Abstract
Software obfuscation has always been a controversially discussed research area. While theoretical results indicate that provably secure obfuscation in general is impossible, its widespread application in malware and commercial software shows that it is nevertheless popular in practice. Still, it remains largely unexplored to what extent today’s software obfuscations keep up with state-of-the-art code analysis and where we stand in the arms race between software developers and code analysts. The main goal of this survey is to analyze the effectiveness of different classes of software obfuscation against the continuously improving deobfuscation techniques and off-the-shelf code analysis tools.
The answer very much depends on the goals of the analyst and the available resources. On the one hand, many forms of lightweight static analysis have difficulties with even basic obfuscation schemes, which explains the unbroken popularity of obfuscation among malware writers. On the other hand, more expensive analysis techniques, in particular when used interactively by a human analyst, can easily defeat many obfuscations. As a result, software obfuscation for the purpose of intellectual property protection remains highly challenging.
- Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for cpu based attestation and sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.Google Scholar
- B. Anckaert, B. De Sutter, and K. De Bosschere. 2004. Software piracy prevention through diversity. In Proceedings of the 4th ACM Workshop on Digital Rights Management. ACM, New York, NY, 63--71.Google Scholar
- B. Anckaert, M. Jakubowski, and R. Venkatesan. 2006. Proteus: Virtualization for diversified tamper-resistance. In Proceedings of the ACM Workshop on Digital Rights Management. ACM, New York, NY, 47--58.Google Scholar
- Bertrand Anckaert, Mariusz H. Jakubowski, Ramarathnam Venkatesan, and Chit Wei Saw. 2009. Runtime protection via dataflow flattening. In Proceedings of the 3rd International Conference on Emerging Security Information, Systems and Technologies (SECURWARE’09). IEEE, 242--248.Google ScholarDigital Library
- B. Anckaert, M. Madou, B. De Sutter, B. De Bus, K. De Bosschere, and B. Preneel. 2007. Program obfuscation: A quantitative approach. In Proceedings of the 2007 ACM Workshop on Quality of Protection. ACM, New York, NY, 15--20.Google Scholar
- G. Avoine, P. Junod, and P. Oechslin. 2007. Computer System Security: Basic Concepts and Solved Exercises. EPFL Press.Google Scholar
- D. F. Bacon, S. L. Graham, and O. J. Sharp. 1994. Compiler transformations for high-performance computing. ACM Comput. Surv. 26, 4 (1994), 345--420.Google ScholarDigital Library
- Gogul Balakrishnan and Thomas W. Reps. 2004. Analyzing memory accesses in x86 executables. In Compiler Construction, Evelyn Duesterwald (Ed.). Vol. 2985. Springer, Berlin, 5--23.Google Scholar
- Boaz Barak, Sanjam Garg, Yael Tauman Kalai, Omer Paneth, and Amit Sahai. 2014. Protecting obfuscation against algebraic attacks. In Advances in Cryptology--EUROCRYPT 2014. Springer, Berlin, 221--238.Google Scholar
- B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang. 2001. On the (im)possibility of obfuscating programs. In Advances in Cryptology--Crypto 2001. Springer, Berlin, 1--18.Google Scholar
- Sébastien Bardin, Philippe Herrmann, and Franck Védrine. 2011. Refinement-based CFG reconstruction from unstructured programs. In Proceedings of the 12th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’11). 54--69.Google ScholarDigital Library
- U. Bayer, C. Kruegel, and E. Kirda. 2006. TTAnalyze: A tool for analyzing malware. In Proceedings of the 15th Annual Conference of the European Institute for Computer Antivirus Research (EICAR’06).Google Scholar
- Daniel Bilar. 2007. Opcodes as predictor for malware. Int. J. Electron. Security Digital Forens. 1, 2 (2007), 156--168.Google ScholarDigital Library
- Olivier Billet, Henri Gilbert, and Charaf Ech-Chatbi. 2005. Cryptanalysis of a white box AES implementation. In Proceedings of the 11th International Conference on Selected Areas in Cryptography. Springer, Berlin, 227--240.Google Scholar
- Philippe Biondi and Fabrice Desclaux. 2006. Silver needle in the skype. Black Hat Eur. 6 (2006), 25--47.Google Scholar
- Nir Bitansky, Ran Canetti, Henry Cohn, Shafi Goldwasser, Yael Tauman Kalai, Omer Paneth, and Alon Rosen. 2014. The impossibility of obfuscation with auxiliary input or a universal simulator. In Advances in Cryptology--CRYPTO 2014. Springer, Berlin, 71--89.Google Scholar
- Nir Bitansky, Ran Canetti, Shafi Goldwasser, Shai Halevi, Yael Tauman Kalai, and Guy N. Rothblum. 2011. Program obfuscation with leaky hardware. In Advances in Cryptology--Asiacrypt 2011. Vol. 7073. Springer, Berlin, 722--739.Google Scholar
