Analysis of Obfuscated Code with Program Slicing

Talukder, Mahin; Islam, Syed; Falcarin, Paolo

doi:10.1109/cybersecpods.2019.8885094

Cited by 6 publications

(2 citation statements)

References 21 publications

(23 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is continuously updated and maintained [90]; it contains many samples and diverse categories. [53]. C, Java, and Python are the most common programming languages.…”

Section: Analysis Based On Empirical Strategy and Dataset (Rq3 And Rq31)mentioning

confidence: 99%

Measuring Software Obfuscation Quality–A Systematic Literature Review

2021

View full text Add to dashboard Cite

Software obfuscation techniques are increasingly being used to prevent attackers from exploiting security flaws and launching successful attacks. With research on software obfuscation techniques rapidly growing, many software obfuscation techniques with varying quality and strength have been proposed in the literature. However, the literature on obfuscation techniques has not yet been coherently collated and reviewed. This research paper aims to present an overview of state-of-the-art software obfuscation techniques, focusing on quality and strength. A systematic analysis and synthesis of literature published between 2010 and April 2021 has been performed to identify the common measures to quantify obfuscation and their measures, the publication venue, and the home country of the researchers. We have identified the obfuscation quality attributes, such as potency, resilience, cost, stealth, and similarity, that are the most widely used metrics to evaluate the quality of obfuscation techniques. In addition, different measures have been used to quantify these qualities, such as complexity (to measure potency), human effort (to measure resilience), efficiency (to estimate cost), and multiclass performance metrics, distance measures, and matching method (to quantify similarity). These measures were then categorized into sub-measures. The literature lacks research in the following two areas: empirical research using a case study strategy, i.e., realworld datasets, and measurements of obfuscation stealth. Researchers did not address stealth as clearly as they addressed potency, cost, and similarity.

show abstract

“…It is continuously updated and maintained [90]; it contains many samples and diverse categories. [53]. C, Java, and Python are the most common programming languages.…”

Section: Analysis Based On Empirical Strategy and Dataset (Rq3 And Rq31)mentioning

confidence: 99%

Measuring Software Obfuscation Quality–A Systematic Literature Review

2021

View full text Add to dashboard Cite

show abstract

“…In [33], the resilience of obfuscated C code was measured using program slicing. By measuring the resilience, they measured the degree of resistance to automated deobfuscation tools.…”

Section: B Software Obfuscation Techniquesmentioning

confidence: 99%

SCORE: Source Code Optimization & REconstruction

Suk

Lee

2020

IEEE Access

View full text Add to dashboard Cite

The main goal of obfuscation is to make software difficult to analyze. Although obfuscation is one useful method to protect programs, the ability to analyze malware is greatly reduced if used for malicious purposes. The obfuscation technique is most applicable at the binary level, but it can also be applied at the source code level. Although source-level techniques can be applied regardless of the target platform, these are often optimized and eliminated during compilation. However, when controlflow obfuscation is applied at the source code level, removal is not possible. When applied for malicious purposes, the ability to analyze the source code and compiled binary code is greatly reduced. To date, no research has presented a method that increases the readability of source code or the ability to analyze compiled binaries via optimization at the source level. In this paper, we select a very powerful obfuscation tool that provides options, including control-flow obfuscation, at the source level. The result of our research is a tool that outputs optimized source code and performs control-flow reconstruction as preprocessing, which increases readability even when control-flow obfuscation has been applied. The results also suggest an improvement in the ability to analyze binary code. As a result, more than 70% of the source code can be optimized at the source level, and the control-flow graph can be serialized. The optimized source code compiles more concise binary code even if no compiler optimizations are applied. Finally, the paper concludes by presenting the results of a module that prevents deobfuscation through code tampering (preventive obfuscation) at the source code level.

show abstract