检索结果-内蒙古大学图书馆

22nd IEEE International Conference on Software analysis, Evolution, and Reengineering (SANER)

作者： Qiu, Jing Su, Xiaohong Ma, Peijun Harbin Inst Technol Sch Comp Sci & Technol Harbin Peoples R China

ISBN: (纸本)9781479984695

Library functions identification is a key technique in reverse engineering. Discontinuity and polymorphism of inline and optimized library functions in binary code create a difficult challenge for library functions identification. To solve this problem, a novel approach is developed to identify library functions. First, we introduce execution dependence graphs (EDGs) to describe the behavior characteristics of binary code. Then, by finding similar EDG subgraphs in target functions, we identify both full and inline library functions. Experimental results from the prototype tool show that the proposed method is not only capable of identifying inline functions but is also more efficient and precise than the current methods for identifying full library functions.

关键词： binary code analysis library functions identification graph isomorphism

来源：评论

学校读者我要写书评

暂无评论

Obfuscation code Localization Based on CFG Generation of Malware 8th

Obfuscation Code Localization Based on CFG Generation of Mal...

引用

8th International Symposium on Foundations and Practice of Security (FPS)

作者： Nguyen Minh Hai Ogawa, Mizuhito Quan Thanh Tho Ho Chi Minh City Univ Technol Ho Chi Minh City Vietnam Japan Adv Inst Sci & Technol Nomi Japan

ISBN: (纸本)9783319303031;9783319303024

This paper presents a tool BE-PUM (binary Emulator for PUshdown Model generation), which generates a precise control flow graph (CFG), under presence of typical obfuscation techniques of malware, e.g., indirect jump, self-modification, overlapping instructions, and structured exception handler (SEH), which cover packers. Experiments are performed on 2000 real-world malware examples taken from VX Heaven and compare the results of a popular commercial disassembler IDA Pro, a state-of-the-art tool JakStab, and BE-PUM. It shows that BE-PUM correctly traces CFGs, whereas IDA Pro and JakStab fail. By manual inspection on 300 malware examples, we also observe that the starts of these failures exactly locate the entries of obfuscation code.

关键词： Concolic testing binary code analysis Malware Obfuscation

来源：评论

学校读者我要写书评

暂无评论

Scalable Program Clone Search through Spectral analysis 2023

Scalable Program Clone Search through Spectral Analysis

引用

31st ACM Joint Meeting of the European Software Engineering Conference / Symposium on the Foundations-of-Software-Engineering (ESEC/FSE)

作者： Benoit, Tristan Marion, Jean-Yves Bardin, Sebastien Univ Lorraine CNRS LORIA Nancy France Univ Paris Saclay CEA LIST Saclay France

ISBN: (纸本)9798400703270

We consider the problem of program clone search, i.e. given a target program and a repository of known programs (all in executable format), the goal is to find the program in the repository most similar to the target program - with potential applications in terms of reverse engineering, program clustering, malware lineage and software theft detection. Recent years have witnessed a blooming in code similarity techniques, yet most of them focus on function-level similarity and function clone search, while we are interested in program-level similarity and program clone search. Actually, our study shows that prior similarity approaches are either too slow to handle large program repositories, or not precise enough, or yet not robust against slight variations introduced by compilers, source code versions or light obfuscations. We propose a novel spectral analysis method for program-level similarity and program clone search called Programs Spectral Similarity (PSS). In a nutshell, PSS one-time spectral feature extraction is tailored for large repositories, making it a perfect fit for program clone search. We have compared the different approaches with extensive benchmarks, showing that PSS reaches a sweet spot in terms of precision, speed and robustness.

关键词： binary code analysis clone search spectral analysis

来源：评论

学校读者我要写书评

暂无评论

Opaque Predicate: Attack and Defense in Obfuscated binary code

Opaque Predicate: Attack and Defense in Obfuscated Binary Co...

引用

作者： Xu, Dongpeng PennState University Libraries

学位级别：Doctor of Philosophy

An opaque predicate is a predicate whose value is known to the obfuscator but is difficult to deduce. It can be seamlessly applied together with other obfuscation methods such as junk code to turn reverse engineering attempts into arduous work. Opaque predicates have been widely used in various areas of software security such as software protection, software watermarking, obfuscation, and metamorphic malware. The arms race between the construction and detection of opaque predicates is an interesting topic in computer security *** thesis introduces new attack and defense techniques about opaque predicates in binary code. First, a logic oriented opaque predicate detection tool called LOOP is proposed. By conducting symbolic execution along a trace, LOOP constructs general logical formulas to represent the intrinsic characteristics of opaque predicates. The formulas are then solved by a constraint solver and the result answers whether the predicate under examination is opaque or not. Besides, LOOP is obfuscation resilient and able to detect previously unknown opaque predicates. Our experimental result demonstrates LOOP is effective and efficient. By integrating LOOP with code normalization for matching metamorphic malware variants, we show that LOOP is an appealing complement to existing malware ***, a new control flow obfuscation scheme called generalized dynamic opaque predicate is proposed. We extend the conventional concept of dynamic opaque predicate to common program structures (e.g., straight-line code, branch, and loop). Besides, our new design does not require dynamic opaque predicates to be strictly adjacent, which is more resilient to deobfuscation techniques. The evaluation result shows generalized dynamic opaque predicates overcome the limitations in conventional opaque ***, we propose a novel technique called bit-precise symbolic loop mapping to identify cryptographic functions in obfuscated binary code. Advanced opaque pred

关键词： Opaque Predicate Software Obfuscation Cryptographic Function Detection binary code analysis

来源：评论

学校读者我要写书评

暂无评论

Recovery of high-level intermediate representations of algorithms from binary code

Recovery of high-level intermediate representations of algor...