- Martial Bourquin, Andy King, and Edward Robbins. 2013. BinSlayer: Accurate comparison of binary executables. In Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop. ACM, New York, NY.Google ScholarDigital Library
- Zvika Brakerski and Guy N. Rothblum. 2014. Virtual black-box obfuscation for all circuits via generic graded encoding. In Theory of Cryptography. Springer, Berlin, 1--25.Google Scholar
- Rodrigo Rubira Branco, Gabriel Negreira Barbosa, and Pedro Drimel Neto. 2012. Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies. In Blackhat 2012.Google Scholar
- Murray Brand. 2010. Analysis Avoidance Techniques of Malicious Software. Ph.D. Dissertation. Edith Cowan University.Google Scholar
- Julien Bringer, Herve Chabanne, and Emmanuelle Dottax. 2006. White box cryptography: Another attempt. IACR Cryptology Eprint Archive 2006 (2006).Google Scholar
- Tom Brosch and Maik Morgenstern. 2006. Runtime packers: The hidden problem. Black Hat USA. Retrieved from https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Morgenstern.pdf.Google Scholar
- David Brumley, Ivan Jager, Thanassis Avgerinos, and Edward J. Schwartz. 2011. BAP: A binary analysis platform. In Proceedings of the 23th International Conference on Computer Aided Verification (CAV’11). 463--469.Google Scholar
- David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng. 2008. Automatic patch-based exploit generation is possible: Techniques and implications. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (SP’08). IEEE, 143--157.Google ScholarDigital Library
- D. Bruschi, L. Martignoni, and M. Monga. 2006a. Detecting self-mutating malware using control-flow graph matching. Detection of Intrusions and Malware & Vulnerability Assessment (2006), 129--143.Google Scholar
- Danilo Bruschi, Lorenzo Martignoni, and Mattia Monga. 2006b. Using code normalization for fighting self-mutating malware. In Proceedings of the International Symposium on Secure Software Engineering. 37--44.Google Scholar
- Juan Caballero, Noah M. Johnson, Stephen McCamant, and Dawn Song. 2010. Binary code extraction and interface identification for security applications. In Proceedings of Network and Distributed System Security Symposium (NDSS’09).Google Scholar
- Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, and Dawson R. Engler. 2006. EXE: Automatically generating inputs of death. In Proceedings of the 13th ACM Conference on Computer and Communications Security. 322--335.Google Scholar
- Joan Calvet, José M. Fernandez, and Jean-Yves Marion. 2012. Aligot: Cryptographic function identification in obfuscated binary programs. In Proceedings of the 19th ACM Conference on Computer and Communications Security. ACM, New York, NY, 169--182.Google ScholarDigital Library
- R. Canetti and R. Dakdouk. 2008. Obfuscating point functions with multibit output. Advances in Cryptology--Eurocrypt 2008 (2008), 489--508.Google Scholar
- Gerardo Canfora, Aniello Cimitile, and Andrea De Lucia. 1998. Conditioned program slicing. Inform. Software Technol. 40, 11 (1998), 595--607.Google ScholarCross Ref
- Gerardo Canfora, Aniello Cimitile, Andrea De Lucia, and Giuseppe A. Di Lucca. 1994. Software salvaging based on conditions. In Proceedings of the International Conference on Software Maintenance (ICSM’94). IEEE, 424--433.Google Scholar
- Jan Cappaert, Nessim Kisserli, Dries Schellekens, and Bart Preneel. 2006. Self-encrypting code to protect against analysis and tampering. In Proceedings of the 1st Benelux Workshop on Information and System Security.Google Scholar
- Jan Cappaert and Bart Preneel. 2010. A general model for hiding control flow. In Proceedings of the 10th Annual ACM Workshop on Digital Rights Management. ACM, New York, NY, 35--42.Google ScholarDigital Library
- Hoi Chang and Mikhail J. Atallah. 2002. Protecting software code by guards. In Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management. Springer, Berlin, 160--175.Google ScholarDigital Library
- Mohamed R. Chouchane and Arun Lakhotia. 2006. Using engine signature to detect metamorphic malware. In Proceedings of the 4th ACM Workshop on Recurring Malcode. ACM, New York, NY, 73--78.Google Scholar
- S. Chow, P. Eisen, H. Johnson, and P. Van Oorschot. 2003a. White-box cryptography and an AES implementation. In Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography. Springer, Berlin, 250--270.Google Scholar
- Stanley Chow, Phil Eisen, Harold Johnson, and Paul C. Van Oorschot. 2003b. A white-box DES implementation for DRM applications. In Digital Rights Management. Vol. 2696. Springer, Berlin, 1--15.Google Scholar
- Stanley Chow, Yuan Gu, Harold Johnson, and Vladimir A. Zakharov. 2001. An approach to the obfuscation of control-flow of sequential computer programs. In Information Security. Springer, Berlin, 144--155.Google Scholar
