Advanced obfuscation techniques for Java bytecode

Chan, Jien-Tsai; Yang, Wuu

doi:10.1016/s0164-1212(02)00066-3

Cited by 62 publications

(42 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to the analysis of permissions, our program detects the use of Java reflection, and dynamic class-loading. These behaviors can help to obfuscate the behavior of the program [7].…”

Section: Analysis Methodologymentioning

confidence: 99%

Analysis of Android Applications' Permissions

Johnson

Wang

Gagnon

et al. 2012

2012 IEEE Sixth International Conference on Software Security and Reliability Companion

View full text Add to dashboard Cite

Abstract-We developed an architecture that automatically searches for and downloads Android applications from the Android Market. Furthermore, we created a detailed mapping of Android application programming interface (API) calls to the required permission(s), if any, for each call. We then performed an analysis of 141,372 Android applications to determine if they have the appropriate set of permissions based on the static analysis of the APK bytecode of each application. Our findings indicate that the majority of mobile software developers are not using the correct permission set and that they either over-specify or under-specify their security requirements.

show abstract

Section: Analysis Methodologymentioning

confidence: 99%

Analysis of Android Applications' Permissions

Johnson

Wang

Gagnon

et al. 2012

2012 IEEE Sixth International Conference on Software Security and Reliability Companion

View full text Add to dashboard Cite

show abstract

“…If we have to complicate this reverse engineering process with respect to Java applets, then the bytecodes of Java applets can be obfuscated [6] using various tools [17].…”

Section: Chapter 4 Code Obfuscationmentioning

confidence: 99%

Static Analysis of Malicious Java Applets

Ganesh

Troia

Visaggio

et al. 2016

Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics

View full text Add to dashboard Cite

Static Analysis of Malicious Java Applets by Nikitha GaneshIn this research, we consider the problem of detecting malicious Java applets, based on static analysis. In general, dynamic analysis is more informative, but static analysis is more efficient, and hence more practical. Consequently, static analysis is preferred, provided we can obtain results comparable to those obtained using dynamic analysis. We conducted experiments with the machine learning technique, Hidden Markov Model (HMM). We show that in some cases a static technique can detect malicious Java applets with greater accuracy than previously published research that relied on dynamic analysis. ACKNOWLEDGMENTSI would like to thank my project advisor Dr. Mark Stamp for his continuous guidance and for also believing in me. Without his guidance, mentoring and support, this project would not have been completed. Also I would want to thank him for his patience throughout the process.

show abstract

“…Chan et al suggested overusing an identifier to improve Java layout obfuscation based on substituting the identifiers with meaningless names [21] Xu et al applied whitespace randomization, comments randomization, and variable and function names randomization to JavaScript [22], these methods were all for source codetransformation.…”

Section: Related Workmentioning

confidence: 99%

An Iteration Obfuscation Based on Instruction Fragment Diversification and Control Flow Randomization

Liu¹,

Xie²,

Lu³

et al. 2016

IJCTE

View full text Add to dashboard Cite

Abstract-As the control flow graph can reflect the logic structure of programs, static and dynamic reverse methods are used to analyze the logic structure and instruction sequence, and the existing methods of control flow obfuscation have low potency to resist reverse attacks. To solve this problem, we propose an obfuscation method based on instruction fragment diversification and control flow randomization, diversified instruction fragments are generated by various equivalent transformation rules, and random functions are used to select one execution path from the multi-way branches of programs, then programs are iteratively obfuscated. Experiments and analysis show that diversified instruction fragments and multi-way branches can increase the difficulty of static reverse analysis, random selection for multi-way branches will increase the difficulty of dynamic instruction tracing, and iterative transformation for many times enhances the complexity of control flow graph.Index Terms-Code obfuscation, iterative transformation, instruction fragment diversification, control flow randomization.

show abstract

Advanced obfuscation techniques for Java bytecode

Cited by 62 publications

References 3 publications

Analysis of Android Applications' Permissions

Analysis of Android Applications' Permissions

Static Analysis of Malicious Java Applets

An Iteration Obfuscation Based on Instruction Fragment Diversification and Control Flow Randomization

Contact Info

Product

Resources

About