检索结果-内蒙古大学图书馆

Proceedings of the 2019 7th International Conference on Information Technology: IoT and Smart City

作者： Peng Shan Qingbao Li Ping Zhang Yanyang Gu State Key Laboratory of Mathematical Engineering and Advanced Computing China

ISBN: (纸本)9781450376631

With the rapid development of computer technology and the iteration of malware, numerous computer malware detection methods have been proposed, among which malware detection based on machine learning has become an important research direction. Opcode sequences are often used as an important feature of machine learning models for training and testing. However, opcode sequences extracted orderly from raw disassembly text may not adequately reflect the behavior of executables. In order to solve this problem, this paper proposes a new malware detection method based on the control flow of executables. This method analyzes the control flow of executables and extracts execution traces from by the unit of function. This paper uses the execution traces to represent the behavior of the executables and present the execution traces by opcode sequences. In order to improve the training efficiency and reduce the feature dimensionality, this paper propose an x86 intermediate code. Then we convert the opcode sequences into the corresponding intermediate code sequences and vectorize them using Vector Space Model (VSM) for training and testing. This paper implements Naïve Bayes Classifier, Support Vector Machines and Random Forest for classification. The experiment result shows that the Random Forest algorithm has the best performance, with an accuracy of 90.8% and the model establishment time is 22s. Compared with the traditional methods based on disassembly text, the accuracy is improved by 1.4%, compared with the methods using x86 opcode, the efficiency is increased by 62%.

关键词： control flow analysis Machine Learning Intermediate Code Malware Detection

来源：评论

学校读者我要写书评

暂无评论

control-flow analysis of Function Calls and Returns by Abstract Interpretation

Control-Flow Analysis of Function Calls and Returns by Abstr...

引用

14th ACM SIGPLAN International Conference on Functional Programming

作者： Midtgaard, Jan Jensen, Thomas P. Roskilde Univ Roskilde Denmark CNRS F-75700 Paris France

ISBN: (纸本)9781605583327

We derive a control-flow analysis that approximates the interprocedural control-flow of both function calls and returns in the presence of first-class functions and tail-call optimization. In addition to an abstract environment, our analysis computes for each expression an abstract control stack, effectively approximating where function calls return across optimized tail calls. The analysis is systematically calculated by abstract interpretation of the stack-based CaEK abstract machine of Flanagan et al. using a series of Galois connections. Abstract interpretation provides a unifying setting in which we 1) prove the analysis equivalent to the composition of a continuation-passing style (CPS) transformation followed by an abstract interpretation of a stack-less CPS machine, and 2) extract an equivalent constraint-based formulation, thereby providing a rational reconstruction of a constraint-based control-flow analysis from abstract interpretation principles.

关键词： Languages Theory Verification control flow analysis abstract interpretation tail-call optimization continuation-passing style direct style constraint-based analysis

来源：评论

学校读者我要写书评

暂无评论

Trace-Based control-flow analysis 2021

Trace-Based Control-Flow Analysis

引用

42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI)

作者： Montagu, Benoit Jensen, Thomas INRIA Rennes France

ISBN: (纸本)9781450383912

We define a small-step semantics for the untyped lambda-calculus, that traces the beta-reductions that occur during evaluation. By abstracting the computation traces, we reconstruct k-CFA using abstract interpretation, and justify constraint-based k-CFA in a semantic way. The abstract interpretation of the trace semantics also paves the way for introducing widening operators in CFA that go beyond existing analyses, that are all based on exploring a finite state space. We define del CFA, a widening-based analysis that limits the cycles in call stacks, and can achieve better precision than k-CFA at a similar cost.

关键词： lambda-calculus control flow analysis program traces abstract interpretation widening

来源：评论

学校读者我要写书评

暂无评论

Automatic analysis of control flow in web services composition processes

Automatic analysis of control flow in web services compositi...

引用

15th Euromicro International Conference on Parallel, Distributed and Network-Based Processing

作者： Di Lorenzo, Giusy Moscato, Francesco Mazzocca, Nicola Vittorini, Valeria Univ Naples Federico II Dip Ing Informazione Naples Italy Seconda Univ Napoli Dip Ing Informazione Naples Italy

ISBN: (纸本)9780769527840

Composition of web services is of great interest to support business-to-business collaboration and provide value added services with desired properties or capabilities. Nevertheless, the standard languages used to create business processes from composite web services lack of formal definition of their semantics and tools to support the analysis of a business process. In this paper we provide a practical approach to formal verification of BPEL4WS executable processes. A syntax-driven operational semantics for BPEL4WS is introduced and an automatic verifier is presented in order to perform a semantic analysis of the flow constructs used in the definition of BPEL4WS processes.