- Mihai Christodorescu, Somesh Jha, Johannes Kinder, Stefan Katzenbeisser, and Helmut Veith. 2007. Software transformations to improve malware detection. J. Comput. Virol. 3, 4 (2007), 253--265.Google ScholarCross Ref
- M. Christodorescu, S. Jha, S. A. Seshia, D. Song, and R. E. Bryant. 2005. Semantics-aware malware detection. In Proceedings of the 26th IEEE Symposium on Security and Privacy. IEEE, 32--46.Google Scholar
- Cristina Cifuentes and K. John Gough. 1995. Decompilation of binary programs. Software Pract. Exp. 25, 7 (1995), 811--829.Google ScholarDigital Library
- Aniello Cimitile, Andrea De Lucia, and Malcolm Munro. 1996. A specification driven slicing process for identifying reusable functions. J. Software Maint. Res. Pract. 8, 3 (1996), 145--178.Google ScholarDigital Library
- F. B. Cohen. 1993. Operating system protection through program evolution. Comput. Security 12, 6 (1993), 565--584.Google ScholarDigital Library
- Christian Collberg and Jasvir Nagra. 2009. Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Addison-Wesley Professional.Google ScholarDigital Library
- C. Collberg, C. Thomborson, and D. Low. 1997. A Taxonomy of Obfuscating Transformations. Technical Report. Department of Computer Science, The University of Auckland, New Zealand.Google Scholar
- Christian Collberg, Clark Thomborson, and Douglas Low. 1998a. Breaking abstractions and unstructuring data structures. In Proceedings of the 1998 International Conference on Computer Languages. IEEE, 28--38.Google ScholarDigital Library
- C. Collberg, C. Thomborson, and D. Low. 1998b. Manufacturing cheap, resilient, and stealthy opaque constructs. In Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York, NY, 184--196.Google Scholar
- Paolo Milani Comparetti, Guido Salvaneschi, Engin Kirda, Clemens Kolbitsch, Christopher Kruegel, and Stefano Zanero. 2010. Identifying dormant functionality in malware programs. In Proceedings of the 30th IEEE Symposium on Security and Privacy. IEEE, 61--76.Google ScholarDigital Library
- Kevin Coogan, Saumya Debray, Tasneem Kaochar, and Gregg Townsend. 2009. Automatic static unpacking of malware binaries. In Proceedings of the 16th Working Conference on Reverse Engineering (WCRE’09). IEEE, 167--176.Google ScholarDigital Library
- K. Coogan, G. Lu, and S. Debray. 2011. Deobfuscation of virtualization-obfuscated software: A semantics-based approach. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, New York, NY, 275--284.Google Scholar
- Bart Coppens, Bjorn De Sutter, and Jonas Maebe. 2013. Feedback-driven binary code diversification. ACM Trans. Arch. Code Optimiz. (TACO) 9, 4 (2013).Google Scholar
- Anthony Cozzie, Frank Stratton, Hui Xue, and Samuel T. King. 2008. Digging for data structures. In Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI’08).Google Scholar
- Jedidiah R. Crandall, Gary Wassermann, Daniela A. S. de Oliveira, Zhendong Su, S. Felix Wu, and Frederic T. Chong. 2006. Temporal search: Detecting hidden malware timebombs with virtual machines. ACM SIGPLAN Not. 41, 11 (2006), 25--36.Google ScholarDigital Library
- Mila Dalla Preda and Roberto Giacobazzi. 2005. Semantic-based code obfuscation by abstract interpretation. In Automata, Languages and Programming. Springer, Berlin, 1325--1336.Google Scholar
- M. Dalla Preda, R. Giacobazzi, S. Debray, K. Coogan, and G. Townsend. 2011. Modelling metamorphism by abstract interpretation. In Proceedings of the 17th Annual Symposium onStatic Analysis. 218--235.Google Scholar
- M. Dalla Preda, M. Madou, K. De Bosschere, and R. Giacobazzi. 2006. Opaque predicates detection by abstract interpretation. Algebr. Methodol. Software Technol. (2006), 81--95.Google Scholar
- Sebastian Danicic, Mohammed Daoudi, Chris Fox, Mark Harman, Robert M. Hierons, John R. Howroyd, Lahcen Ourabya, and Martin Ward. 2005. Consus: A light-weight program conditioner. J. Syst. Software 77, 3 (2005), 241--262.Google ScholarDigital Library
- Sebastian Danicic, Andrea De Lucia, and Mark Harman. 2004. Building executable union slices using conditioned slicing. In Proceedings of the 12th IEEE International Workshop on Program Comprehension. IEEE, 89--97.Google ScholarCross Ref
- Manuvir Das, Sorin Lerner, and Mark Seigle. 2002. ESP: Path-sensitive program verification in polynomial time. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation. New York, NY, 57--68.Google ScholarDigital Library
- Lucas Davi, Alexandra Dmitrienko, Stefan Nürnberger, and Ahmad-Reza Sadeghi. 2012. XIFER: A software diversity tool against code-reuse attacks. In Proceedings of the 4th ACM International Workshop on Wireless of the Students, by the Students, for the Students (S3’12).Google Scholar
- Yoni De Mulder, Brecht Wyseur, and Bart Preneel. 2010. Cryptanalysis of a perturbated white-box AES implementation. In Progress in Cryptology—INDOCRYPT 2010. Springer, Berlin, 292--310.Google ScholarCross Ref
