Dynamic Binary Instrumentation을 활용한 악성코드 분류

Abstract

With the rapid development of Internet, malware has become increasingly serious in the field of computer security. Nowadays, most existing antivirus software use signature-based methods to detect malware. However, traditional signature-based method cannot detect malware effectively, which are processed by obfuscation technique. Thus, in order to address these problems above, we propose a detection system for malware, which uses dynamic binary instrumentation (DBI). We selected Intel Pin as our DBI tools to dynamically extract instructions. The extracted instruction sequences are converted into histogram date files, and make a similarity comparison among these files using normalized cross correlation algorithm. Experiment results show that the dynamic detection system can effectively distinguish malware and benign software. Keywords: Computer Security; Dynamic Analysis; Binary Instrumentation; Instruction sequence; Malware