Fine-Grained Obfuscation Scheme Recognition on Binary Code

Fine-Grained Obfuscation Scheme Recognition on Binary Code

연구 분야: Analysis

학회: International Conference on Digital Forensics and Cyber Crime

Code obfuscation is to change program characteristics through code transformation, so as to avoid detection by virus scanners or prevent security analysts from performing reverse analysis. This paper proposes a new method of extracting from functions their reduced shortest paths (RSP), through path search and abstraction, to identify functions in a more fine-grained manner. The method of deep representation learning is utilized to identify whether the binary code is obfuscated and the specific obfuscation algorithms used. In order to evaluate the performance of the model, a data set of 60,000 obfuscation samples is constructed. The extensive experimental evaluation results show that the model can successfully identify the characteristics of code obfuscation. The accuracy for the task of identifying whether the code is obfuscated reaches 98.6%, while the accuracy for the task of identifying the specific obfuscation algorithm performed reaches 97.6%.