- B. De Sutter, B. Anckaert, J. Geiregat, D. Chanet, and K. De Bosschere. 2009. Instruction set limitation in support of software diversity. Inform. Security Cryptol. (2009), 152--165.Google Scholar
- Saumya Debray and Jay Patel. 2010. Reverse engineering self-modifying code: Unpacker extraction. In 17th Working Conference on Reverse Engineering (WCRE’10). IEEE, 131--140.Google ScholarDigital Library
- N. Dedić, M. Jakubowski, and R. Venkatesan. 2007. A graph game model for software tamper protection. In Proceedings of the 9th International Conference on Information Hiding. Springer-Verlag, 80--95.Google Scholar
- J. C. Deprez and A. Lakhotia. 2000. A formalism to automate mapping from program features to code. In Proceedings of the 8th International Workshop on Program Comprehension. IEEE, 69--78.Google Scholar
- Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. 2013. Protocol misidentification made easy with format-transforming encryption. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. ACM, New York, NY, 61--72.Google ScholarDigital Library
- Chris Eagle. 2008. The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler. No Starch Press.Google Scholar
- Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. 2012. A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44, 2 (2012).Google Scholar
- Eldad Eilam. 2005. Reversing: Secrets of Reverse Engineering. Wiley, New York, NY.Google Scholar
- M. V. Emmerik and Trent Waddington. 2004. Using a decompiler for real-world source recovery. In Proceedings of the 11th Working Conference on Reverse Engineering. IEEE, 27--36.Google ScholarCross Ref
- Justin Ferguson and Daniel Kaminsky. 2008. Reverse Engineering Code with IDA Pro. Syngress.Google Scholar
- John Field, Ganesan Ramalingam, and Frank Tip. 1995. Parametric program slicing. In Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York, NY, 379--392.Google ScholarDigital Library
- Halvar Flake. 2004. Structural comparison of executable objects. In Proceedings of the Detection of Intrusions and Malware & Vulnerability Assessment, GI SIG SIDAR Workshop (DIMVA’’04). 161--173.Google Scholar
- Christophe Foket, Bjorn De Sutter, Bart Coppens, and Koen De Bosschere. 2013. A novel obfuscation: Class hierarchy flattening. In Foundations and Practice of Security. Springer, Berlin, 194--210.Google Scholar
- Christophe Foket, Bjorn De Sutter, and Koen De Bosschere. 2014. Pushing java type obfuscation to the limit. IEEE Trans. Dependable Secure Comput. 6 (2014), 553--567.Google ScholarCross Ref
- Stephanie Forrest, Anil Somayaji, and David H. Ackley. 1997. Building diverse computer systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems. IEEE, 67--72.Google Scholar
- Chris Fox, Sebastian Danicic, Mark Harman, and Robert M. Hierons. 2004. ConSIT: A fully automated conditioned program slicer. Software: Pract. Exp. 34, 1 (2004), 15--46.Google ScholarDigital Library
- Michael Franz. 2010. E. unibus pluram: Massive-scale software diversity as a defense mechanism. In Proceedings of the 2010 Workshop on New Security Paradigms. ACM, New York, NY, 7--16.Google ScholarDigital Library
- Bin Fu, Sai Aravalli, and John Abraham. 2007. Software protection by hardware and obfuscation. In Proceedings of the 2007 International Conference on Security & Management (SAM’’07). 367--373.Google Scholar
- Debin Gao, Michael K. Reiter, and Dawn Song. 2008. Binhunt: Automatically finding semantic differences in binary programs. In Information and Communications Security. Springer, Berlin, 238--255.Google Scholar
- Sanjam Garg, Craig Gentry, Shai Halevi, Mariana Raykova, Amit Sahai, and Brent Waters. 2013. Candidate indistinguishability obfuscation and functional encryption for all circuits. In Proceedings of the 2013 IEEE 54th Annual Symposium on Foundations of Computer Science (FOCS’13). IEEE, 40--49.Google ScholarDigital Library
- Sudeep Ghosh, Jason D. Hiser, and Jack W. Davidson. 2010. A secure and robust approach to software tamper resistance. In Information Hiding. Springer, Berlin, 33--47.Google Scholar
- Roberto Giacobazzi. 2008. Hiding information in completeness holes: New perspectives in code obfuscation and watermarking. In Proceedings of the 6th IEEE International Conference on Software Engineering and Formal Methods (SEFM’08). IEEE, 7--18.Google ScholarDigital Library
- Roberto Giacobazzi and Isabella Mastroeni. 2012. Making abstract interpretation incomplete: Modeling the potency of obfuscation. In Proceedings of the 19th International Symposium Static Analysis (SAS’12). Springer, Berlin, 129--145.Google ScholarDigital Library
- Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005. DART: Directed automated random testing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’05). 213--223.Google ScholarDigital Library
