中文摘要：

目前代码迷惑技术已经成为构造恶意软件变体的主要方式，大量出现的病毒变体使得传统基于程序文本特征的病毒排查工具的防护作用大大降低.本文提出一种新的基于语义的恶意软件变体判定框架，为了确定一个程序是否是某种恶意软件的变体：首先基于符号执行收集程序语义状态，然后通过证明语义之间是否满足变体关系来确定该程序是否是恶意软件的变体.本框架能够识别经代码迷惑变换后得到的程序是属于变换前程序的变体，从而可以减少对病毒数据库的更新.最后，通过一个实现了该框架的原型系统来说明基于语义的恶意软件判定器框架的可行性.

英文摘要：

Nowadays, code obfuscation plays a more and more role in writing variations for malware. Unfortunately, the obfuscated variation invalidates the text-based malware detector. This paper proposes a semantics-based framework of malware detection for detecting whether a program is a variation of the malware. For that purpose, both of symbolic states are collected by symbolic execution, and then prove the semantics is satisfied with the definition of variation relationship. This framework can detect whether the malware is the variation of its obfuscated program, which will largely reduce the updating of virus definition database. Finally, the prototype which implements the framework shows the feasibility of the semantics-based framework of malware detection.