Abstract
In this paper, a tracking and capturing method for abnormal behavior in marketing system is designed. The main steps of the method include: (1) Trace generation based on function injection. This method selects NOP, HLT and other instructions of untrusted processes to fill the memory area, and injects the test. The function and control process execute the function to obtain Trace; (2) Trace & capture-based sandbox interception system function analysis method, first establish a finite state automaton model describing the instruction address translation of the untrusted process call system function, according to the state of the automaton. The conversion determines whether the system function calling process has interception behavior, and further identifies the system function of the sandbox interception according to the position of the state machine conversion instruction in the automatic machine. This paper designs and implements the prototype system, called TC-analyser, and solves the key problems of the function injection timing selection, Trace intermediate representation and other implementation processes. Finally, choose Chromium and Adobe Reader to test the TC-analyser’s interception recognition capability and compare it with Hooks hark. The experimental results show that the TC-analyser has good interception and recognition capabilities.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