- Patrice Godefroid, Michael Y. Levin, and David A. Molnar. 2008. Automated whitebox fuzz testing. In Proceedings of Network and Distributed System Security Symposium (NDSS’08).Google Scholar
- Shafi Goldwasser and Guy N. Rothblum. 2007. On best-possible obfuscation. In Theory of Cryptography. Vol. 4392. Springer, Berlin, 194--213.Google Scholar
- L. Goubin, J. M. Masereel, and M. Quisquater. 2007. Cryptanalysis of white box DES implementations. In Selected Areas in Cryptography. Vol. 4876. Springer, Berlin, 278--295.Google Scholar
- K. Griffin, S. Schneider, X. Hu, and T. Chiueh. 2009. Automatic generation of string signatures for malware detection. In Recent Advances in Intrusion Detection. Lecture Notes in Computer Science, Vol. 5758. Springer, Berlin, 101--120.Google Scholar
- Felix Gröbert, Carsten Willems, and Thorsten Holz. 2011. Automated identification of cryptographic primitives in binary programs. In Recent Advances in Intrusion Detection. Lecture Notes in Computer Science, Vol. 6961. Springer, Berlin, 41--60.Google Scholar
- Derrick Grover. 1992. Protection of Computer Software: Its Technology and Application. Cambridge University Press, Cambridge.Google Scholar
- Y. Guillot and A. Gazet. 2010. Automatic binary deobfuscation. J. Comput. Virol. 6, 3 (2010), 261--276.Google ScholarCross Ref
- Wadie Guizani, J.-Y. Marion, and Daniel Reynaud-Plantey. 2009. Server-side dynamic code analysis. In Proceedings of the 2009 4th International Conference on Malicious and Unwanted Software (MALWARE’09). IEEE, 55--62.Google ScholarCross Ref
- L. C. Harris and B. P. Miller. 2005. Practical analysis of stripped binary code. ACM SIGARCH Comput. Arch. News 33, 5 (2005), 63--68.Google ScholarDigital Library
- Bill Horne, Lesley Matheson, Casey Sheehan, and Robert E. Tarjan. 2002. Dynamic self-checking techniques for improved tamper resistance. In Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management. Springer, Berlin, 141--159.Google Scholar
- S. Horwitz. 1997. Precise flow-insensitive may-alias analysis is np-hard. ACM Trans. Program. Lang. Syst. 19, 1 (1997), 1--6.Google ScholarDigital Library
- Grégoire Jacob, Paolo Milani Comparetti, Matthias Neugschwandtner, Christopher Kruegel, and Giovanni Vigna. 2012. A static, packer-agnostic filter to detect similar malware samples. In Proceedings of the 9th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer-Verlag, 102--122.Google ScholarDigital Library
- M. Jacob, D. Boneh, and E. Felten. 2003. Attacking an obfuscated cipher by injecting faults. Digital Rights Manag. (2003), 16--31.Google Scholar
- Matthias Jacob, Mariusz H. Jakubowski, and Ramarathnam Venkatesan. 2007. Towards integral binary execution: Implementing oblivious hashing using overlapped instruction encodings. In Proceedings of the 9th Workshop on Multimedia & Security. ACM, New York, NY, 129--140.Google ScholarDigital Library
- M. Jakubowski, P. Naldurg, V. Patankar, and R. Venkatesan. 2007. Software integrity checking expressions (ICEs) for robust tamper detection. In Information Hiding. Vol. 4567. Springer, Berlin, 96--111.Google Scholar
- Min Gyung Kang, Pongsin Poosankam, and Heng Yin. 2007. Renovo: A hidden code extractor for packed executables. In Proceedings of the 2007 ACM Workshop on Recurring Malcode. ACM, New York, NY, 46--53.Google ScholarDigital Library
- Yuichiro Kanzaki, Akito Monden, Masahide Nakamura, and Ken-ichi Matsumoto. 2003. Exploiting self-modification mechanism for program protection. In Proceedings of the 27th Annual International Conference on Computer Software and Applications. IEEE, 170--179.Google ScholarDigital Library
- Abhishek Karnik, Suchandra Goswami, and Ratan Guha. 2007. Detecting obfuscated viruses using cosine similarity analysis. In Proceedings of the 1st Asia International Conference on Modelling & Simulation (AMS’’07). IEEE, 165--170.Google ScholarDigital Library
- Dhiru Kholia and Przemysław Wegrzyn. 2013. Looking inside the (drop)box. In Proceedings of the 7th Usenix Workshop on Offensive Technologies (Woot’13).Google Scholar
- Johannes Kinder. 2012. Towards static analysis of virtualization-obfuscated binaries. In Proceedings of the 19th Working Conference Reverse Engineering (WCRE 2012). IEEE, 61--70.Google ScholarDigital Library
- Johannes Kinder, Stefan Katzenbeisser, Christian Schallhart, and Helmut Veith. 2005. Detecting malicious code by model checking. In Detection of Intrusions and Malware, and Vulnerability Assessment. Vol. 3548. Springer, Berlin, 174--187.Google Scholar
- J. Kinder and H. Veith. 2008. Jakstab: A static analysis platform for binaries. In Proceedings of the 20th International Conference on Computer Aided Verification (CAV’08). Springer, Berlin, 423--427.Google Scholar
