Abstract Increasingly software correctness, reliability, and security is being analyzed using tools that combine various formal and heuristic approaches. Often such analysis becomes expensive in terms of time and at the cost of high quality results. In this experience report we explore the tuning and optimization of the tools underlying binary malware detection and classification. We identify heuristics and SMT solver tactics for the effective symbolic execution of binary files. We combine these with effective heuristics for the construction of behavioral signatures of programs that can be used for a supervised learning multi-class malware classifier. Further, a set of experiments following the full-factorial design allowed us to identify the correlations between heuristics and the overall performance of the classifier.

中文翻译：

---

优化恶意软件行为分类的符号执行

摘要 越来越多的软件正确性、可靠性和安全性正在使用结合各种形式和启发式方法的工具进行分析。通常这样的分析在时间和高质量结果方面变得昂贵。在本经验报告中，我们探讨了二进制恶意软件检测和分类基础工具的调整和优化。我们为二进制文件的有效符号执行确定了启发式和 SMT 求解器策略。我们将这些与有效的启发式方法相结合，以构建可用于监督学习多类恶意软件分类器的程序行为签名。此外，遵循全因子设计的一组实验使我们能够确定启发式与分类器整体性能之间的相关性。