skip to main content
10.1145/3656766.3656967acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicbarConference Proceedingsconference-collections
research-article

Backdoor Detection Based on Static Code Analysis and Software Component Analysis

Published: 01 June 2024 Publication History

Abstract

With the popularity of software in daily life and commercial fields, it has become particularly critical to ensure software security. As one of the potential security threats, software backdoors may lead to serious security vulnerabilities and information leakage. This study aims to propose an effective method of software backdoor detection, which is based on static code analysis and software component analysis. Static code analysis can help us obtain internal structures and logic characteristics of the software. Meanwhile, we can determine the correlation between software and malicious code by component analysis. By combining these two methods, possible backdoor risks can be found and dealt with more timely, and the security of software can be assessed more reliably. This research will provide software developers and security experts an effective strategy to help them solve the problem of backdoor detection.

References

[1]
S. Dai, T. Wei, C. Zhang, T. Wang, Y. Ding, Z. Liang, and W. Zou, “A framework to eliminate backdoors from response-computable authentication,” IEEE Symposium on Security and Privacy, pp. 3-17, 2012.
[2]
F. Schuster, T. Holz, “Towards reducing the attack surface of software backdoors,” Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 851-862, 2013.
[3]
J. P. Jyotiyana, A. Mishra, “Secure Authentication: Eliminating Possible Backdoors in Client-Server Endorsement,” Procedia Computer Science, 85, pp. 606-615, 2016.
[4]
X. Xu, J. Wang, S. Cheng, T. Zhang, F. Jiang, “Software backdoor analysis based on sensitive flow tracking and concolic execution,” Wuhan University Journal of Natural Sciences, 21(5), pp. 421-427, 2016.
[5]
F. Al Shamsi, “Mapping, Exploration, and Detection Strategies for Malware Universe,” Doctoral dissertation, Master's thesis, Masdar Institute of Science and Technology, 2017.
[6]
T. Ganz, I. Ashraf, M. Härterich, K. Rieck, “Detecting Backdoors in Collaboration Graphs of Software Repositories,” Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy, pp. 189-200, 2023.
[7]
E. Salimi, N. Arastouie, “Backdoor detection system using artificial neural network and genetic algorithm,” International Conference on Computational and Information Sciences, ICCIS, pp. 817-820, 2011.
[8]
M. A. E. Z. Eshkanti, S. C. Ng, “Backdoor Detection Using Machine Learning,” pp. 2-13, 2017.
[9]
P. Louridas, “Static code analysis,” Ieee Software, 23(4), pp. 58-61, 2006.
[10]
B. Steffen, J. Knoop, O. Rüthing, “The value flow graph: A program representation for optimal program transformations,” 3rd European Symposium on Programming Copenhagen, ESOP, pp. 15–18, 1990.
[11]
Steensgaard B. Points-to analysis in almost linear time[C]//Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages. 1996, 32-41.
[12]
Jaulin L, Kieffer M, Didrit O, Interval analysis[M]. Springer London, 2001.
[13]
Russo A, Sabelfeld A. Dynamic vs. static flow-sensitive security analysis[C]//2010 23rd IEEE Computer Security Foundations Symposium. IEEE, 2010, 186-199.
[14]
Kastrinis G, Smaragdakis Y. Hybrid context-sensitivity for points-to analysis [J]. ACM SIGPLAN Notices, 2013, 48(6): 423-434.
[15]
Albert E, Arenas P, Genaim S, From object fields to local variables: a practical approach to field-sensitive analysis[C]//Static Analysis: 17th International Symposium, SAS 2010, Perpignan, France, September 14-16, 2010. Proceedings 17. Springer Berlin Heidelberg, 2010: 100-116.
[16]
S. H. Edwards, D. S. Gibson, B. W. Weide, S. Zhupanov, “Software component relationships,” Proceedings of the Eighth Annual Workshop on Software Reuse, 1997.
[17]
Felderer M, Büchler M, Johns M, Security testing: A survey[M]//Advances in Computers. Elsevier, 2016, 101: 1-51.

Index Terms

  1. Backdoor Detection Based on Static Code Analysis and Software Component Analysis

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ICBAR '23: Proceedings of the 2023 3rd International Conference on Big Data, Artificial Intelligence and Risk Management
    November 2023
    1156 pages
    ISBN:9798400716478
    DOI:10.1145/3656766
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 01 June 2024

    Permissions

    Request permissions for this article.

    Check for updates

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Conference

    ICBAR 2023

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 27
      Total Downloads
    • Downloads (Last 12 months)27
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 30 Jan 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format.

    HTML Format

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media