An Encryption Algorithm Cycle Identification Method Based on Bit Execution
Ransomware uses symmetric encryption algorithms to lock user files to extort money. This paper proposes a cryptographic algorithm loop identification method based on bit-precise execution, aiming to solve the problem of identifying unknown loops. The structure of the loop body of encryption algorith...
Saved in:
| Published in: | 2024 IEEE 9th International Conference on Data Science in Cyberspace (DSC) pp. 7 - 12 |
|---|---|
| Main Authors: | , , , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
23.08.2024
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Ransomware uses symmetric encryption algorithms to lock user files to extort money. This paper proposes a cryptographic algorithm loop identification method based on bit-precise execution, aiming to solve the problem of identifying unknown loops. The structure of the loop body of encryption algorithms is fixed and usually includes nonlinear operations and linear operations. This article converts the loop body in the unknown software into a set of Boolean formulas, and converts the malware into a register data flow through the symbolic executor, thereby converting it into a set of Boolean formulas for execution. Execute known encryption algorithms with bit accuracy and establish a Boolean formula input-output relationship library for cryptographic components. The two sets of Boolean formulas are passed through a designed input matrix to achieve the Boolean formula mapping and input variable mapping of the confirmation algorithm, which can effectively judge the encryption algorithms in some malware. |
|---|---|
| AbstractList | Ransomware uses symmetric encryption algorithms to lock user files to extort money. This paper proposes a cryptographic algorithm loop identification method based on bit-precise execution, aiming to solve the problem of identifying unknown loops. The structure of the loop body of encryption algorithms is fixed and usually includes nonlinear operations and linear operations. This article converts the loop body in the unknown software into a set of Boolean formulas, and converts the malware into a register data flow through the symbolic executor, thereby converting it into a set of Boolean formulas for execution. Execute known encryption algorithms with bit accuracy and establish a Boolean formula input-output relationship library for cryptographic components. The two sets of Boolean formulas are passed through a designed input matrix to achieve the Boolean formula mapping and input variable mapping of the confirmation algorithm, which can effectively judge the encryption algorithms in some malware. |
| Author | Sun, Yunge Qu, Junpeng Du, Gaolei Fu, Yong |
| Author_xml | – sequence: 1 givenname: Yunge surname: Sun fullname: Sun, Yunge organization: Qilu University of Technology(Shandong Academy of Sciences),Key Laboratory of Computing Power Network and Information Security, Ministry of Education, Shandong Computer Science Center (National Supercomputer Center in Jinan),Jinan,China,250014 – sequence: 2 givenname: Gaolei surname: Du fullname: Du, Gaolei organization: Qilu University of Technology(Shandong Academy of Sciences),Key Laboratory of Computing Power Network and Information Security, Ministry of Education, Shandong Computer Science Center (National Supercomputer Center in Jinan),Jinan,China,250014 – sequence: 3 givenname: Junpeng surname: Qu fullname: Qu, Junpeng organization: Qilu University of Technology(Shandong Academy of Sciences),Key Laboratory of Computing Power Network and Information Security, Ministry of Education, Shandong Computer Science Center (National Supercomputer Center in Jinan),Jinan,China,250014 – sequence: 4 givenname: Yong surname: Fu fullname: Fu, Yong email: fuy@sdas.org organization: Quan Cheng Laboratory,Jinan,China,250103 |
