Pinpointing and hiding surprising fragments in an obfuscated program

Yuichiro Kanzaki, Clark Thomborson, Akito Monden, Christian S Collberg

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper, we propose a pinpoint-hide defense method, which aims to improve the stealth of obfuscated code. In the pinpointing process, we scan the obfuscated code in a few small code fragment level and identify all surprising fragments, that is, very unusual fragments which may draw the attention of an attacker to the obfuscated code. In the hiding process, we transform the pinpointed surprising fragments into unsurprising ones while preserving semantics. The obfuscated code transformed by our method consists only by unsurprising code fragments, therefore is more difficult for attackers to be distinguished from unobfuscated code than the original. In the case study, we apply our pinpoint-hide method to some programs transformed by well-known obfuscation techniques. The result shows our method can pinpoint surprising fragments such as dummy code that does not fit in the context of the program, and instructions used in a complicated arithmetic expression. We also confirm that instruction camouflage can make the pinpointed surprising fragments unsurprising ones, and that it runs correctly.

Original languageEnglish (US)
Title of host publicationProceedings of the 5th Program Protection and Reverse Engineering Workshop, PPREW 2015 - Software Security and Protection Workshop 2015, SSP 2015
PublisherAssociation for Computing Machinery
Volume08-December-2015
ISBN (Electronic)9781450336420
DOIs
StatePublished - Dec 8 2015
Event5th Program Protection and Reverse Engineering Workshop, PPREW 2015 - Los Angeles, United States
Duration: Dec 8 2015 → …

Other

Other5th Program Protection and Reverse Engineering Workshop, PPREW 2015
CountryUnited States
CityLos Angeles
Period12/8/15 → …

Keywords

  • Code obfuscation
  • Code stealth
  • N-gram
  • Program analysis
  • Software protection

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Software

Fingerprint Dive into the research topics of 'Pinpointing and hiding surprising fragments in an obfuscated program'. Together they form a unique fingerprint.

  • Cite this

    Kanzaki, Y., Thomborson, C., Monden, A., & Collberg, C. S. (2015). Pinpointing and hiding surprising fragments in an obfuscated program. In Proceedings of the 5th Program Protection and Reverse Engineering Workshop, PPREW 2015 - Software Security and Protection Workshop 2015, SSP 2015 (Vol. 08-December-2015). [2843862] Association for Computing Machinery. https://doi.org/10.1145/2843859.2843862