• Title/Summary/Keyword: Call graph

Search Result 42, Processing Time 0.025 seconds

The Generation of the Function Calls Graph of an Obfuscated Execution Program Using Dynamic (동적 분석을 이용한 난독화 된 실행 프로그램의 함수 호출 그래프 생성 연구)

  • Se-Beom Cheon;DaeYoub Kim
    • Journal of IKEEE
    • /
    • v.27 no.1
    • /
    • pp.93-102
    • /
    • 2023
  • As one of the techniques for analyzing malicious code, techniques creating a sequence or a graph of function call relationships in an executable program and then analyzing the result are proposed. Such methods generally study function calling in the executable program code through static analysis and organize function call relationships into a sequence or a graph. However, in the case of an obfuscated executable program, it is difficult to analyze the function call relationship only with static analysis because the structure/content of the executable program file is different from the standard structure/content. In this paper, we propose a dynamic analysis method to analyze the function call relationship of an obfuscated execution program. We suggest constructing a function call relationship as a graph using the proposed technique.

AIT: A method for operating system kernel function call graph generation with a virtualization technique

  • Jiao, Longlong;Luo, Senlin;Liu, Wangtong;Pan, Limin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.5
    • /
    • pp.2084-2100
    • /
    • 2020
  • Operating system (OS) kernel function call graphs have been widely used in OS analysis and defense. However, most existing methods and tools for generating function call graphs are designed for application programs, and cannot be used for generating OS kernel function call graphs. This paper proposes a virtualization-based call graph generation method called Acquire in Trap (AIT). When target kernel functions are called, AIT dynamically initiates a system trap with the help of a virtualization technique. It then analyzes and records the calling relationships for trap handling by traversing the kernel stacks and the code space. Our experimental results show that the proposed method is feasible for both Linux and Windows OSs, including 32 and 64-bit versions, with high recall and precision rates. AIT is independent of the source code, compiler and OS kernel architecture, and is a universal method for generating OS kernel function call graphs.

MAXIMAL STRONG PRODUCT AND BALANCED FUZZY GRAPHS

  • TALAL ALI AL-HAWARY
    • Journal of applied mathematics & informatics
    • /
    • v.41 no.5
    • /
    • pp.1145-1153
    • /
    • 2023
  • The notion of maximal product of two fuzzy graphs was introduced by Radha and Arumugam in 2015 and the notion of balanced fuzzy graph was introduced by Al-Hawary in 2011. In this paper, we give a modification of the maximal product definition, which we call maximal strong product. We also introduce the relatively new notion of maximal-balanced fuzzy graphs. We give necessary and sufficient conditions for the maximal strong product of two balanced (resp., maximal-balanced) fuzzy graphs to be balanced (resp., maximal-balanced) and we prove that these two independent notions are preserved under isomorphism.

Generating Call Graph for PE file (PE 파일 분석을 위한 함수 호출 그래프 생성 연구)

  • Kim, DaeYoub
    • Journal of IKEEE
    • /
    • v.25 no.3
    • /
    • pp.451-461
    • /
    • 2021
  • As various smart devices spread and the damage caused by malicious codes becomes more serious, malicious code detection technology using machine learning technology is attracting attention. However, if the training data of machine learning is constructed based on only the fragmentary characteristics of the code, it is still easy to create variants and new malicious codes that avoid it. To solve such a problem, a research using the function call relationship of malicious code as training data is attracting attention. In particular, it is expected that more advanced malware detection will be possible by measuring the similarity of graphs using GNN. This paper proposes an efficient method to generate a function call graph from binary code to utilize GNN for malware detection.

Programming Interface for DAG-based Co-scheduling of GirdRPC (GridRPC의 DAG 기반 Co-scheduling을 위한 프로그래밍 인터페이스)

  • Choi, Ji-Hyun;Lee, Dong-Woo;Kim, Mi-Ok;Ramakrishna, R.S.
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2003.11a
    • /
    • pp.189-192
    • /
    • 2003
  • 이 논문에서는 그리드환경에서 Remote Procedure Call(RPC) 프로그래밍 인터페이스를 위한 메커니즘인 GridRPC 의 성능향상을 위해 DAG 기반의 Co-scheduling API 를 제안한다. 네트워크 상의 통신횟수를 줄임으로써 GridRPC call 의 최적화를 도모하기 위한 프로그래밍 인터페이스와 이를 가능하게 하는 서버구조를 제안한다. DAG 기반의 co-scheduling 은 서버-클라이언트간의 연산에 사용되는 입력값과 출력값들의 흐름을 분석하여 사용자로 하여금 DAG(Directed Acyclic Graph)로 GridRPC call 들을 구성하고 이를 기반으로 GridRPC call 들을 최적화하는 방법이다. 또한, GridRPC가 Client Interface 이기 때문에 생기는 문제점인 서버간의 지원의 문제점을 SOAP 서버의 Wrapping 을 통해 해결한다.