- J. Kinder, F. Zuleger, and H. Veith. 2009. An abstract interpretation-based framework for control flow reconstruction from binaries. In Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI’09). Springer, Berlin, 214--228.Google Scholar
- James C. King. 1976. Symbolic execution and program testing. Commun. ACM 19, 7 (1976), 385--394.Google ScholarDigital Library
- S. T. King and P. M. Chen. 2006. SubVirt: Implementing malware with virtual machines. In Proceedings of the 27th IEEE Symposium on Security and Privacy. IEEE.Google Scholar
- C. Kolbitsch, T. Holz, C. Kruegel, and E. Kirda. 2010. Inspector gadget: Automated extraction of proprietary gadgets from malware binaries. In Proceedings of the 30th IEEE Symposium on Security and Privacy. IEEE, 29--44.Google Scholar
- Clemens Kolbitsch, Engin Kirda, and Christopher Kruegel. 2011. The power of procrastination: Detection and mitigation of execution-stalling malicious code. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, New York, NY, 285--296.Google ScholarDigital Library
- Christopher Krügel, William K. Robertson, Fredrik Valeur, and Giovanni Vigna. 2004. Static disassembly of obfuscated binaries. In Proceedings of the USENIX Security Symposium. 255--270.Google Scholar
- Arun Lakhotia, Davidson R. Boccardo, Anshuman Singh, and Aleardo Manacero Jr. 2010. Context-sensitive analysis without calling-context. Higher-Order Symbol. Comput. 23, 3 (2010), 275--313.Google ScholarDigital Library
- Filippo Lanubile and Giuseppe Visaggio. 1997. Extracting reusable functions by flow graph based program slicing. IEEE Trans. Software Eng. 23, 4 (1997), 246--259.Google ScholarDigital Library
- Tımea László and Ákos Kiss. 2009. Obfuscating C++ programs via control flow flattening. Annales Universitatis Scientarum Budapestinensis De Rolando Eötvös Nominatae, Sectio Computatorica 30 (2009), 3--19.Google Scholar
- Felix Leder, Peter Martini, and Andre Wichmann. 2009. Finding and extracting crypto routines from malware. In IEEE 28th International Performance Computing and Communications Conference (IPCCC’09). IEEE, Washington, DC, 394--401.Google ScholarCross Ref
- J. Li, M. Xu, N. Zheng, and J. Xu. 2009. Malware obfuscation detection via maximal patterns. In Proceedings of the 3rd International Symposium on Intelligent Information Technology Application (LITA’09), Vol. 2. IEEE, 324--328.Google Scholar
- Z. Lin, X. Zhang, and D. Xu. 2010. Automatic reverse engineering of data structures from binary execution. In Proceedings of the 17th Network and Distributed System Security Symposium.Google Scholar
- Hamilton E. Link and William D. Neumann. 2005. Clarifying obfuscation: Improving the security of white-box des. In Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05), Vol. 1. IEEE, 679--684.Google Scholar
- Hamilton E. Link, Richard Crabtree Schroeppel, William Douglas Neumann, Philip LaRoche Campbell, Cheryl Lynn Beaver, Lyndon George Pierson, and William Erik Anderson. 2004. Securing Mobile Code. Technical Report. Sandia National Laboratories.Google Scholar
- C. Linn and S. Debray. 2003. Obfuscation of executable code to improve resistance to static disassembly. In Proceedings of the 10th ACM Conference on Computer and Communications Security. ACM, New York, NY, 290--299.Google Scholar
- Benno Lomb and Tim Guneysu. 2011. Decrypting HDCP-protected video streams using reconfigurable hardware. In Proceedings of the International Conference on Reconfigurable Computing and FPGAs (ReConFig’11). IEEE, 249--254.Google ScholarDigital Library
- B. Lynn, M. Prabhakaran, and A. Sahai. 2004. Positive results and techniques for obfuscation. In Advances in Cryptology--Eurocrypt 2004. Springer, Berlin, 20--39.Google Scholar
- Matias Madou, Bertrand Anckaert, Bruno De Bus, Koen De Bosschere, Jan Cappaert, and Bart Preneel. 2006. On the effectiveness of source code transformations for binary obfuscation. In Proceedings of the International Conference on Software Engineering Research and Practice (SERP’06). 527--533.Google Scholar
- Matias Madou, Bertrand Anckaert, Bjorn De Sutter, and Koen De Bosschere. 2005. Hybrid static-dynamic attacks against software protection mechanisms. In Proceedings of the 5th ACM Workshop on Digital Rights Management. ACM, New York, NY, 75--82.Google ScholarDigital Library
- Matias Madou, Bertrand Anckaert, Patrick Moseley, Saumya Debray, Bjorn De Sutter, and Koen De Bosschere. 2006a. Software protection through dynamic code mutation. In Information Security Applications. Springer, Berlin, 194--206.Google Scholar
- M. Madou, L. Van Put, and K. De Bosschere. 2006b. LOCO: An interactive code (de) obfuscation tool. In Proceedings of the 2006 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation. ACM, New York, NY, 140--144.Google Scholar
- M. Madou, L. Van Put, and K. De Bosschere. 2006c. Understanding obfuscated code. In Proceedings of the 14th IEEE International Conference on Program Comprehension (ICPC’06). IEEE, 268--274.Google Scholar
