Proceedings of the 9th Workshop on Software Security, Protection, and Reverse Engineering 2019
DOI: 10.1145/3371307.3371313
|View full text |Cite
|
Sign up to set email alerts
|

Fine-grained static detection of obfuscation transforms using ensemble-learning and semantic reasoning

Abstract: e ability to e ciently detect the so ware protections used is at a prime to facilitate the selection and application of adequate deobfuscation techniques. We present a novel approach that combines semantic reasoning techniques with ensemble learning classi cation for the purpose of providing a static detection framework for obfuscation transformations. By contrast to existing work, we provide a methodology that can detect multiple layers of obfuscation, without depending on knowledge of the underlying function… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
4
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
1

Relationship

0
6

Authors

Journals

citations
Cited by 6 publications
(4 citation statements)
references
References 55 publications
0
4
0
Order By: Relevance
“…Tofighi-Shirazi et al [17] proposed a novel approach that combines semantic reasoning and ensemble machine learning classification for a framework designed to detect obfuscation transformations. The authors generated obfuscated samples and used semantic reasoning to extract raw data from these samples.…”
Section: Related Workmentioning
confidence: 99%
“…Tofighi-Shirazi et al [17] proposed a novel approach that combines semantic reasoning and ensemble machine learning classification for a framework designed to detect obfuscation transformations. The authors generated obfuscated samples and used semantic reasoning to extract raw data from these samples.…”
Section: Related Workmentioning
confidence: 99%
“…Even though obfuscation can hide semantics very well, there can still be some hints left. Existing obfuscation detection work has high accuracy [13,[33][34][35][36][37]. us, we are motivated to employ a classifier to detect which basic block is obfuscated.…”
Section: Obfuscated Instructions Detectormentioning
confidence: 99%
“…But they do not discuss locating the obfuscated code snippet. Tofighi et al [33] present a fine-grained detection framework of obfuscation transformations and constructions. Compared with this work, the same thing is that both of us consider the locating of obfuscated code snippets.…”
Section: Related Workmentioning
confidence: 99%
“…In traditional binary code analysis methods, most researchers use symbolic execution to combat code deobfuscation. For instance, Tofighi-Shirazi et al [1] proposed DoSE, which can improve the deobfuscation technique based on dynamic symbolic execution by statically eliminating obfuscation transformations, and remove two-way opaque constructs by semantic equivalence. While Xu et al [2] adopted the multi-granularity symbolic execution method to simplify the trace snippets for partially virtualized binary code, and achieved encouraging experimental results at that time.…”
Section: Introductionmentioning
confidence: 99%