| BookMark | eNotjMtOwzAURI0ECyj9Alj4BxL8jr1MQyhFRSyAdeXY19RS6lSpkcjfEx6zORqd0Vyh8zQkQOiGkpJSYu7uXxvFhRYlI0yUZI45Q0tTGc0l4YZyVV2ipzrhNrlxOuY4JFz3H8MY8_6Am8n1gDceUo4hOvurnyHvB49X9gQez30VM26_wH3-2Gt0EWx_guU_F-j9oX1rHovty3rT1NsiUqJy4bmuQtA-COM6WwXOiOVCUSekNxKoop3mXmrLpVJUsi5IUEF4BoF5Mu8X6PbvNwLA7jjGgx2nHSVaam04_wad80qK |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/DSC63484.2024.00009 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE/IET Electronic Library IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9798350391367 |
| EndPage | 12 |
| ExternalDocumentID | 10858893 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i106t-d387ff8df49cba7f320a3461c45d95e161b83d58a3566152bf5e6f4d2ef2d07f3 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 0 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001447818200002&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Feb 12 06:22:51 EST 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i106t-d387ff8df49cba7f320a3461c45d95e161b83d58a3566152bf5e6f4d2ef2d07f3 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_10858893 |
| PublicationCentury | 2000 |
| PublicationDate | 2024-Aug.-23 |
| PublicationDateYYYYMMDD | 2024-08-23 |
| PublicationDate_xml | – month: 08 year: 2024 text: 2024-Aug.-23 day: 23 |
| PublicationDecade | 2020 |
| PublicationTitle | 2024 IEEE 9th International Conference on Data Science in Cyberspace (DSC) |
| PublicationTitleAbbrev | DSC |
| PublicationYear | 2024 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 1.8805095 |
| Snippet | Ransomware uses symmetric encryption algorithms to lock user files to extort money. This paper proposes a cryptographic algorithm loop identification method... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 7 |
| SubjectTerms | algorithm loop body boolean formula Data science Deformation Encryption Input variables Libraries malware Matrix converters Merging nonlinear cryptographic component Ransomware Registers Software algorithms symmetric encryption algorithm |
| Title | An Encryption Algorithm Cycle Identification Method Based on Bit Execution |
| URI | https://ieeexplore.ieee.org/document/10858893 |
| WOSCitedRecordID | wos001447818200002&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEA5aPHhSseKbHLyu3eaxSY5tbRHRUvBBbyVPLehW6lbsv3eSrooHD96SsLAws9lvZpLvG4TOnJGaKNhpmuQiY4T5TEXBSw5_PuGClXnS2X64FsOhHI_VqCarJy6M9z5dPvPncZjO8t3MLmKprBVvyksA2HW0LkSxImvVSkLtXLUubnsFZTJWSghLwoTqV8-UBBmDrX--bBs1f8h3ePQNKztozZe76KpT4n5p58u0w3Hn-XEGWf3TC-4twe94RbcNdf0N36S20LgLCOUwzLvTCvc_vE0fWRPdD_p3vcusboOQTSFfqzJHpQhBusCUNVoESnJNWdG2jDvFPYRsRlLHpaYQmgEcm8B9EZgjPhCXw_N7qFHOSr-PsIfgzBGjgwav6Bh-GWot55A1GUaCP0DNaIjJ60rpYvJlg8M_1o_QZrR1rLESeowa1XzhT9CGfa-mb_PT5J9PScGSmQ |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LTwIxEG4UTfSkRoxve_C6svTBtkdACCoQEtFwI90-kEQXg4uRf--0rBoPHry1zSabzGz3m5n2-wahS5MKRSTsNEXiJGKE2Uh6wUsOf77EOC3ioLP92E36fTEayUFBVg9cGGttuHxmr_wwnOWbmV74UlnF35QXALDraMO3ziroWoWWUDWWlev7Zo0y4WslhAVpQvmra0oAjfbOP1-3i8o_9Ds8-AaWPbRms310W89wK9PzZdjjuP48mUFe__SCm0vwPF4Rbl1RgcO90BgaNwCjDIZ5Y5rj1ofV4TMro4d2a9jsREUjhGgKGVseGSoS54RxTOpUJY6SWFFWq2rGjeQWgrZUUMOFohCcASCnjtuaY4ZYR0wMzx-gUjbL7CHCFsIzQ1LlFPhF-QAspVpzDnlTyoizR6jsDTF-XWldjL9scPzH-gXa6gx73XH3pn93gra93X3FldBTVMrnC3uGNvV7Pn2bnwdffQIcvJXi |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2024+IEEE+9th+International+Conference+on+Data+Science+in+Cyberspace+%28DSC%29&rft.atitle=An+Encryption+Algorithm+Cycle+Identification+Method+Based+on+Bit+Execution&rft.au=Sun%2C+Yunge&rft.au=Du%2C+Gaolei&rft.au=Qu%2C+Junpeng&rft.au=Fu%2C+Yong&rft.date=2024-08-23&rft.pub=IEEE&rft.spage=7&rft.epage=12&rft_id=info:doi/10.1109%2FDSC63484.2024.00009&rft.externalDocID=10858893 |