RUS  ENG JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB
General information
Latest issue
Archive
Impact factor

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS



Model. Anal. Inform. Sist.:
Year:
Volume:
Issue:
Page:
Find






Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register


Model. Anal. Inform. Sist., 2019, Volume 26, Number 3, Pages 317–331 (Mi mais682)  

Software

On the automatic analysis of the practical resistance of obfusting transformations

P. D. Borisov, Yu. V. Kosolapov

Southern Federal University, 8a Milchakova str., Rostov-on-Don 344090, Russia

Abstract: A method is developed for assessing the practical persistence of obfuscating transformations of programs based on the calculation of the similarity index for the original, obfuscated and deobfuscated programs. Candidates are proposed for similarity indices, which are based on such program characteristics as the control flow graph, symbolic execution time and degree of coverage for symbolic execution. The control flow graph is considered as the basis for building other candidates for program similarity indicators. On its basis, a new candidate is proposed for the similarity index, which, when calculated, finds the Hamming distance between the adjacency matrices of control flow graphs of compared programs. A scheme for estimating (analyzing) the persistence of obfuscating transformations is constructed, according to which for the original, obfuscated and deobfuscated programs, the characteristics of these programs are calculated and compared in accordance with the chosen comparison model. The developed scheme, in particular, is suitable for comparing programs based on similarity indices. This paper develops and implements one of the key units of the constructed scheme — a block for obtaining program characteristics compiled for the x86/x86_64 architecture. The developed unit allow to find the control flow graph, the time for symbolic execution and the degree of coverage for symbolic execution. Some results of work of the constructed block are given.

Keywords: code obfuscation, resistance, symbolic execution.

DOI: https://doi.org/10.18255/1818-1015-317-331

Full text: PDF file (828 kB)
References: PDF file   HTML file

UDC: 517.9
Received: 18.07.2019
Revised: 09.09.2019
Accepted:11.09.2019

Citation: P. D. Borisov, Yu. V. Kosolapov, “On the automatic analysis of the practical resistance of obfusting transformations”, Model. Anal. Inform. Sist., 26:3 (2019), 317–331

Citation in format AMSBIB
\Bibitem{BorKos19}
\by P.~D.~Borisov, Yu.~V.~Kosolapov
\paper On the automatic analysis of the practical resistance of obfusting transformations
\jour Model. Anal. Inform. Sist.
\yr 2019
\vol 26
\issue 3
\pages 317--331
\mathnet{http://mi.mathnet.ru/mais682}
\crossref{https://doi.org/10.18255/1818-1015-317-331}


Linking options:
  • http://mi.mathnet.ru/eng/mais682
  • http://mi.mathnet.ru/eng/mais/v26/i3/p317

    SHARE: VKontakte.ru FaceBook Twitter Mail.ru Livejournal Memori.ru


    Citing articles on Google Scholar: Russian citations, English citations
    Related articles on Google Scholar: Russian articles, English articles
  • Моделирование и анализ информационных систем
    Number of views:
    This page:99
    Full text:15
    References:4

     
    Contact us:
     Terms of Use  Registration  Logotypes © Steklov Mathematical Institute RAS, 2020