An Encryption Algorithm Cycle Identification Method Based on Bit Execution
Ransomware uses symmetric encryption algorithms to lock user files to extort money. This paper proposes a cryptographic algorithm loop identification method based on bit-precise execution, aiming to solve the problem of identifying unknown loops. The structure of the loop body of encryption algorith...
Gespeichert in:
| Veröffentlicht in: | 2024 IEEE 9th International Conference on Data Science in Cyberspace (DSC) S. 7 - 12 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Tagungsbericht |
| Sprache: | Englisch |
| Veröffentlicht: |
IEEE
23.08.2024
|
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | Ransomware uses symmetric encryption algorithms to lock user files to extort money. This paper proposes a cryptographic algorithm loop identification method based on bit-precise execution, aiming to solve the problem of identifying unknown loops. The structure of the loop body of encryption algorithms is fixed and usually includes nonlinear operations and linear operations. This article converts the loop body in the unknown software into a set of Boolean formulas, and converts the malware into a register data flow through the symbolic executor, thereby converting it into a set of Boolean formulas for execution. Execute known encryption algorithms with bit accuracy and establish a Boolean formula input-output relationship library for cryptographic components. The two sets of Boolean formulas are passed through a designed input matrix to achieve the Boolean formula mapping and input variable mapping of the confirmation algorithm, which can effectively judge the encryption algorithms in some malware. |
|---|---|
| DOI: | 10.1109/DSC63484.2024.00009 |