Identification Rules Extraction and Detection of ARIA Encryption Algorithm
Nowdays,many malicious softwares use various encryption algorithms to conceal their virus characteristics.The ARIA encryption algorithm used in malicious code samples is proposed.By analyzing the source code and binary file of the ARIA encryption algorithm,the characteristics of the algorithm are extracted from different dimensions such as key box,application programming interface function,initialization data,character string,and instruction stream and the YARA rules are constructed to recognize the ARIA encryption algorithm.Tests show that the extracted rules can help network security analysts accurately identify whether the ARIA encryption algorithm is used to hide features in malicious samples and suspicious programs.
万方数据
维普
