Author(s): |
Zhuo Han, Zhengzhou Information Science and Technology Institute, Zhengzhou 450002, China Xiaomin Ran, Zhengzhou Information Science and Technology Institute, Zhengzhou 450002, China Yingchun Chen, Zhengzhou Information Science and Technology Institute, Zhengzhou 450002, China Baozhong Ge, National Digital Switching Engineering Center, Zhengzhou 450002, China |
Abstract: |
When analyzing malware dynamically, it needs to analyze the instruction in the memory. To solve this problem, this article introduced trie structure into instruction analytical method, and analyzed backwards from a certain instruction. Our experiment demonstrate that this method has a time complex- ity of O(n), where n is the number of trie structures, So it can find useful instruction sequence rapidly. And because of the characteristic of X86 architecture, that is, the length of a instruction is not fixed, which greatly increased the number of instructions found in the process. Therefore the method can be used in malware analysis effectively.
|