A Stack-related Method for Detecting Obfuscated System Calls of Malware
基于栈的恶意程序隐式系统调用的检测方法

This paper presents a method to detect obfuscated system calls of malware.The idea is to use address stack and address stack graph to detect obfuscated system calls of malware.An address stack is used to associate each element in the stack to the instruction that pushes the element.An address stack graph may be created by abstract interpretation of the binary executable and may be used to detect obfuscated calls.The experiment proves the method is effective.