Advanced programming in the UNIX environment
Advanced programming in the UNIX environment
Decompilation of binary programs
Software—Practice & Experience
Aggregate structure identification and its application to program analysis
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Watermarking, tamper-proffing, and obfuscation: tools for software protection
IEEE Transactions on Software Engineering
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
Detecting Kernel-Level Rootkits Through Binary Analysis
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Behavior-based spyware detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Binary obfuscation using signals
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Polymorphing Software by Randomizing Data Structure Layout
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Automatic Static Unpacking of Malware Binaries
WCRE '09 Proceedings of the 2009 16th Working Conference on Reverse Engineering
DIVINE: discovering variables in executables
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Can code polymorphism limit information leakage?
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
| Hi-index | 0.00 |
Program obfuscation techniques have been widely used by malware to dodge the scanning from anti-virus detectors. However, signature based on the data structures appearing in the runtime memory makes traditional code obfuscation useless. Laika [2] implements this signature using Bayesian unsupervised learning, which clusters similar vectors of bytes in memory into the same class. We present a novel malware obfuscation technique that automatically obfuscate the data structure layout so that memory similarities between malware programs are blurred and hardly recognized. We design and implement the automatic data structure obfuscation technique as a GNU GCC compiler extension that can automatically distinguish the obfuscability of the data structures and convert part of the unobfuscable data structures into obfuscable. After evaluated by fourteen real-world malware programs, we present that our tool maintains a high proportion of obfuscated data structures as 60.19% for type and 60.49% for variable.