Abstract
In the previous chapters we have examined static extraction of program features for the purpose of birthmark construction. Dynamic analysis is examined in this chapter. It is an alternative approach to static analysis that can be used for birthmark construction. Dynamic analysis concerns itself with analysing a running program. The program being run is typically isolated in an environment which allows its behaviour to be inspected. Typical behaviours that are extracted are the API call sequence. Instruction sequences, basic block sequences and control flow are amongst other behaviours that can also be identified.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Brumley D, Hartwig C, Kang MG, Liang Z, Newsome J, Song D, Yin H (2007) BitScope: automatically dissecting malicious binaries. Technical report CMU-CS-07-133, School of Computer Science, Carnegie Mellon University
Hunt G, Brubacher D (1999) Detours: binary interception of win32 functions. Paper presented at the proceedings of the 3rd conference on USENIX Windows NT symposium, vol 3. Seattle, Washington
Luk CK, Cohn R, Muth R, Patil H, Klauser A, Lowney G, Wallace S, Reddi VJ, Hazelwood K (2005) Pin: building customized program analysis tools with dynamic instrumentation. Paper presented at the proceedings of the 2005 ACM SIGPLAN conference on programming language design and implementation
Bala V, Duesterwald E, Banerjia S (2000) Dynamo: a transparent dynamic optimization system. Paper presented at the proceedings of the ACM SIGPLAN 2000 conference on programming language design and implementation
Nethercote N, Seward J (2003) Valgrind a program supervision framework. Electron Notes Theor Comput Sci 89(2):44–66
Guizani W, Marion JY, Reynaud-Plantey D (2009) Server-side dynamic code analysis. In: Malicious and unwanted software (MALWARE), 2009 4th international conference on, 2009, pp 55–62
Quist D (2007) Valsmith covert debugging circumventing software armoring techniques. In: Black hat briefings USA
Dinaburg A, Royal P, Sharif M, Lee W Ether (2008) Malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM conference on computer and communications security 2008. ACM, New York, USA, pp 51–62
Raffetseder T, Kruegel C, Kirda E (2007) Detecting system emulators. In: Lecture notes in computer science, vol 4779, p 1
Cesare S, Xiang Y (2010) Classification of malware using structured control flow. In: 8th Australasian symposium on parallel and distributed computing (AusPDC 2010
Bellard F (2005) QEMU, a fast and portable dynamic translator. In: USENIX annual technical conference 2005, pp 41–46
Boehne L (2008) Pandora’s bochs: automatic unpacking of malware. University of Mannheim
Bayer U, Kruegel C, Kirda E (2006) TTAnalyze: a tool for analyzing malware. In: European Institute for Computer Antivirus Research (EICAR), 2006
Song D, Brumley D, Yin H, Caballero J, Jager I, Kang M, Liang Z, Newsome J, Poosankam P, Saxena P (2008) BitBlaze: a new approach to computer security via binary analysis. In: Information systems security
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2012 The Author(s)
About this chapter
Cite this chapter
Cesare, S., Xiang, Y. (2012). Dynamic Analysis. In: Software Similarity and Classification. SpringerBriefs in Computer Science. Springer, London. https://doi.org/10.1007/978-1-4471-2909-7_6
Download citation
DOI: https://doi.org/10.1007/978-1-4471-2909-7_6
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-2908-0
Online ISBN: 978-1-4471-2909-7
eBook Packages: Computer ScienceComputer Science (R0)