- A. Majumdar, A. Monsifrot, and C. Thomborson. 2006. On evaluating obfuscatory strength of alias-based transforms using static analysis. In Proceedings of the International Conference on Advanced Computing and Communications (ADCOM’06). IEEE, 605--610.Google Scholar
- Anirban Majumdar and Clark Thomborson. 2006. Manufacturing opaque predicates in distributed systems for code obfuscation. In Proceedings of the 29th Australasian Computer Science Conference-Volume 48. Australian Computer Society, 187--196.Google ScholarDigital Library
- Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus. 2009. English shellcode. In Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, New York, NY, 524--533.Google ScholarDigital Library
- Aleksandr Matrosov, Eugene Rodionov, David Harley, and Juraj Malcho. 2010. Stuxnet under the microscope. ESET LLC (September 2010) (2010).Google Scholar
- Nikos Mavrogiannopoulos, Nessim Kisserli, and Bart Preneel. 2011. A taxonomy of self-modifying code for obfuscation. Comput. Security 30, 8 (2011), 679--691.Google ScholarDigital Library
- Wil Michiels, Paul Gorissen, and Henk D. L. Hollmann. 2009. Cryptanalysis of a generic class of white-box implementations. In Selected Areas in Cryptography. Vol. 5381. Springer, Berlin, 414--428.Google Scholar
- Craig Miles, Arun Lakhotia, and Andrew Walenstein. 2012. In situ reuse of logically extracted functional components. J. Comput. Virol. 8, 3 (2012), 73--84.Google ScholarDigital Library
- Akito Monden, Antoine Monsifrot, and Clark Thomborson. 2004. A framework for obfuscated interpretation. In Proceedings of the 2nd Workshop on Australasian Information Security, Data Mining and Web Intelligence, and Software Internationalisation-Volume 32. Australian Computer Society, 7--16.Google ScholarDigital Library
- Andreas Moser, Christopher Kruegel, and Engin Kirda. 2007a. Exploring multiple execution paths for malware analysis. In Proceedings of the 28th IEEE Symposium on Security and Privacy. IEEE, 231--245.Google ScholarDigital Library
- A. Moser, C. Kruegel, and E. Kirda. 2007b. Limits of static analysis for malware detection. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC’07). IEEE, 421--430.Google Scholar
- M. Myska. 2009. The true story of DRM. Masaryk Ujl & Tech. 3 (2009), 267--278.Google Scholar
- C. Nachenberg. 1997. Computer virus-coevolution. Commun. ACM 50, 1 (1997), 46--51.Google ScholarDigital Library
- Vijayanand Nagarajan, Rajiv Gupta, Xiangyu Zhang, Matias Madou, and Bjorn De Sutter. 2007. Matching control flow of program versions. In Proceedings of the IEEE International Conference on Software Maintenance (ICSM’07). IEEE, 84--93.Google ScholarCross Ref
- J. Newsome, B. Karp, and D. Song. 2005. Polygraph: Automatically generating signatures for polymorphic worms. In Proceedings of the 26th IEEE Symposium on Security and Privacy. IEEE, 226--241.Google Scholar
- Flemming Nielson, Hanne R. Nielson, and Chris Hankin. 1999. Principles of Program Analysis. Springer, Berlin.Google Scholar
- Jim Q Ning, Andre Engberts, and Wojtek Kozaczynski. 1993. Recovering reusable components from legacy systems by program segmentation. In Proceedings of the Working Conference on Reverse Engineering. IEEE, 64--72.Google ScholarCross Ref
- Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, and Yi Zhang. 2000. Experience with software watermarking. In Proceedings of the 16th Annual Conference on Computer Security Applications (ACSAC’00). IEEE, 308--316.Google ScholarCross Ref
- Ugo Piazzalunga, Paolo Salvaneschi, Francesco Balducci, Pablo Jacomuzzi, and Cristiano Moroncelli. 2007. Security strength measurement for dongle-protected software. IEEE Security Privacy 5, 6 (2007), 32--40.Google ScholarDigital Library
- Igor V. Popov, Saumya K. Debray, and Gregory R. Andrews. 2007. Binary obfuscation using signals. In Proceedings of the Usenix Security Symposium. 275--290.Google Scholar
- Daniel A. Quist and Lorie M. Liebrock. 2009. Visualizing compiled executables for malware analysis. In Proceedings of the 6th International Workshop on Visualization for Cyber Security, 2009 (VizSec’09). IEEE, 27--32.Google Scholar
- Jason Raber and Eric Laspe. 2007. Deobfuscator: An automated approach to the identification and removal of code obfuscation. In Proceedings of the 14th Working Conference on Reverse Engineering (WCRE’07). IEEE, 275--276.Google ScholarDigital Library
- G. Ramalingam. 1994. The undecidability of aliasing. ACM Trans. Program. Lang. Syst. 16, 5 (1994), 1467--1471.Google ScholarDigital Library
- J. Riordan and B. Schneier. 1998. Environmental key generation towards clueless agents. Mobile Agents and Security (1998), 15--24.Google Scholar
