是一个可以在执行期间修改自己的转换集的PDS。我们展示了如何使用sm - pdp自然地表示自修改程序，并提供了有效的算法来计算sm - pdp的向后和向前可达配置。我们在一个工具中实现了我们的技术，并获得了令人鼓舞的结果。特别是，我们成功地应用了我们的工具来检测自我修改的恶意软件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Reachability Analysis of Self Modifying Code

A Self modifying code is code that modifies its own instructions during execution time. It is nowadays widely used, especially in malware to make the code hard to analyse and to detect by anti-viruses. Thus, the analysis of such self modifying programs is a big challenge. Pushdown systems (PDSs) is a natural model that is extensively used for the analysis of sequential programs because they allow to accurately model procedure calls and mimic the program’s stack. In this work, we propose to extend the PushDown System model with self-modifying rules. We call the new model Self-Modifying PushDown System (SM-PDS). A SM-PDS is a PDS that can modify its own set of transitions during execution. We show how SM-PDSs can be used to naturally represent self-modifying programs and provide efficient algorithms to compute the backward and forward reachable configurations of SM-PDSs. We implemented our techniques in a tool and obtained encouraging results. In particular, we successfully applied our tool for the detection of self-modifying malware.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Foundations of Computer Science 工程技术-计算机：理论方法

CiteScore

1.60

自引率

12.50%

发文量

审稿时长

3 months

期刊介绍： The International Journal of Foundations of Computer Science is a bimonthly journal that publishes articles which contribute new theoretical results in all areas of the foundations of computer science. The theoretical and mathematical aspects covered include: - Algebraic theory of computing and formal systems - Algorithm and system implementation issues - Approximation, probabilistic, and randomized algorithms - Automata and formal languages - Automated deduction - Combinatorics and graph theory - Complexity theory - Computational biology and bioinformatics - Cryptography - Database theory - Data structures - Design and analysis of algorithms - DNA computing - Foundations of computer security - Foundations of high-performance computing