  • PDF

Index Graph : An IR Index Structure for Dynamic Document Database (인덱스 그래프 : 동적 문서 데이터베이스를 위한 IR 인덱스 구조)

  • 박병권
    • The Journal of Information Systems
    • /
    • v.10 no.1
    • /
    • pp.257-278
    • /
    • 2001
  • An IR(information retrieval) index for dynamic document databases where insertion, deletion, and update of documents happen frequently should be frequently updated. As the conventional structure of IR index is, however, focused on the information retrieval purpose, its structure is inefficient to handle dynamic update of it. In this paper, we propose a new structure for IR Index, we call it Index Graph, which is organized by connecting multiple indexes into a graph structure. By analysis and experiment, we prove the Index Graph is superior to the conventional structure of IR index in the performance of insertion, deletion, and update of documents as well as the performance of information retrieval.

  • PDF

Evaluation of Information Dissemination Methods in a Communication Network (통신망에서의 정보전파 방법의 평가에 관한 연구)

  • 고재문
    • The Journal of Information Systems
    • /
    • v.8 no.1
    • /
    • pp.109-129
    • /
    • 1999
  • This study deals with the problem of information dissemination in a communication network, which is defined to be the process whereby a set of messages, generated by an originator, is transmitted to all the members within the network. Since this type of message generally includes control data to manage the network or global information that all members should know, it is to be required to transmit it to all the members as soon as possible. In this study, it is assumed that a member can either transmit or receive a message and an informed member can transmit it to only one of its neighbors at time. This type of transmission is called 'local broadcasting' Several schemes of call sequencing are designed for a general-type network with nonuniform edge transmission times, and then computer simulations are performed. Some heuristics for information dissemination are proposed and tested. For this, optimal call sequence in a tree-type network, sequencing theory and graph theory are applied. The result shows that call sequencing based on the shortest path tree is the most desirable.

  • PDF

Maximum Stack Memory Usage Estimation Through Target Binary File Analysis in Microcontroller Environment (마이크로컨트롤러 환경에서 타깃 바이너리 파일 분석을 통한 최대 스택 메모리 사용량 예측 기법)

  • Choi, Kiho;Kim, Seongseop;Park, Daejin;Cho, Jeonghun
    • IEMEK Journal of Embedded Systems and Applications
    • /
    • v.12 no.3
    • /
    • pp.159-167
    • /
    • 2017
  • Software safety is a key issue in embedded system of automotive and aviation industries. Various software testing approaches have been proposed to achieve software safety like ISO26262 Part 6 in automotive environment. In spite of one of the classic and basic approaches, stack memory is hard to estimating exactly because of uncertainty of target code generated by compiler and complex nested interrupt. In this paper, we propose an approach of analyzing the maximum stack usage statically from target binary code rather than the source code that also allows nested interrupts for determining the exact stack memory size. In our approach, determining maximum stack usage is divided into three steps: data extraction from ELF file, construction of call graph, and consideration of nested interrupt configurations for determining required stack size from the ISR (Interrupt Service Routine). Experimental results of the estimation of the maximum stack usage shows proposed approach is helpful for optimizing stack memory size and checking the stability of the program in the embedded system that especially supports nested interrupts.

Constructing Java Vulnerable API List based on Java Access Permission Checking Tree (자바 접근 권한 검사 트리 기반의 자바 취약 API 리스트 생성)

  • Park, Hyo-Seong;Park, Chul-Woo;Lim, Young-Chan;Kim, Ki-Chang
    • Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
    • /
    • v.5 no.2
    • /
    • pp.289-296
    • /
    • 2015
  • Java is an interpreted language that can run on a variety of platforms, also Java has a number of useful features for network. Due to theses features of Java language, Java is used in various fields. In this paper, we will talk about how the malware that threaten the Java Security Manager of the Java Virtual Machine is using the vulnerability of the Java Virtual Machine. And for corresponding measures, this paper suggest vulnerability analysis method of Java system class by using Java Call Graph and Java Access Permission Checking Tree. By suggesting that, we want to lay groundwork for preventing Java security threats in advance.