Obfuscation Resilient Search throughExecutable Classification

06/06/2018
by   Fang-Hsiang Su, et al.
0

Android applications are usually obfuscated before release, making it difficult to analyze them for malware presence or intellectual property violations. Obfuscators might hide the true intent of code by renaming variables and/or modifying program structures. It is challenging to search for executables relevant to an obfuscated application for developers to analyze efficiently. Prior approaches toward obfuscation resilient search have relied on certain structural parts of apps remaining as landmarks, un-touched by obfuscation. For instance, some prior approaches have assumed that the structural relationships between identifiers are not broken by obfuscators; others have assumed that control flow graphs maintain their structures. Both approaches can be easily defeated by a motivated obfuscator. We present a new approach,Macneto, to search for programs relevant to obfuscated executables leveraging deep learning and principal components on instructions. Macneto makes few assumptions about the kinds of modifications that an obfuscator might perform. We show that it has high search precision for executables obfuscated by a state-of-the-art obfuscator that changes control flow. Further, we also demonstrate the potential of Macneto to help developers understand executables, where Macneto infers keywords (which are from the relevant unobfuscated program) for obfuscated executables.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/06/2018

Obfuscation Resilient Search through Executable Classification

Android applications are usually obfuscated before release, making it di...
research
07/08/2021

Obfuscation-resilient Android Malware Analysis Based on Contrastive Learning

Due to its open-source nature, Android operating system has been the mai...
research
12/11/2018

Generating Summaries for Methods of Event-Driven Programs: an Android Case Study

Developers often dedicate a great amount of time to program comprehensio...
research
04/06/2017

A Multi-view Context-aware Approach to Android Malware Detection and Malicious Code Localization

Existing Android malware detection approaches use a variety of features ...
research
10/14/2022

Empirical Network Structure of Malicious Programs

A modern binary executable is a composition of various networks. Control...
research
09/19/2018

Control Flow Graph Modifications for Improved RF-Based Processor Tracking Performance

Many dedicated embedded processors do not have memory or computational r...
research
03/18/2015

Exploration of the scalability of LocFaults approach for error localization with While-loops programs

A model checker can produce a trace of counterexample, for an erroneous ...

Please sign up or login with your details

Forgot password? Click here to reset