Decompilation of binary programs
Software—Practice & Experience
Watermarking, tamper-proffing, and obfuscation: tools for software protection
IEEE Transactions on Software Engineering
Intraprocedural Static Slicing of Binary Executables
ICSM '97 Proceedings of the International Conference on Software Maintenance
On the (Im)possibility of Obfuscating Programs
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Reverse-Engineering Instruction Encodings
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Detecting Manipulated Remote Call Streams
Proceedings of the 11th USENIX Security Symposium
Static Analysis of Binary Code to Isolate Malicious Behaviors
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Hybrid static-dynamic attacks against software protection mechanisms
Proceedings of the 5th ACM workshop on Digital rights management
A Method for Detecting Obfuscated Calls in Malicious Binaries
IEEE Transactions on Software Engineering
BIRD: Binary Interpretation using Runtime Disassembly
Proceedings of the International Symposium on Code Generation and Optimization
Practical analysis of stripped binary code
ACM SIGARCH Computer Architecture News - Special issue on the 2005 workshop on binary instrumentation and application
Temporal search: detecting hidden malware timebombs with virtual machines
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
HDTrans: an open source, low-level dynamic instrumentation system
Proceedings of the 2nd international conference on Virtual execution environments
Analyzing network traffic to detect self-decrypting exploit code
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
HDTrans: a low-overhead dynamic translator
ACM SIGARCH Computer Architecture News
Key evolution-based tamper resistance: a subgroup extension
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Proceedings of the 9th workshop on Multimedia & security
Program obfuscation: a quantitative approach
Proceedings of the 2007 ACM workshop on Quality of protection
Renovo: a hidden code extractor for packed executables
Proceedings of the 2007 ACM workshop on Recurring malcode
Binary obfuscation using signals
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
A hypervisor-based system for protecting software runtime memory and persistent storage
Proceedings of the 2008 Spring simulation multiconference
Signature Generation and Detection of Malware Families
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Implementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture
SEUS '08 Proceedings of the 6th IFIP WG 10.2 international workshop on Software Technologies for Embedded and Ubiquitous Systems
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
A static API birthmark for Windows binary executables
Journal of Systems and Software
Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
IEICE - Transactions on Information and Systems
Feature set selection in data mining techniques for unknown virus detection: a comparison study
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Learning to analyze binary computer code
AAAI'08 Proceedings of the 23rd national conference on Artificial intelligence - Volume 2
Control flow obfuscation with information flow tracking
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
binOb+: a framework for potent and stealthy binary obfuscation
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
A model for self-modifying code
IH'06 Proceedings of the 8th international conference on Information hiding
Extracting compiler provenance from program binaries
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Static analysis of executables for collaborative malware detection on android
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
N-version disassembly: differential testing of x86 disassemblers
Proceedings of the 19th international symposium on Software testing and analysis
Classification of malware using structured control flow
AusPDC '10 Proceedings of the Eighth Australasian Symposium on Parallel and Distributed Computing - Volume 107
Mimimorphism: a new approach to binary code obfuscation
Proceedings of the 17th ACM conference on Computer and communications security
Hybrid analysis and control of malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
A framework for defending embedded systems against software attacks
ACM Transactions on Embedded Computing Systems (TECS)
Determining malicious executable distinguishing attributes and low-complexity detection
Journal in Computer Virology
Mobile Agent Protection with Self-Modifying Code
Journal of Signal Processing Systems
Generation of control and data flow graphs from scheduled and pipelined assembly code
LCPC'05 Proceedings of the 18th international conference on Languages and Compilers for Parallel Computing
An attack on SMC-based software protection
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Network–Level polymorphic shellcode detection using emulation
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Detecting self-mutating malware using control-flow graph matching
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Remote software-based attestation for wireless sensors
ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Fast malware family detection method using control flow graphs
Proceedings of the 2011 ACM Symposium on Research in Applied Computation
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
A fast static analysis approach to detect exploit code inside network flows
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Instruction embedding for improved obfuscation
Proceedings of the 50th Annual Southeast Regional Conference
Static detection of unsafe component loadings
CC'12 Proceedings of the 21st international conference on Compiler Construction
OS-Sommelier: memory-only operating system fingerprinting in the cloud
Proceedings of the Third ACM Symposium on Cloud Computing
A practical approach for detecting executable codes in network traffic
APNOMS'07 Proceedings of the 10th Asia-Pacific conference on Network Operations and Management Symposium: managing next generation networks and services
Compiler help for binary manipulation tools
Euro-Par'12 Proceedings of the 18th international conference on Parallel processing workshops
Binary-code obfuscations in prevalent packer tools
ACM Computing Surveys (CSUR)
DUET: integration of dynamic and static analyses for malware clustering with cluster ensembles
Proceedings of the 29th Annual Computer Security Applications Conference
Towards automatic software lineage inference
SEC'13 Proceedings of the 22nd USENIX conference on Security
SEC'13 Proceedings of the 22nd USENIX conference on Security
MutantX-S: scalable malware clustering based on static features
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Effective code discovery for ARM/Thumb mixed ISA binaries in a static binary translator
Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems
Hi-index | 0.00 |
Disassembly is the process of recovering a symbolic representation of a program's machine code instructions from its binary representation. Recently, a number of techniques have been proposed that attempt to foil the disassembly process. These techniques are very effective against state-of-the-art disassemblers, preventing a substantial fraction of a binary program from being disassembled correctly. This could allow an attacker to hide malicious code from static analysis tools that depend on correct disassembler output (such as virus scanners). The paper presents novel binary analysis techniques that substantially improve the success of the disassembly process when confronted with obfuscated binaries. Based on control flow graph information and statistical methods, a large fraction of the program's instructions can be correctly identified. An evaluation of the accuracy and the performance of our tool is provided, along with a comparison to several state-of-the-art disassemblers.