Abstract
Due to the abuse of cryptography technology and the difficulty to break encryption algorithm, ransomware has a huge threat to cyberspace. So how to detect the cryptographic algorithm in the recognition program plays an important role in the protection of information security. However, existing cryptographic algorithm identification and analysis technology has the disadvantages of low recognition efficiency, single analysis strategy, and they cannot identify program variants effectively. In view of these problems, this paper presents a cryptographic algorithm based on behavior analysis. Based on the behavior analysis, combined with the static structure and dynamic statistical characteristics of the key data, the subroutine of the target program is gradually screened, and the execution logic of the subroutine is analyzed. Finally, the cryptographic algorithm in the binary code of the program is obtained. Compared with the traditional signature-based technology, our technology has a better recognition rate with less resource occupation. What’s more, this technology can identify the program variants accurately, so it has a good application prospects.
This work is sponsored by National Science Foundation of China (No. 61272452), National High-tech R&D Program of China (863 Program) 2015AA016002, and National Basic Research Program of China (973 Program) 2014CB340601.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Traynor, P., Chien, M., Weaver, S., et al.: Noninvasive methods for host certification. ACM Trans. Inf. Syst. Secur. (TISSEC) 11(3), 16 (2008)
Chen, X., Andersen, J., Mao, Z.M., et al.: Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC, DSN 2008, pp. 177–186. IEEE (2008)
Maiorca, D., Corona, I., Giacinto, G.: Looking at the bag is not enough to find the bomb: an evasion of structural methods for malicious pdf files detection. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 119–130. ACM (2013)
Jana, S., Shmatikov, V.: Abusing file processing in malware detectors for fun and profit. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 80–94. IEEE (2012)
Marpaung, J.A.P., Sain, M., Lee, H.J.: Survey on malware evasion techniques: state of the art and challenges. In: 2012 14th International Conference on Advanced Communication Technology (ICACT), pp. 744–749. IEEE (2012)
Ugarte-Pedrero, X., Balzarotti, D., Santos, I., et al.: SoK: deep packer inspection: a longitudinal study of the complexity of run-time packers. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 659–673. IEEE (2015)
Yang, W., Tao, W., Meng, X., et al.: Recognition scheme of block cipher algorithm based on categorical randomness metrics distribution. J. Commun. 36(4), 147–155 (2015)
Yang, W., Tao, W., Jindong, L.: A new method of statistical detection for cryptography of block cipher algorithm. J. Ordnance Eng. Coll. 27(3), 58–64 (2015)
Jizhong, L.: Research on key technology of cryptographic algorithm identification and analysis. The PLA Information Engineering University (2014)
Jizhong, L., Liehui, J., Qing, Y., et al.: Recognition algorithm of cryptographic algorithms based on Bayes decision. Comput. Eng. 34(20), 159–160 (2008)
Liu, T.M., Jiang, L., He, H., et al.: Researching on cryptographic algorithm recognition based on static characteristic-code. In: Security Technology, pp. 140–147 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Yan, F., Xing, Y., Zhang, S., Yue, Z., Zheng, Y. (2017). Research on Cryptographic Algorithm Recognition Based on Behavior Analysis. In: Xu, M., Qin, Z., Yan, F., Fu, S. (eds) Trusted Computing and Information Security. CTCIS 2017. Communications in Computer and Information Science, vol 704. Springer, Singapore. https://doi.org/10.1007/978-981-10-7080-8_25
Download citation
DOI: https://doi.org/10.1007/978-981-10-7080-8_25
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-7079-2
Online ISBN: 978-981-10-7080-8
eBook Packages: Computer ScienceComputer Science (R0)
