An Encryption Algorithm Cycle Identification Method Based on Bit Execution
Ransomware uses symmetric encryption algorithms to lock user files to extort money. This paper proposes a cryptographic algorithm loop identification method based on bit-precise execution, aiming to solve the problem of identifying unknown loops. The structure of the loop body of encryption algorith...
Uložené v:
| Vydané v: | 2024 IEEE 9th International Conference on Data Science in Cyberspace (DSC) s. 7 - 12 |
|---|---|
| Hlavní autori: | , , , |
| Médium: | Konferenčný príspevok.. |
| Jazyk: | English |
| Vydavateľské údaje: |
IEEE
23.08.2024
|
| Predmet: | |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Shrnutí: | Ransomware uses symmetric encryption algorithms to lock user files to extort money. This paper proposes a cryptographic algorithm loop identification method based on bit-precise execution, aiming to solve the problem of identifying unknown loops. The structure of the loop body of encryption algorithms is fixed and usually includes nonlinear operations and linear operations. This article converts the loop body in the unknown software into a set of Boolean formulas, and converts the malware into a register data flow through the symbolic executor, thereby converting it into a set of Boolean formulas for execution. Execute known encryption algorithms with bit accuracy and establish a Boolean formula input-output relationship library for cryptographic components. The two sets of Boolean formulas are passed through a designed input matrix to achieve the Boolean formula mapping and input variable mapping of the confirmation algorithm, which can effectively judge the encryption algorithms in some malware. |
|---|---|
| DOI: | 10.1109/DSC63484.2024.00009 |