DoSE

Tofighi-Shirazi, Ramtine; Christofi, Maria; Elbaz-Vincent, Philippe; Le, Trung-Nghia

doi:10.1145/3289239.3289243

Cited by 3 publications

(1 citation statement)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As a consequence, several works focus on the deobfuscation of opaque predicates (e.g. [5,7,8,16,29,32,42]) in order to evaluate the quality of the obfuscated code rendered by this transformation. However, these techniques are often based on dynamic analysis and are therefore limited or not scalable.…”

Section: Introductionmentioning

confidence: 99%

Defeating Opaque Predicates Statically through Machine Learning and Binary Analysis

Tofighi-Shirazi

Asavoae

Elbaz-Vincent

et al. 2019

Proceedings of the 3rd ACM Workshop on Software Protection

Self Cite

View full text Add to dashboard Cite

We present a new approach that bridges binary analysis techniques with machine learning classification for the purpose of providing a static and generic evaluation technique for opaque predicates, regardless of their constructions. We use this technique as a static automated deobfuscation tool to remove the opaque predicates introduced by obfuscation mechanisms. According to our experimental results, our models have up to 98% accuracy at detecting and deobfuscating state-of-the-art opaque predicates patterns. By contrast, the leading edge deobfuscation methods based on symbolic execution show less accuracy mostly due to the SMT solvers constraints and the lack of scalability of dynamic symbolic analyses. Our approach underlines the efficiency of hybrid symbolic analysis and machine learning techniques for a static and generic deobfuscation methodology.

show abstract

Section: Introductionmentioning

confidence: 99%

Defeating Opaque Predicates Statically through Machine Learning and Binary Analysis

Tofighi-Shirazi

Asavoae

Elbaz-Vincent

et al. 2019

Proceedings of the 3rd ACM Workshop on Software Protection

Self Cite

View full text Add to dashboard Cite

show abstract

Obfuscation

Ollivier

Bardin

Bonichon

et al. 2019

Proceedings of the 9th Workshop on Software Security, Protection, and Reverse Engineering

View full text Add to dashboard Cite

DFSGraph: Data Flow Semantic Model for Intermediate Representation Programs Based on Graph Network

Tang¹,

Shan²,

Zhang³

et al. 2022

Electronics

View full text Add to dashboard Cite

With the improvement of software copyright protection awareness, code obfuscation technology plays a crucial role in protecting key code segments. As the obfuscation technology becomes more and more complex and diverse, it has spawned a large number of malware variants, which make it easy to evade the detection of anti-virus software. Malicious code detection mainly depends on binary code similarity analysis. However, the existing software analysis technologies are difficult to deal with the growing complex obfuscation technologies. To solve this problem, this paper proposes a new obfuscation-resilient program analysis method, which is based on the data flow transformation relationship of the intermediate representation and the graph network model. In our approach, we first construct the data transformation graph based on LLVM IR. Then, we design a novel intermediate language representation model based on graph networks, named DFSGraph, to learn the data flow semantics from DTG. DFSGraph can detect the similarity of obfuscated code by extracting the semantic information of program data flow without deobfuscation. Extensive experiments prove that our approach is more accurate than existing deobfuscation tools when searching for similar functions from obfuscated code.

show abstract

DoSE

Cited by 3 publications

References 32 publications

Defeating Opaque Predicates Statically through Machine Learning and Binary Analysis

Defeating Opaque Predicates Statically through Machine Learning and Binary Analysis

Obfuscation

DFSGraph: Data Flow Semantic Model for Intermediate Representation Programs Based on Graph Network

Contact Info

Product

Resources

About