STUDIA UNIVERSITATIS

AMBIENTUM BIOETHICA BIOLOGIA CHEMIA DIGITALIA DRAMATICA EDUCATIO ARTIS GYMNAST. ENGINEERING EPHEMERIDES EUROPAEA GEOGRAPHIA GEOLOGIA HISTORIA HISTORIA ARTIUM INFORMATICA IURISPRUDENTIA MATHEMATICA MUSICA NEGOTIA OECONOMICA PHILOLOGIA PHILOSOPHIA PHYSICA POLITICA PSYCHOLOGIA-PAEDAGOGIA SOCIOLOGIA THEOLOGIA CATHOLICA THEOLOGIA CATHOLICA LATIN THEOLOGIA GR.-CATH. VARAD THEOLOGIA ORTHODOXA THEOLOGIA REF. TRANSYLVAN ROMÂNA ENGLISH INFO PARTENERI ADRESE DE CONTACT ACCES PARTENERI FORMULAR ABONAMENT NEWSLETTER & DOWNLOAD CELE MAI NOI APARITII APARITII ÎN ANUL CURENT TOATA ARHIVA STUDIA CAUTARE ÎN ARHIVA ISTORIE PREZENT SCOP SI OBIECTIVE ECHIPA


	Rezumat articol ediţie STUDIA UNIVERSITATIS BABEŞ-BOLYAI În partea de jos este prezentat rezumatul articolului selectat. Pentru revenire la cuprinsul ediţiei din care face parte acest articol, se accesează linkul din titlu. Pentru vizualizarea tuturor articolelor din arhivă la care este autor/coautor unul din autorii de mai jos, se accesează linkul din numele autorului.


	STUDIA INFORMATICA - Ediţia nr.1 din 2023

	Articol:	MALWARE ANALYSIS AND STATIC CALL GRAPH GENERATION WITH RADARE2 . Autori: ATTILA MESTER.


	Rezumat: DOI: 10.24193/subbi.2023.1.01 Published Online: 2023-07-20 pp. 5-20 VIEW PDF FULL PDF A powerful feature used in automated malware analysis is the static call graph of the executable file. Elimination of sandbox environment, fast scan, function call patterns beyond instruction level information – all of these motivate the prevalence of the feature. Processing and storing the static call graph of malicious samples in a scaled manner facilitates the application of complex network analysis in malware research. IDA Pro is one of the leading disassembler tools in the industry and can generate the call graph via GenCallGdl and GenFuncGdl APIs – a tool which was used in our previous works. In this paper an alternative analysis method is presented using another disassembler tool, Radare2, an open-source Unix-based software, which is also frequently used in this domain. Radare2 has Python support (among other languages), via the r2pipe package, thus enabling full scalability on Linux-based servers using containerized solutions. This paper offers a detailed technical description on how to use Radare2 to generate the static call graph of a PE file and a thorough comparison with the output of IDA Pro, as well as a public dataset on which the experiments were carried out. Received by the editors: 1 March 2023. 2010 Mathematics Subject Classification. 68P25, 68P30. 1998 CR Categories and Descriptors. D.4.6 [Security and Protection]: Subtopic – Invasive software. Keywords and phrases: malware analysis, static call graph, radare2, IDA Pro. 1https://www.av-test.org.




			Revenire la pagina precedentă