【摘要】 在恶意代码分析中,动态监测虚拟环境中的恶意代码行为是一种常用的方法。但是,由于可执行的路径分支众多,极易产生路径爆炸问题,造成某些可执行路径无法被覆盖,严重影响分析的全面性。为了解决恶意代码分析中路径爆炸问题,提出了一种基于符号执行树的恶意代码分析方法。通过构造符号执行树,引入汇聚节点,对恶意代码的执行路径进行约束求解,减少分析路径,从而缓解路径爆炸的影响,提高分析的全面性。恶意代码样本分析的实验表明,该方法能够有效地提升分析效率,同时拥有较小的时间复杂度。更多还原

【Abstract】 In the malware analysis,it is a common method to monitor malware dynamically in a virtual environment.However,with so many branches of executable pathes,path explosion problem will probably occur,leaving some executable pathes uncovered,and hence harming the comprehensiveness of analysis.To solve this problem,we propose a malware analysis method based on symbolic execution tree.This method introduces sinknode and solves the execution of malicious code path by constructing the symbolic execution tree,so improves the analysis of comprehensive.Experiments to analyze the samples of malware show that the method can enhance the efficiency of the analysis with lower time complexity.更多还原