Abstract
In this paper, a tracking and capturing method for abnormal behavior in marketing system is designed. The main steps of the method include: (1) Trace generation based on function injection. This method selects NOP, HLT and other instructions of untrusted processes to fill the memory area, and injects the test. The function and control process execute the function to obtain Trace; (2) Trace & capture-based sandbox interception system function analysis method, first establish a finite state automaton model describing the instruction address translation of the untrusted process call system function, according to the state of the automaton. The conversion determines whether the system function calling process has interception behavior, and further identifies the system function of the sandbox interception according to the position of the state machine conversion instruction in the automatic machine. This paper designs and implements the prototype system, called TC-analyser, and solves the key problems of the function injection timing selection, Trace intermediate representation and other implementation processes. Finally, choose Chromium and Adobe Reader to test the TC-analyser’s interception recognition capability and compare it with Hooks hark. The experimental results show that the TC-analyser has good interception and recognition capabilities.
Highlights
With the extensive development of various marketing activities, various types of attacks against marketing systems are becoming more frequent
Sandbox untrusted part is dealing with untrusted data into/thread or untrusted programs, sandbox credible parts to untrusted service [1] and intercept the untrustworthy marketing system function called [2] run-time monitoring and verification to ensure the safety of the system
Trace is the basis of analysis of the intercept, as a result, the efficiency of the method analysis focused on marketing system function Trace the formation of scale, Trace the time needed for generating and Trace the efficiency
Summary
With the extensive development of various marketing activities, various types of attacks against marketing systems are becoming more frequent. Common behaviors include the use of lottery credits or coupons for bulk piracy, the use of lottery point’s logic loopholes for profit, and the use of account bank piracy Points, scalpers, etc. These attacks greatly reduce the expected benefits of marketing activities and threaten business development. Existing sandbox at test sandbox to provide service, but the lack of a sandbox to intercept and validation unreliable part of the call marketing system function test, and the process is safety defects.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