引用

Ivannikov Memorial Workshop (IVMEM)

作者： Bugerya, Alexander Borisovich Kulagin, Ivan Ivanovich Padaryan, Vartan Andronikovich Solovev, Mikhail Aleksandrovich Tikhonov, Andrei Yur'evich Russian Acad Sci Keldysh Inst Appl Math Moscow Russia Russian Acad Sci Ivannikov Inst Syst Programming Moscow Russia Lomonosov Moscow State Univ Moscow Russia

ISBN: (纸本)9781728146232

One of the tasks of binary code security analysis is detection of undocumented features in software. This task is hard to automate, and it requires participation of a cybersecurity expert. The way of representation of the algorithm under analysis strongly determines the analysis effort and quality of its results. Existing intermediate representations and languages are intended for use in software that either carries out optimizing transformations or analyzes binary code. Such representations and intermediate languages are unsuitable for manual data flow analysis. This paper proposes a high-level hierarchical flowchart-based representation of a program algorithm as well as an algorithm for its construction. The proposed representation is based on a hypergraph and it allows both automatic and manual data flow analysis on different detail levels. The hypergraph nodes represent functions. Every node contains a set of other nodes which are fragments. The fragment is a linear sequence of instructions that does not contain call and ret instructions. Edges represent data flows between nodes and correspond to memory buffers and registers. In the future this representation can be used to implement automatic analysis algorithms. An approach is proposed to increasing quality of the developed algorithm representation using grouping of single data flows into one flow connecting logical algorithm modules.

关键词： flowcharts intermediate representation binary code analysis data flow analysis

来源：评论

学校读者我要写书评

暂无评论

ISAdetect: Usable Automated Detection of CPU Architecture and Endianness for Executable binary Files and Object code 20

ISAdetect: Usable Automated Detection of CPU Architecture an...

引用

10th ACM Conference on Data and Application Security and Privacy (CODASPY)

作者： Kairajarvi, Sami Costin, Andrei Hamalainen, Timo Univ Jyvaskyla Jyvaskyla Finland

ISBN: (纸本)9781450371070

Static and dynamic binary analysis techniques are actively used to reverse engineer software's behavior and to detect its vulnerabilities, even when only the binary code is available for analysis. To avoid analysis errors due to misreading op-codes for a wrong CPU architecture, these analysis tools must precisely identify the Instruction Set Architecture (ISA) of the object code under analysis. The variety of CPU architectures that modern security and reverse engineering tools must support is ever increasing due to massive proliferation of IoT devices and the diversity of firmware and malware targeting those devices. Recent studies concluded that falsely identifying the binary code's ISA caused alone about 10% of failures of IoT firmware analysis. The state of the art approaches detecting ISA for executable object code look promising, and their results demonstrate effectiveness and high-performance. However, they lack the support of publicly available datasets and toolsets, which makes the evaluation, comparison, and improvement of those techniques, datasets, and machine learning models quite challenging (if not impossible). This paper bridges multiple gaps in the field of automated and precise identification of architecture and endianness of binary files and object code. We develop from scratch the toolset and datasets that are lacking in this research space. As such, we contribute a comprehensive collection of open data, open source, and open API web-services. We also attempt experiment reconstruction and cross-validation of effectiveness, efficiency, and results of the state of the art methods. When training and testing classifiers using solely code-sections from executable binary files, all our classifiers performed equally well achieving over 98% accuracy. The results are consistent and comparable with the current state of the art, hence supports the general validity of the algorithms, features, and approaches suggested in those works.

关键词： binary code analysis Firmware analysis Instruction Set Architecture (ISA) Supervised machine learning Reverse engineering Malware analysis Digital forensics

来源：评论

学校读者我要写书评

暂无评论

A Hybrid Aproach for Control Flow Graph Construction from binary code

A Hybrid Aproach for Control Flow Graph Construction from Bi...

引用

20th Asia-Pacific Software Engineering Conference (APSEC)

作者： Minh Hai Nguyen Thien Binh Nguyen Thanh Tho Quan Ogawa, Mizuhito Hochiminh City Univ Technol Fac Comp Sci & Engn Hochiminh City Vietnam Japan Adv Inst Sci & Technol Sch Informat Sci Nomi Ishikawa Japan

ISBN: (纸本)9781479921430

binary code analysis has attracted much attention The difficulty lies in constructing a Control Flow Graph (CFG), which is dynamically generated and modified, such as mutations. Typical examples are handling dynamic jump instructions, in which destinations may be directly modified by rewriting loaded instructions on memory. In this paper, we describe a PhD project proposal on a hybrid approach that combines static analysis and dynamic testing to construct CFG from binary code. Our aim is to minimize false targets produced when processing indirect jumps during CFG construction. To evaluate the potential of our approach, we preliminarily compare results between our method and Jakstab, a state-of-the-art tool in this field.

