RUS  ENG JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB
 General information Latest issue Archive Impact factor Search papers Search references RSS Latest issue Current issues Archive issues What is RSS

 Model. Anal. Inform. Sist.: Year: Volume: Issue: Page: Find

 Model. Anal. Inform. Sist., 2019, Volume 26, Number 3, Pages 317–331 (Mi mais682)

Software

On the automatic analysis of the practical resistance of obfusting transformations

P. D. Borisov, Yu. V. Kosolapov

Southern Federal University, 8a Milchakova str., Rostov-on-Don 344090, Russia

Abstract: A method is developed for assessing the practical persistence of obfuscating transformations of programs based on the calculation of the similarity index for the original, obfuscated and deobfuscated programs. Candidates are proposed for similarity indices, which are based on such program characteristics as the control flow graph, symbolic execution time and degree of coverage for symbolic execution. The control flow graph is considered as the basis for building other candidates for program similarity indicators. On its basis, a new candidate is proposed for the similarity index, which, when calculated, finds the Hamming distance between the adjacency matrices of control flow graphs of compared programs. A scheme for estimating (analyzing) the persistence of obfuscating transformations is constructed, according to which for the original, obfuscated and deobfuscated programs, the characteristics of these programs are calculated and compared in accordance with the chosen comparison model. The developed scheme, in particular, is suitable for comparing programs based on similarity indices. This paper develops and implements one of the key units of the constructed scheme — a block for obtaining program characteristics compiled for the x86/x86_64 architecture. The developed unit allow to find the control flow graph, the time for symbolic execution and the degree of coverage for symbolic execution. Some results of work of the constructed block are given.

Keywords: code obfuscation, resistance, symbolic execution.

DOI: https://doi.org/10.18255/1818-1015-317-331

Full text: PDF file (828 kB)
References: PDF file   HTML file

UDC: 517.9
Revised: 09.09.2019
Accepted:11.09.2019

Citation: P. D. Borisov, Yu. V. Kosolapov, “On the automatic analysis of the practical resistance of obfusting transformations”, Model. Anal. Inform. Sist., 26:3 (2019), 317–331

Citation in format AMSBIB
\Bibitem{BorKos19} \by P.~D.~Borisov, Yu.~V.~Kosolapov \paper On the automatic analysis of the practical resistance of obfusting transformations \jour Model. Anal. Inform. Sist. \yr 2019 \vol 26 \issue 3 \pages 317--331 \mathnet{http://mi.mathnet.ru/mais682} \crossref{https://doi.org/10.18255/1818-1015-317-331}