This paper proposes an obfuscation method against illegal analysis. The proposed method tries to build a fake call flow graph from debugging tools. The call flow graph represents relations among methods, and helps und...
详细信息
ISBN:
(纸本)9781479956043
This paper proposes an obfuscation method against illegal analysis. The proposed method tries to build a fake call flow graph from debugging tools. The call flow graph represents relations among methods, and helps understanding of a program. The fake call flow graph leads misunderstanding of the program. We focus on a hook mechanism of the method call for changing callee. We conduct two experiments to evaluate the proposed method. First experiment simulates attacks by existing tools: Soot, jad, Procyon, and Krakatau. The Procyon only succeeded decompilation, the others crashed. Second experiment evaluates understandability of the obfuscated program by the hand. Only one subject in the nine subjects answered the correct value. The experiments shows the proposed method has good tolerance against existing tools, and high difficulty of understanding even if the target program is tiny and simple program.
Optimal clustering of call flow graph for reaching maximum concurrency in execution of distributable components is one of the NP-Complete problems. Learning automatas (LAs) are search tools which are used for solving ...
详细信息
ISBN:
(纸本)9789048191123;9789048191116
Optimal clustering of call flow graph for reaching maximum concurrency in execution of distributable components is one of the NP-Complete problems. Learning automatas (LAs) are search tools which are used for solving many NP-Complete problems. In this paper a learning based algorithm is proposed to optimal clustering of call flow graph and appropriate distributing of programs in network level. The algorithm uses learning feature of LAs to search in state space. It has been shown that the speed of reaching to solution increases remarkably using LA in search process, and it also prevents algorithm from being trapped in local minimums. Experimental results show the superiority of proposed algorithm over others.
In this paper we propose a new method for finding the fingerprint of executable programs. Our method based on the statistical analysis of the 2-dimensional graph named novel abstract callgraph which is in component o...
详细信息
ISBN:
(纸本)9781424441983
In this paper we propose a new method for finding the fingerprint of executable programs. Our method based on the statistical analysis of the 2-dimensional graph named novel abstract callgraph which is in component of the colored pixels arranged according to the adjacency matrix of the call flow graph, the color of the pixel is determined by the in-degree and out-degree of function node and the function call relationship. Through the experiments we can perceive that the color moments can be used to identify different executable programs as a fingerprint for the following reasons: it is the unique property that different executable programs map to different abstract callgraphs with different color moments;it is sensitive to the changes of the function call relationship that the value of color moments will present different as long as there exists call relationship modifications;it is robust to the local normal instruction modifications that the value of color moments will not change as long as the modifications do not change any function call relationship. This paper show that this fingerprint can be used to intrusion detection since the malicious code may change the junction call relationship of the infected program, and can be also used to measure the N versions of a program and so on. In this paper we mainly introduce the process of forming the fingerprint, its properties and forecasting its application.
暂无评论