Static disassembly of obfuscated binaries
作者: Fredrik Valeur , Christopher Kruegel , Giovanni Vigna , William Robertson
DOI:
关键词:
摘要: Disassembly is the process of recovering a symbolic representation program's machine code instructions from its binary representation. Recently, number techniques have been proposed that attempt to foil disassembly process. These are very effective against state-of-the-art disassemblers, preventing substantial fraction program being disassembled correctly. This could allow an attacker hide malicious static analysis tools depend on correct disassembler output (such as virus scanners). The paper presents novel substantially improve success when confronted with obfuscated binaries. Based control flow graph information and statistical methods, large can be correctly identified. An evaluation accuracy performance our tool provided, along comparison several disassemblers.
ucsb.edu
acm.org 参考文章(15)
Wilson C. Hsieh, Godmar Back, Dawson R. Engler, Reverse-Engineering Instruction Encodings usenix annual technical conference. pp. 133- 145 ,(2001)
Masakazu Soshi, Atsuko Miyaji, Yusuke Sakabe, Toshio Ogiso, Software Obfuscation on a Theoretical Basis and Its Implementation IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences. ,vol. 86, pp. 176- 186 ,(2003)
C. Cifuentes, A. Fraboulet, Intraprocedural static slicing of binary executables international conference on software maintenance. pp. 188- 195 ,(1997) , 10.1109/ICSM.1997.624245
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Christian Collberg, Douglas Low, C. Thomborson, A Taxonomy of Obfuscating Transformations Department of Computer Science, The University of Auckland, New Zealand. ,(1997)
Barton P. Miller, Somesh Jha, Jonathon T. Giffin, Detecting Manipulated Remote Call Streams usenix security symposium. pp. 61- 79 ,(2002)
J. Bergeron, M. Debbabi, M.M. Erhioui, B. Ktari, Static analysis of binary code to isolate malicious behaviors workshops on enabling technologies infrastracture for collaborative enterprises. pp. 184- 189 ,(1999) , 10.1109/ENABL.1999.805197
C. Cifuentes, M. Van Emmerik, UQBT: adaptable binary translation at low cost Computer. ,vol. 33, pp. 60- 66 ,(2000) , 10.1109/2.825697
Frederick B. Cohen, Operating system protection through program evolution Computers & Security. ,vol. 12, pp. 565- 584 ,(1993) , 10.1016/0167-4048(93)90054-9
Cristina Cifuentes, K. John Gough, Decompilation of Binary Programs Software - Practice and Experience. ,vol. 25, pp. 811- 829 ,(1995) , 10.1002/SPE.4380250706