Static Disassembly of Obfuscated Binaries
Disassembly is the process of recovering a symbolic representation of a program's machine code instructions from its binary representation. Recently, a number of techniques have been proposed that attempt to foil the disassembly process. These techniques are very effective against state-of-the-art disassemblers, preventing a substantial fraction of a binary program from being disassembled correctly. This could allow an attacker to hide malicious code from static analysis tools that depend on correct disassembler output (such as virus scanners).
The paper presents novel binary analysis techniques that substantially improve the success of the disassembly process when confronted with obfuscated binaries. Based on control flow graph information and statistical methods, a large fraction of the program's instructions can be correctly identified. An evaluation of the accuracy and the performance of our tool is provided, along with a comparison to several state-of-the-art disassemblers.
related link:
-
Control Flow Graph Virus Scanners Substantial Fraction Binary Program Binary Representation Static Analysis Symbolic Representation Analysis Tools Statistical Methods Malicious Code Attacker State Of The Art Novel Accuracy Performance Tool Success Control
- More infomation may be in the description section, read description carefully!
- Click "Ebook Search" button to find mirrors if no download links or dead links in the description.