On the automatic analysis of the practical resistance of obfusting transformations

P. D. Borisov; Yu. V. Kosolapov

P. D. Borisov ; Yu. V. Kosolapov

Modelirovanie i analiz informacionnyh sistem, Tome 26 (2019) no. 3, pp. 317-331

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

A method is developed for assessing the practical persistence of obfuscating transformations of programs based on the calculation of the similarity index for the original, obfuscated and deobfuscated programs. Candidates are proposed for similarity indices, which are based on such program characteristics as the control flow graph, symbolic execution time and degree of coverage for symbolic execution. The control flow graph is considered as the basis for building other candidates for program similarity indicators. On its basis, a new candidate is proposed for the similarity index, which, when calculated, finds the Hamming distance between the adjacency matrices of control flow graphs of compared programs. A scheme for estimating (analyzing) the persistence of obfuscating transformations is constructed, according to which for the original, obfuscated and deobfuscated programs, the characteristics of these programs are calculated and compared in accordance with the chosen comparison model. The developed scheme, in particular, is suitable for comparing programs based on similarity indices. This paper develops and implements one of the key units of the constructed scheme — a block for obtaining program characteristics compiled for the x86/x86_64 architecture. The developed unit allow to find the control flow graph, the time for symbolic execution and the degree of coverage for symbolic execution. Some results of work of the constructed block are given.

Keywords: code obfuscation, resistance, symbolic execution.

@article{MAIS_2019_26_3_a0,
     author = {P. D. Borisov and Yu. V. Kosolapov},
     title = {On the automatic analysis of the practical resistance of obfusting transformations},
     journal = {Modelirovanie i analiz informacionnyh sistem},
     pages = {317--331},
     publisher = {mathdoc},
     volume = {26},
     number = {3},
     year = {2019},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/MAIS_2019_26_3_a0/}
}

TY  - JOUR
AU  - P. D. Borisov
AU  - Yu. V. Kosolapov
TI  - On the automatic analysis of the practical resistance of obfusting transformations
JO  - Modelirovanie i analiz informacionnyh sistem
PY  - 2019
SP  - 317
EP  - 331
VL  - 26
IS  - 3
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/MAIS_2019_26_3_a0/
LA  - ru
ID  - MAIS_2019_26_3_a0
ER  -

%0 Journal Article
%A P. D. Borisov
%A Yu. V. Kosolapov
%T On the automatic analysis of the practical resistance of obfusting transformations
%J Modelirovanie i analiz informacionnyh sistem
%D 2019
%P 317-331
%V 26
%N 3
%I mathdoc
%U http://geodesic.mathdoc.fr/item/MAIS_2019_26_3_a0/
%G ru
%F MAIS_2019_26_3_a0

P. D. Borisov; Yu. V. Kosolapov. On the automatic analysis of the practical resistance of obfusting transformations. Modelirovanie i analiz informacionnyh sistem, Tome 26 (2019) no. 3, pp. 317-331. http://geodesic.mathdoc.fr/item/MAIS_2019_26_3_a0/

Parcourir par

Geodesic

Parcourir par