An Approach to Detect Malicious Behaviors by Evading Stalling Code

Chao You, Jianmin Pang, Yichi Zhang, Chao Dai, Xiaonan Liu

Abstract


Since malwares contain stalling codes, malicious behaviors can’t be detected in emulated analysis environment. This paper proposes an approach to detect malicious behaviors by evade stalling codes. First, we executed a malware in the emulated analysis environment, and saved every executed instruction in a trace file; Second, we began to detect stalling codes with the trace file, and constructed stalling code evasive points; At last, we executed the malware again and evade stalling codes with the evasive points, and then the malicious behaviors detected. It has been proven by experiments that the approach can evade stalling codes to detect the later malware behaviors effectively, and improve the performance of detecting the malicious behaviors in the emulated analysis environment.

 

DOI: http://dx.doi.org/10.11591/telkomnika.v10i7.1573


Full Text:

PDF

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

shopify stats IJEECS visitor statistics