Abstract
Malware detection is an important problem in the field of information security. Opcodes are the most direct information reflecting the execution behavior of malware, The malware based on the dynamic analysis of opcodes also faces some challenges: the acquisition o
Highlights
With the development of the Internet technology in recent years, it is used by criminals to carry out malicious activities due to the openness of the Internet
The malware based on the dynamic analysis of the operating code faces some challenges: the acquisition of the operating code information in the execution process of the malware; the high false alarm rate in the detection process and the large system overhead caused by the malware detection in the application layer
In order to deal with the above problems, this paper firstly analyzes the progress and existing problems of existing malware detection technology based on dynamic opcode analysis, proposes a new scheme for dynamic opcode acquisition, the opcode information obtained from the software runtime is used for offline analysis
Summary
With the development of the Internet technology in recent years, it is used by criminals to carry out malicious activities due to the openness of the Internet. Most antivirus software use a combination of signatures and heuristics method to detect malware. The problem with this approach is that it is susceptible to malware obfuscation mechanisms, making it difficult to accurately identify the trajectory of malware execution. In order to deal with the above problems, this paper firstly analyzes the progress and existing problems of existing malware detection technology based on dynamic opcode analysis, proposes a new scheme for dynamic opcode acquisition, the opcode information obtained from the software runtime is used for offline analysis. Based on the above research results, this paper proposes an online detection scheme: CPU built-in malware monitoring model (CBMM), which can solve the problem that it is difficult to accurately identify the execution trajectory of malware in the current malware detection process, at the same time, this model can monitor malware in real time. We implement our model by VerilogHDL, functional simulation was carried out in modelsim simulation software and its implementation cost was analyzed
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have