%0 Journal Article
%T Research on Normalization towards Instructions Reordering Metamorphism Technique<br>针对指令乱序变形技术的归一化研究
%A JIN Ran
%A WEI Qiang
%A WAN Qing-Xian
%A <br>金然
%A 魏强
%A 王清贤
%J 计算机科学
%D 2008
%I 
%X Much of apparently new malware comes from transformed known malware.Metamorphic malware could even complete this process automatically.The mutable signature makes the traditional detection method based on it difficult to detect metamorphic malware.Combining normalization idea with the traditional detection technology is a promising approach to resolve the problem.This paper proposes a normalization scheme towards instructions reordering metamorphism technique.In the scheme,the inspected code is firstly partitioned into some basic control blocks based on control-dependency analysis,then the instructions order in each block is adjusted according to the data-dependency graph.After the variants of malware are normalized according to the scheme,they tend to have the same form.The scheme is applicable to both jump method and non-jump method which are two implementations of instructions reordering.Testing has been conducted to validate the feasibility of the scheme.
%K Metamorphic malware
%K Normalization
%K Malware detection<br>变形恶意代码
%K 归一化
%K 恶意代码检测
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=64A12D73428C8B8DBFB978D04DFEB3C1&aid=5E5CA4D16A43BD7461AB28DBDAEFA779&yid=67289AFF6305E306&vid=6209D9E8050195F5&iid=0B39A22176CE99FB&sid=CFAC5CB624A41AFD&eid=08805F9252973BA4&journal_id=1002-137X&journal_name=计算机科学&referenced_num=0&reference_num=7