发明名称 |
BEHAVIOR SPECIFICATION, FINDING MAIN, AND CALL GRAPH VISUALIZATIONS |
摘要 |
A process transforms compiled software into a semantic form. The process transforms the code into a semantic form. The process analyzes behavior functionality by processing precise programming behavior abstractions stored in a memory and classifies the code as malware based on the code behavior. Another method identifies the starting point of execution of a compiled program. The method calculates a complexity measure by calculating the number of potential execution paths of local functions; identifies the number of arguments passed to local functions; and identifies the starting point of execution of the compiled program. Another method provides interactive, dynamic visualization of a group of related functions wherein a user can explore the rendered graph and select a specific function and display functions that are color coded by their ancestral relation and their function call distance to the selected function. |
申请公布号 |
US2016042180(A1) |
申请公布日期 |
2016.02.11 |
申请号 |
US201514820976 |
申请日期 |
2015.08.07 |
申请人 |
UT Battelle, LLC |
发明人 |
Sayre Kirk D.;Willems Richard A.;Lindberg Stephen Lanse |
分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
代理机构 |
|
代理人 |
|
主权项 |
1. A behavior computation process comprising:
transforming compiled software code into a semantic form of the compiled software; transforming the semantic form of the software code into a structured form; computing code behavior and analyzing behavior functionality by processing precise programming behavior abstractions stored in a data repository; and classifying the software code as malware based on the computing code behavior and the analysis of the behavior functionality. |
地址 |
Oak Ridge TN US |