关键词： web services composition operational semantics control flow analysis BPEL4WS

来源：评论

学校读者我要写书评

暂无评论

PSTR: A Test Case Reuse Method Based on Path Similarity

引用

IEEE ACCESS 2025年 13卷 3175-3187页

作者： Xu, Xinyue Chen, Sinong Guo, Zhonghao Chen, Xiangxian Zhejiang Univ Coll Biomed Engn & Instrument Sci Hangzhou 310027 Zhejiang Peoples R China

Software testing plays a critical role throughout the software development lifecycle. In modern development practices, frequent and incremental updates to code are common, and each update typically necessitates the generation of new test cases. While the generation of test cases can be automated, the creation and adjustment of test oracles (expected outputs or behaviors) still require significant manual effort. This process is time-consuming and labor-intensive, particularly when code changes are minor, making repeated oracle creation inefficient. Meanwhile, test cases and their associated oracles from previous versions, having been refined and validated through multiple iterations, are highly reliable and valuable. However, due to the changes in execution paths introduced by code updates, it is unclear which old test cases remain applicable to the new version, leaving these valuable resources underutilized. Consequently, the ability to effectively identify and reuse applicable test cases and their oracles from previous versions is of paramount importance. Currently, research on test case reuse in unit testing is relatively sparse. Existing approaches often focus on software requirements and pay limited attention to code-level changes. Even methods that consider code changes fail to ensure precision in selecting test cases or maintain high coverage in the reused test set. To address these challenges, this paper proposes a novel approach, Path Similarity-based Test case Reuse (PSTR), tailored for the characteristics of unit testing. PSTR significantly enhances testing efficiency and reduces costs by accurately identifying reusable test cases through path similarity analysis. The proposed PSTR method consists of three core modules: static analysis, dynamic analysis, and reuse. First, static analysis is performed on both the old and new code versions to generate their respective sets of static paths. Next, the test cases from the old version are executed on its code, e

关键词： Software testing Software testing test case reuse test case reuse path similarity path similarity control flow analysis control flow analysis unit testing unit testing

来源：评论

学校读者我要写书评

暂无评论

Accelerating Verification and Software Standards Testing (AVASST) with Large Language Models (LLMs) 58

Accelerating Verification and Software Standards Testing (AV...

引用

58th Hawaii International Conference on System Sciences, HICSS 2025

作者： Karl, Ryan Hindka, Yash Zhang, Shen Robert, John Carnegie Mellon University Software Engineering Institute United States

ISBN: (纸本)9780998133188

The recent explosion in large language model (LLM) technology has highlighted the challenges of using public generative Artificial Intelligence (AI) tools in classified environments, especially for software analysis. Currently, software analysis falls on the shoulders of static analysis (SA) tools and manual code review, which tend to provide limited technical depth and are often time-consuming in practice. We show that LLMs can be used in unclassified environments to rapidly develop tools that accelerate software analysis in classified environments. Through LLM assistance, our work has produced several avenues for success, and preliminary experimentation has shown significant time savings (~40%) and improved accuracy (~10%) for certain software analysis tasks. © 2025 IEEE Computer Society. All rights reserved.

关键词： control flow analysis data flow analysis large language models (LLMs) requirements verification static analysis (SA)

来源：评论

学校读者我要写书评

暂无评论

A framework for security analysis of mobile wireless networks

引用

THEORETICAL COMPUTER SCIENCE 2006年第1-2期367卷 203-227页

作者： Nanz, Sebastian Hankin, Chris Univ London Imperial Coll Sci Technol & Med Dept Comp London England

We present a framework for specification and security analysis of communication protocols for mobile wireless networks. This setting introduces new challenges which are not being addressed by classical protocol analysis techniques. The main complication stems from the fact that the actions of intermediate nodes and their connectivity can no longer be abstracted into a single unstructured adversarial environment as they form an inherent part of the system's security. In order to model this scenario faithfully, we present a broadcast calculus which makes a clear distinction between the protocol processes and the network's connectivity graph, which may change independently from protocol actions. We identify a property characterising an important aspect of security in this setting and express it using behavioural equivalences of the calculus. We complement this approach with a control flow analysis which enables us to automatically check this property on a given network and attacker specification. (c) 2006 Elsevier B.V. All rights reserved.