关键词： binary code analysis static analysis dynamic analysis SMT symbolic execution control flow graph construction

来源：评论

学校读者我要写书评

暂无评论

Incremental Verification of ω-regions on binary Control Flow Graph for Computer Virus Detection

Incremental Verification of ω-regions on Binary Control Flo...

引用

3rd National-Foundation-for-Science-and-Technology-Development Conference on Information and Computer Science (NICS)

作者： Nguyen Thien Binh Quan Thanh Tho Ha Minh Ngoc Nguyen Minh Hai HoChiMinh City Univ Technol Ho Chi Minh City Vietnam Eastern Int Univ Tx Thu Dau Mot Binh Duong Vietnam

ISBN: (纸本)9781509020980

Generally, a computer virus, or virus, consists of two major parts, including a syntactic pattern of signature and code segment performing the core malicious actions. Currently, most of commercial security programs rely on signature matching techniques for virus detection, thus suffering difficulty from some advanced polymorphic viruses which can infinitely change their signatures. In research community, model checking has been proposed to overcome this problem. Representing core malicious actions as temporal logic formulas, a model checker can then verify presence of malicious actions on a control flow graph (CFG) extracted from a binary executable. However, model-checking-based approaches encounter the infamous state explosion problem. In this paper, we tackle this problem by suggesting to partition the binary-extracted CFG into specific sub-graphs, known as omega-regions. Based on empirical observation on real virus samples, we argue that the code segment corresponding for a viral core malicious action should not occupy more than one omega-region. The tactic for location of those omega-egions from a CFG is also presented. This approach allows us to reduce the verification complexity by means of an incremental verification strategy. As a result, we enjoy significant performance improvement when experimenting with real dataset of viruses.

关键词： Malware detection binary code analysis pushdown model checking compositional verification omega-region

来源：评论

学校读者我要写书评

暂无评论

Type Inference on Executables

引用

ACM COMPUTING SURVEYS 2016年第4期48卷 65-65页

作者： Caballero, Juan Lin, Zhiqiang IMDEA Software Inst Madrid Spain Univ Texas Dallas Dept Comp Sci 800 W Campbell Rd Richardson TX 75080 USA

In many applications, source code and debugging symbols of a target program are not available, and the only thing that we can access is the program executable. A fundamental challenge with executables is that, during compilation, critical information such as variables and types is lost. Given that typed variables provide fundamental semantics of a program, for the last 16 years, a large amount of research has been carried out on binary code type inference, a challenging task that aims to infer typed variables from executables (also referred to as binary code). In this article, we systematize the area of binary code type inference according to its most important dimensions: the applications that motivate its importance, the approaches used, the types that those approaches infer, the implementation of those approaches, and how the inference results are evaluated. We also discuss limitations, underdeveloped problems and open challenges, and propose further applications.

关键词： Languages Security Type inference program executables binary code analysis

来源：评论

学校读者我要写书评

暂无评论

Automatic Vulnerability Detection in Embedded Devices and Firmware: Survey and Layered Taxonomies

引用

ACM COMPUTING SURVEYS 2021年第2期54卷 25-25页

作者： Qasem, Abdullah Shirani, Paria Debbabi, Mourad Wang, Lingyu Lebel, Bernard Agba, Basile L. Concordia Univ 1455 Blvd Maisonneuve O Montreal PQ H3G 1M8 Canada Thales Canada Inc 2800 Av Marie Curie Montreal PQ H4S 2C2 Canada Inst Rech Hydro Quebec 1800 Blvd Lionel Boulet Montreal PQ J3X 1S1 Canada

In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security and privacy-sensitive applications. However, the underlying software (a.k.a. firmware) very often suffers from a wide range of security vulnerabilities, mainly due to their outdated systems or reusing existing vulnerable libraries;which is evident by the surprising rise in the number of attacks against embedded systems. Therefore, to protect those embedded systems, detecting the presence of vulnerabilities in the large pool of embedded devices and their firmware plays a vital role. To this end, there exist several approaches to identify and trigger potential vulnerabilities within deployed embedded systems firmware. In this survey, we provide a comprehensive review of the state-of-the-art proposals, which detect vulnerabilities in embedded systems and firmware images by employing various analysis techniques, including static analysis, dynamic analysis, symbolic execution, and hybrid approaches. Furthermore, we perform both quantitative and qualitative comparisons among the surveyed approaches. Moreover, we devise taxonomies based on the applications of those approaches, the features used in the literature, and the type of the analysis. Finally, we identify the unresolved challenges and discuss possible future directions in this field of research.

关键词： binary code analysis embedded device security firmware analysis internet of things (IoT) vulnerability detection

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：