Static detection of disassembly errors

Nithya Krishnamoorthy, Saumya Debray, Keith Fligg

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations

Abstract

Static disassembly is a crucial first step in reverse engineering executable files, and there is a considerable body of work in reverse-engineering of binaries, as well as areas such as semantics-based security analysis, that assumes that the input executable has been correctly disassembled. However, disassembly errors, e.g., arising from binary obfuscations, can render this assumption invalid. This work describes a machine-learning-based approach, using decision trees, for statically identifying possible errors in a static disassembly; such potential errors may then be examined more closely, e.g., using dynamic analyses. Experimental results using a variety of input executables indicate that our approach performs well, correctly identifying most disassembly errors with relatively few false positives.

Original languageEnglish (US)
Title of host publicationProceedings - 16th Working Conference on Reverse Engineering, WCRE 2009
Pages259-268
Number of pages10
DOIs
StatePublished - Dec 1 2009
Event16th Working Conference on Reverse Engineering, WCRE 2009 - Lille, France
Duration: Oct 13 2009Oct 16 2009

Publication series

NameProceedings - Working Conference on Reverse Engineering, WCRE
ISSN (Print)1095-1350

Other

Other16th Working Conference on Reverse Engineering, WCRE 2009
CountryFrance
CityLille
Period10/13/0910/16/09

Keywords

  • Binary analysis
  • Disassembly
  • Machine learning
  • Reverse engineering

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'Static detection of disassembly errors'. Together they form a unique fingerprint.

Cite this