Linear Obfuscation to Combat Symbolic Execution

Linear Obfuscation to Combat Symbolic Execution

Trigger-based code (malicious in many cases, but not necessarily) only executes when specific inputs are received. Symbolic execution has been one of the most powerful techniques in discovering such malicious code and analyzing the trigger condition. We propose a novel automatic malware obfuscation...

Full description

Saved in:
Bibliographic Details
Main Authors: WANG, Zhi, Ming, Jiang, Jia, Chunfu, GAO, Debin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2011
Subjects:
Software obfuscation
symbolic execution
malware analysis
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/2005
https://ink.library.smu.edu.sg/context/sis_research/article/3004/viewcontent/esorics11.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-3004
record_format dspace
spelling sg-smu-ink.sis_research-30042014-02-04T11:54:04Z Linear Obfuscation to Combat Symbolic Execution WANG, Zhi Ming, Jiang Jia, Chunfu GAO, Debin Trigger-based code (malicious in many cases, but not necessarily) only executes when specific inputs are received. Symbolic execution has been one of the most powerful techniques in discovering such malicious code and analyzing the trigger condition. We propose a novel automatic malware obfuscation technique to make analysis based on symbolic execution difficult. Unlike previously proposed techniques, the obfuscated code from our tool does not use any cryptographic operations and makes use of only linear operations which symbolic execution is believed to be good in analyzing. The obfuscated code incorporates unsolved conjectures and adds a simple loop to the original code, making it less than one hundred bytes longer and hard to be differentiated from normal programs. Evaluation shows that applying symbolic execution to the obfuscated code is inefficient in finding the trigger condition. We discuss strengths and weaknesses of the proposed technique. 2011-09-12T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2005 info:doi/10.1007/978-3-642-23822-2_12 https://ink.library.smu.edu.sg/context/sis_research/article/3004/viewcontent/esorics11.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Software obfuscation symbolic execution malware analysis Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Software obfuscation
symbolic execution
malware analysis
Information Security
spellingShingle Software obfuscation
symbolic execution
malware analysis
Information Security
WANG, Zhi
Ming, Jiang
Jia, Chunfu
GAO, Debin
Linear Obfuscation to Combat Symbolic Execution
description Trigger-based code (malicious in many cases, but not necessarily) only executes when specific inputs are received. Symbolic execution has been one of the most powerful techniques in discovering such malicious code and analyzing the trigger condition. We propose a novel automatic malware obfuscation technique to make analysis based on symbolic execution difficult. Unlike previously proposed techniques, the obfuscated code from our tool does not use any cryptographic operations and makes use of only linear operations which symbolic execution is believed to be good in analyzing. The obfuscated code incorporates unsolved conjectures and adds a simple loop to the original code, making it less than one hundred bytes longer and hard to be differentiated from normal programs. Evaluation shows that applying symbolic execution to the obfuscated code is inefficient in finding the trigger condition. We discuss strengths and weaknesses of the proposed technique.
format text
author WANG, Zhi
Ming, Jiang
Jia, Chunfu
GAO, Debin
author_facet WANG, Zhi
Ming, Jiang
Jia, Chunfu
GAO, Debin
author_sort WANG, Zhi
title Linear Obfuscation to Combat Symbolic Execution
title_short Linear Obfuscation to Combat Symbolic Execution
title_full Linear Obfuscation to Combat Symbolic Execution
title_fullStr Linear Obfuscation to Combat Symbolic Execution
title_full_unstemmed Linear Obfuscation to Combat Symbolic Execution
title_sort linear obfuscation to combat symbolic execution
publisher Institutional Knowledge at Singapore Management University
publishDate 2011
url https://ink.library.smu.edu.sg/sis_research/2005
https://ink.library.smu.edu.sg/context/sis_research/article/3004/viewcontent/esorics11.pdf
_version_ 1770571765184987136

Similar Items