关键词： process calculi control flow analysis security analysis mobile ad hoc networks

来源：评论

学校读者我要写书评

暂无评论

Abstract interpretation of mobile systems

引用

JOURNAL OF LOGIC AND ALGEBRAIC PROGRAMMING 2005年第1期63卷 59-130页

作者： Feret, J Ecole Normale Super Dept Informat F-75230 Paris France

We propose an Abstract Interpretation-based context-free analysis for mobile systems written in the pi-calculus. Our analysis automatically captures a sound-but not complete-description of the potential behavior of a mobile system interacting with an unknown context. It focuses on both the control flow and the Occurrence number of agents during computation sequences. control flow analysis detects all the possible interactions between the agents of a system, but also the potential interactions with the context. In order to deal with dynamic creation of both names and agents which is an inherent feature of mobility, our analysis distinguishes between recursive instances of the same agent. This way. we are able to prove the integrity of an ftp-server used by an unbounded number of Clients. Occurrence counting analysis just consists in abstracting the occurrence number of instances of agents. Our abstraction is relational;this makes us able to detect both quickly and precisely mutual exclusion and non-exhaustion of resources. (c) 2004 Elsevier Inc. All rights reserved.

关键词： mobility pi-calculus static analysis abstract interpretation control flow analysis occurrence counting analysis worst case analysis

来源：评论

学校读者我要写书评

暂无评论

A framework for metamorphic malware analysis and real-time detection

引用

COMPUTERS & SECURITY 2015年 48卷 212-233页

作者： Alam, Shahid Horspool, R. Nigel Traore, Issa Sogukpinar, Ibrahim Univ Victoria Dept Comp Sci Victoria BC V8P5C2 Canada Univ Victoria Dept Elect & Comp Engn Victoria BC V8P5C2 Canada Gebze Inst Technol Dept Comp Engn TR-41400 Gebze Kocaeli Turkey

Metamorphism is a technique that mutates the binary code using different obfuscations. It is difficult to write a new metamorphic malware and in general malware writers reuse old malware. To hide detection the malware writers change the obfuscations (syntax) more than the behavior (semantic) of such a new malware. On this assumption and motivation, this paper presents a new framework named MARD for Metamorphic Malware analysis and Real-Time Detection. As part of the new framework, to build a behavioral signature and detect metamorphic malware in real-time, we propose two novel techniques, named ACFG (Annotated control flow Graph) and SWOD-CFWeight (Sliding Window of Difference and control flow Weight). Unlike other techniques, ACFG provides a faster matching of CFGs, without compromising detection accuracy;it can handle malware with smaller CFGs, and contains more information and hence provides more accuracy than a CFG. SWOD-CFWeight mitigates and addresses key issues in current techniques, related to the change of the frequencies of opcodes, such as the use of different compilers, compiler optimizations, operating systems and obfuscations. The size of SWOD can change, which gives. anti-malware tool developers the ability to select appropriate parameter values to further optimize malware detection. CFWeight captures the control flow semantics of a program to an extent that helps detect metamorphic malware in real-time. Experimental evaluation of the two proposed techniques, using an existing dataset, achieved detection rates in the range 94%-99.6%. Compared to ACFG, SWOD-CFWeight significantly improves the detection time, and is suitable to be used where the time for malware detection is more important as in real-time (practical) anti-malware applications. (C) 2014 Elsevier Ltd. All rights reserved.

关键词： End point security Malware analysis Malware detection Metamorphic malware Window of difference control flow analysis Heuristics Data mining

来源：评论

学校读者我要写书评

暂无评论

DroidNative: Automating and optimizing detection of Android native code malware variants

引用

COMPUTERS & SECURITY 2017年 65卷 230-246页

作者： Alam, Shahid Qu, Zhengyang Riley, Ryan Chen, Yan Rastogi, Vaibhav Gebze Tech Univ Dept Comp Engn Gebze Turkey Northwestern Univ Dept Elect Engn & Comp Sci Evanston IL USA Qatar Univ Dept Comp Sci & Engn Doha Qatar Univ Wisconsin Madison Dept Comp Sci Madison WI USA

According to the Symantec and F-Secure threat reports, mobile malware development in 2013 and 2014 has continued to focus almost exclusively (similar to 99%) on the Android platform. Malware writers are applying stealthy mutations (obfuscations) to create malware variants, thwarting detection by signature-based detectors. In addition, the plethora of more sophisticated detectors making use of static analysis techniques to detect such variants operate only at the bytecode level, meaning that malware embedded in native code goes undetected. A recent study shows that 86% of the most popular Android applications contain native code, making native code malware a plausible threat vector. This paper proposes DroidNative, an Android malware detector that uses specific control flow patterns to reduce the effect of obfuscations and provides automation. As far as we know, DroidNative is the first system that builds cross-platform (x86 and ARM) semantic-based signatures at the Android native code level, allowing the system to detect malware embedded in either bytecode or native code. When tested with a dataset of 5490 samples, DroidNative achieves a detection rate (DR) of 93.57% and a false positive rate of 2.7%. When tested with traditional malware variants, it achieves a DR of 99.48%, compared to the DRs of academic and commercial tools that range from 8.33% to 93.22%. (C) 2016 Elsevier Ltd. All rights reserved.

关键词： Android native code Maiware analysis Maiware variant detection control flow analysis Data mining

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：