Layered obfuscation: a taxonomy of software obfuscation techniques for layered security

Xu, Hui; Zhou, Yangfan; Jiang, Ming; Lyu, Michael R.

doi:10.1186/s42400-020-00049-3

Cited by 25 publications

(5 citation statements)

References 72 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…MulCPI's effectiveness may be hindered by the diverse code obfuscation strategies [47,48] applied to the code under analysis. Techniques such as compression and encryption can disrupt the initial analysis phase by preventing accurate function parsing and extraction, which are critical for MulCPI and other function-level analysis methods.…”

Section: Threats To Validitymentioning

confidence: 99%

Function-Level Compilation Provenance Identification with Multi-Faceted Neural Feature Distillation and Fusion

Gao,

Liang,

et al. 2024

Electronics

View full text Add to dashboard Cite

In the landscape of software development, the selection of compilation tools and settings plays a pivotal role in the creation of executable binaries. This diversity, while beneficial, introduces significant challenges for reverse engineers and security analysts in deciphering the compilation provenance of binary code. To this end, we present MulCPI, short for Multi-representation Fusion-based Compilation Provenance Identification, which integrates the features collected from multiple distinct intermediate representations of the binary code for better discernment of the fine-grained function-level compilation details. In particular, we devise a novel graph-oriented neural encoder improved upon the gated graph neural network by subtly introducing an attention mechanism into the neighborhood nodes’ information aggregation computation, in order to better distill the more informative features from the attributed control flow graph. By further integrating the features collected from the normalized assembly sequence with an advanced Transformer encoder, MulCPI is capable of capturing a more comprehensive set of features manifesting the multi-faceted lexical, syntactic, and structural insights of the binary code. Extensive evaluation on a public dataset comprising 854,858 unique functions demonstrates that MulCPI exceeds the performance of current leading methods in identifying the compiler family, optimization level, compiler version, and the combination of compilation settings. It achieves average accuracy rates of 99.3%, 96.4%, 90.7%, and 85.3% on these tasks, respectively. Additionally, an ablation study highlights the significance of MulCPI’s core designs, validating the efficiency of the proposed attention-enhanced gated graph neural network encoder and the advantages of incorporating multiple code representations.

show abstract

Section: Threats To Validitymentioning

confidence: 99%

Function-Level Compilation Provenance Identification with Multi-Faceted Neural Feature Distillation and Fusion

Gao,

Liang,

et al. 2024

Electronics

View full text Add to dashboard Cite

show abstract

“…Obfuscation -consists of sub techniques for modifying the code of the malware to change its signatures and make it more difficult to detect [10]. This includes modifying/reorganizing the source code, object concatenation, splitting and merging techniques so the new relevant signatures are not flagged as malicious [11].…”

Section: B Av Evasion Key Techniquesmentioning

confidence: 99%

Antivirus Performance Evaluation Against Powershell Obfuscated Malware

Dimov,

Savova

2024

ETR

View full text Add to dashboard Cite

In recent years, malware attacks have become increasingly sophisticated, and the methods used by attackers to evade Windows defenses have grown more complex. As a result, detecting and defending against these attacks has become an ever more pressing challenge for security professionals. Despite significant efforts to improve Windows security, attackers continue to find new ways to bypass these defenses and infiltrate systems. The techniques covered in this paper are all currently active and effective at evading Windows defenses. Our findings underscore the need for continued vigilance and the importance of staying up to date with the latest threats and countermeasures.

show abstract

“…Malware also can use this technique on vehicles to spread its activity across multiple ECUs' threads in order to evade detection. Other sorts of malware can add dummy instructions to their code to make it look different [244], or use instruction substitution to change their code by substituting equivalent instructions for some of them [245], or use code transposition to reorder the sequence of instructions in their code [246] , or use subroutine reordering to obfuscate their code by randomly rearranging their subroutines [247]. Consequently, malware can evade detection and avoid itself from being properly analyzed by employing such techniques.…”

Section: A Existing Techniques Limitations In Securing Intelligent Vehicles Against Malwarementioning

confidence: 99%

Vehicle Security: A Survey of Security Issues and Vulnerabilities, Malware Attacks and Defenses

et al. 2021

View full text Add to dashboard Cite

Layered obfuscation: a taxonomy of software obfuscation techniques for layered security

Cited by 25 publications

References 72 publications

Function-Level Compilation Provenance Identification with Multi-Faceted Neural Feature Distillation and Fusion

Function-Level Compilation Provenance Identification with Multi-Faceted Neural Feature Distillation and Fusion

Antivirus Performance Evaluation Against Powershell Obfuscated Malware

Vehicle Security: A Survey of Security Issues and Vulnerabilities, Malware Attacks and Defenses

Contact Info

Product

Resources

About