Research Article
Fine-Grained Obfuscation Scheme Recognition on Binary Code
@INPROCEEDINGS{10.1007/978-3-031-06365-7_13, author={Zhenzhou Tian and Hengchao Mao and Yaqian Huang and Jie Tian and Jinrui Li}, title={Fine-Grained Obfuscation Scheme Recognition on Binary Code}, proceedings={Digital Forensics and Cyber Crime. 12th EAI International Conference, ICDF2C 2021, Virtual Event, Singapore, December 6-9, 2021, Proceedings}, proceedings_a={ICDF2C}, year={2022}, month={6}, keywords={Code obfuscation recognition Binary code Neural network}, doi={10.1007/978-3-031-06365-7_13} }- Zhenzhou Tian
Hengchao Mao
Yaqian Huang
Jie Tian
Jinrui Li
Year: 2022
Fine-Grained Obfuscation Scheme Recognition on Binary Code
ICDF2C
Springer
DOI: 10.1007/978-3-031-06365-7_13
Abstract
Code obfuscation is to change program characteristics through code transformation, so as to avoid detection by virus scanners or prevent security analysts from performing reverse analysis. This paper proposes a new method of extracting from functions their reduced shortest paths (RSP), through path search and abstraction, to identify functions in a more fine-grained manner. The method of deep representation learning is utilized to identify whether the binary code is obfuscated and the specific obfuscation algorithms used. In order to evaluate the performance of the model, a data set of 60,000 obfuscation samples is constructed. The extensive experimental evaluation results show that the model can successfully identify the characteristics of code obfuscation. The accuracy for the task of identifying whether the code is obfuscated reaches 98.6%, while the accuracy for the task of identifying the specific obfuscation algorithm performed reaches 97.6%.
