Exploit dynamic data flows to protect software against semantic attacks

Kuang, Kaiyuan; Tang, Zhanyong; Gong, Xiaoqing; Fang, Dingyi; Liu, Chen; Zhang, Heng; Liu, Jie; Wang, Zheng

doi:10.1109/uic-atc.2017.8397540

Cited by 6 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The second category is semantic attacks, where the attackers collect the victim information through some websites or links that looks like trusted websites or to acquire his/her username, password, and credit card information [4]. Table 1 shows some types of semantic attacks and a brief description for them [5].…”

Section: Introductionmentioning

confidence: 99%

Efficient Detection of Phishing Websites Using Multilayer Perceptron

Odeh

Keshta²,

Abdelfattah

2020

Int. J. Interact. Mob. Technol.

View full text Add to dashboard Cite

show abstract

Section: Introductionmentioning

confidence: 99%

Efficient Detection of Phishing Websites Using Multilayer Perceptron

Odeh

Keshta²,

Abdelfattah

2020

Int. J. Interact. Mob. Technol.

View full text Add to dashboard Cite

show abstract

“…Virtual IS (Instruction Set) is the kernel part of this system. The interpreter will been used to convert IS into native code of Virtual instruction interpretation according to the classical decode-dispatch method [18], using a set of handlers and a VMloop. In this system, VMloop is the execution engine to fetch and decode the bytecode instructions and dispatch handler to interpret the instructions.…”

Section: Introductionmentioning

confidence: 99%

Invalidating Analysis Knowledge for Code Virtualization Protection Through Partition Diversity

Wang

Tang

et al. 2019

IEEE Access

Self Cite

View full text Add to dashboard Cite

To protect programs from unauthorized analysis, virtualize the code based on Virtual Machine (VM) technologies is emerging as a feasible method for accomplishing code obfuscation. However, in some State-of-the-art VM-based protection approaches, the set of virtual instructions and bytecode interpreters are fixed across the whole programs. This means an experienced attacker could extract the mapping information between virtual instructions and native code from programs, and use this knowledge to uncover the mapping relationships in similar protecting applications. To address this problem, we present CoDiver (Code Virtualization Protection with Diversity), a novel VM-based code obfuscation system in this paper. The main idea of our approach is to obfuscate the mapping between the opcodes of bytecode instructions and their semantics. To achieve this goal, we first turn every protected code region into multiple parts by partition proceeding, randomize the mapping of opcodes and their semantics of each part. By this way, we could translate the bytecode instruction into different native code in different sections of the obfuscated code. This method could increase the diversity of program behavior significantly. As a result, it will be useless to learn the mapping relationship between bytecode and native code of some other programs, then migrate it into a new program. We build a prototype of CoDiver and tested it on a set of real-world applications. Experimental results show that as compared with two state-of-the-art VM-based code obfuscation approaches, our approach is more effective and could provide stronger protection with comparable runtime overhead and code size. INDEX TERMS Instruction set randomization, reverse engineering, virtualized obfuscation.

show abstract

“…At the heart of this system are the virtual IS (Instruction Set) and the set of interpreters used to translate the IS to native code. Interpretation of virtual instructions follows the classical decode-dispatch approach [18], using a bundle of handlers and a VMloop. Here, the VMloop is the execution engine which fetches and decodes a bytecode instruction and then dispatches a handler to interpret instruction.…”

Section: Introductionmentioning

confidence: 99%

Exploiting Code Diversity to Enhance Code Virtualization Protection

Xue

Tang

et al. 2018

2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS)

Self Cite

View full text Add to dashboard Cite

Code virtualization built upon virtual machine (VM) technologies is emerging as a viable method for implementing code obfuscation to protect programs against unauthorized analysis. State-of-the-art VM-based protection approaches use a fixed set of virtual instructions and bytecode interpreters across programs. This, however, exposes a security vulnerability where an experienced attacker can use knowledge extracted from other programs to quickly uncover the mapping between virtual instructions and native code for applications protected under the same scheme. In this paper, we propose a novel VMbased code obfuscation system to address this problem. The core idea of our approach is to obfuscate the mapping between the opcodes of bytecode instructions and their semantics. We achieve this by partitioning each protected code region into multiple segments where the mapping of opcodes and their semantics is randomized in different ways in different segments. In this way, each bytecode instruction will be translated into different native code in different sections of the obfuscated code. This significantly increases the diversity of the program behavior. As a result, the knowledge of bytecode to native code mappings obtained from other programs will be less useful when targeting a new program. We evaluate our approach on a set of real-world applications and compare it against two state-of-the-art VMbased code obfuscation approaches. Experimental results show that our simple approach is effective, which provides stronger protection at the cost of little extra overhead.

show abstract

Exploit dynamic data flows to protect software against semantic attacks

Cited by 6 publications

References 15 publications

Efficient Detection of Phishing Websites Using Multilayer Perceptron

Efficient Detection of Phishing Websites Using Multilayer Perceptron

Invalidating Analysis Knowledge for Code Virtualization Protection Through Partition Diversity

Exploiting Code Diversity to Enhance Code Virtualization Protection

Contact Info

Product

Resources

About