Static Detection of Disassembly Errors
作者: Nithya Krishnamoorthy , Saumya Debray , Keith Fligg
DOI: 10.1109/WCRE.2009.16
关键词:
摘要: Static disassembly is a crucial first step in reverse engineering executable files, and there considerable body of work reverse-engineering binaries, as well areas such semantics-based security analysis, that assumes the input has been correctly disassembled. However, errors, e.g., arising from binary obfuscations, can render this assumption invalid. This describes machine-learning-based approach, using decision trees, for statically identifying possible errors static disassembly; potential may then be examined more closely, dynamic analyses. Experimental results variety executables indicate our approach performs well, most with relatively few false positives.
elsevier.com
computer.org
osti.gov
sci-hub.se 参考文章(20)
Saumya Debray, Gregory Andrews, Matthew Legendre, Benjamin Schwarz, PLTO: A Link-Time Optimizer for the Intel IA-32 Architecture ,(2007)
Steven L. Salzberg, Alberto Segre, Programs for Machine Learning ,(1994)
Lorenzo Cavallaro, Prateek Saxena, R. Sekar, On the Limits of Information Flow Techniques for Malware Analysis and Containment international conference on detection of intrusions and malware and vulnerability assessment. pp. 143- 163 ,(2008) , 10.1007/978-3-540-70542-0_8
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Saumya K. Debray, Gregory R. Andrews, Igor V. Popov, Binary obfuscation using signals usenix security symposium. pp. 19- ,(2007)
Fredrik Valeur, Christopher Kruegel, Giovanni Vigna, William Robertson, Static disassembly of obfuscated binaries usenix security symposium. pp. 18- 18 ,(2004)
Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov, Learning and Classification of Malware Behavior international conference on detection of intrusions and malware and vulnerability assessment. pp. 108- 125 ,(2008) , 10.1007/978-3-540-70542-0_6
G. Balakrishnan, T. Reps, N. Kidd, A. Lal, J. Lim, D. Melski, R. Gruian, S. Yong, C. -H. Chen, T. Teitelbaum, Model Checking x86 Executables with CodeSurfer/x86 and WPDS++ Computer Aided Verification. pp. 158- 163 ,(2005) , 10.1007/11513988_17
Daniel Bilar, Opcodes as predictor for malware International Journal of Electronic Security and Digital Forensics. ,vol. 1, pp. 156- 168 ,(2007) , 10.1504/IJESDF.2007.016865
B. Schwarz, S. Debray, G. Andrews, Disassembly of executable code revisited working conference on reverse engineering. pp. 45- 54 ,(2002) , 10.1109/WCRE.2002.1173063