Binary program statistical features hiding through huffman obfuscated coding

Authors:
Xiaopeng Niu;Qingbao Li;Wei Wang;Xiaokang Weng
Affiliations:
National Digital Switching System Engineering and Technological Research Center, Zhengzhou, China;National Digital Switching System Engineering and Technological Research Center, Zhengzhou, China;National Digital Switching System Engineering and Technological Research Center, Zhengzhou, China;National Digital Switching System Engineering and Technological Research Center, Zhengzhou, China
Venue:
ICIC'13 Proceedings of the 9th international conference on Intelligent Computing Theories
Year:
2013

Citing 6
Cited 0

Mimic functions

Cryptologia
The Art of Computer Virus Research and Defense

The Art of Computer Virus Research and Defense
Using Entropy Analysis to Find Encrypted and Packed Malware

IEEE Security and Privacy
Mimimorphism: a new approach to binary code obfuscation

Proceedings of the 17th ACM conference on Computer and communications security
Measuring pay-per-install: the commoditization of malware distribution

SEC'11 Proceedings of the 20th USENIX conference on Security
Frankenstein: stitching malware from benign binaries

WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Mutants produced by current metamorphic engine are divers, but they still contain shortcomings that reliably distinguish them from normal program. This paper introduces a novel binary obfuscation technique with the potential of evading both statistical and semantic detections. It transforms the binary program into mimicry executables that exhibit high similarity to benign programs in terms of statistical properties and semantic characteristics. Experimental results show that the mimicry executables are indistinguishable from benign programs in byte frequency distribution and entropy, and no false instructions produced.