- R. Rolles. 2009. Unpacking virtualization obfuscators. In Proceedings of the 3rd Usenix Workshop on Offensive Technologies (Woot’09).Google ScholarDigital Library
- Kevin A. Roundy and Barton P. Miller. 2013. Binary-code obfuscations in prevalent packer tools. ACM Comput. Surv. 46, 1 (2013).Google Scholar
- P. Royal, M. Halpin, D. Dagon, R. Edmonds, and W. Lee. 2006. Polyunpack: Automating the hidden-code extraction of unpack-executing malware. In Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC’06). IEEE, 289--300.Google Scholar
- S. Rugaber, K. Stirewalt, and L. M. Wills. 1995. The interleaving problem in program understanding. In Proceedings of the 2nd Working Conference on Reverse Engineering. IEEE, 166--175.Google Scholar
- Yusuke Sakabe, Masakazu Soshi, and Atsuko Miyaji. 2005. Java obfuscation approaches to construct tamper-resistant object-oriented programs. IPSJ Digital Courier 1 (2005), 349--361.Google ScholarCross Ref
- Amitabh Saxena, Brecht Wyseur, and Bart Preneel. 2009. Towards security notions for white-box cryptography. In Information Security. Springer, Berlin, 49--58.Google Scholar
- S. Schrittwieser and S. Katzenbeisser. 2011. Code obfuscation against static and dynamic reverse engineering. In Proceedings of the 13th International Conference on Information Hiding (IH’11). Springer, Berlin, 270--284.Google Scholar
- Sebastian Schrittwieser, Stefan Katzenbeisser, Peter Kieseberg, Markus Huber, Manuel Leithner, Martin Mulazzani, and Edgar Weippl. 2013. Covert computation: Hiding code in code for obfuscation purposes. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. ACM, 529--534.Google ScholarDigital Library
- Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proceedings of the 31st IEEE Symposium on Security and Privacy, S&P 2010. 317--331.Google ScholarDigital Library
- Edward J. Schwartz, J. Lee, Maverick Woo, and David Brumley. 2013. Native x86 decompilation using semantics-preserving structural analysis and iterative control-flow structuring. In Proceedings of the Usenix Security Symposium.Google Scholar
- Benjamin Schwarz, Saumya Debray, and Gregory Andrews. 2002. Disassembly of executable code revisited. In Proceedings of the 9th Working Conference on Reverse Engineering. IEEE, 45--54.Google ScholarCross Ref
- Koushik Sen, Darko Marinov, and Gul Agha. 2005. CUTE: A concolic unit testing engine for C. In Proceedings of the 10th European Software Engineering Conference held jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering. 263--272.Google ScholarCross Ref
- Hovav Shacham. 2007. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, New York NY, 552--561.Google ScholarDigital Library
- Adi Shamir and Nicko Van Someren. 1999. Playing’hide and seek’ with stored keys. In Financial Cryptography. Vol. 1648. Springer, Berlin, 118--124.Google Scholar
- M. Sharif, A. Lanzi, J. Giffin, and W. Lee. 2009. Automatic reverse engineering of malware emulators. In Proceedings of the 30th IEEE Symposium on Security and Privacy. IEEE, 94--109.Google Scholar
- M. Sharif, V. Yegneswaran, H. Saidi, P. Porras, and W. Lee. 2008. Eureka: A framework for enabling static malware analysis. Computer Security-Esorics 2008 (2008), 481--500.Google Scholar
- Monirul I. Sharif, Andrea Lanzi, Jonathon T. Giffin, and Wenke Lee. 2008. Impeding malware analysis using conditional code obfuscation. In Proceedings of the Network and Distributed System Security Symposium (NDSS’08).Google Scholar
- A. Slowinska, T. Stancescu, and H. Bos. 2011. Howard: A dynamic excavator for reverse engineering data structures. In Proceedings of the Network and Distributed System Security Symposium (NDSS’11).Google Scholar
- Harry M. Sneed. 2000. Encapsulation of legacy software: A technique for reusing legacy software components. Ann. Software Eng. 9, 1--2 (2000), 293--313.Google ScholarDigital Library
- Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena. 2008. BitBlaze: A new approach to computer security via binary analysis. In Proceedings of the 4th International Conference on Information Systems Security. Keynote Invited Paper.Google ScholarDigital Library
- Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo. 2010. On the infeasibility of modeling polymorphic shellcode. Mach. Learn. 81, 2 (2010), 179--205.Google ScholarDigital Library
- Mikhail Sosonkin, Gleb Naumovich, and Nasir Memon. 2003. Obfuscation of design intent in object-oriented applications. In Proceedings of the 3rd ACM Workshop on Digital Rights Management. ACM, New York, NY, 142--153.Google ScholarDigital Library
- Joe Stewart. 2006. Ollybone: Semi-automatic unpacking on IA-32. In Proceedings of the 14th Def Con Hacking Conference.Google Scholar
- Y. Tang and S. Chen. 2007. An automated signature-based approach against polymorphic internet worms. IEEE Trans. Parallel Distrib. Syst. 18, 7 (2007).Google ScholarDigital Library
- A. Thakur, J. Lim, A. Lal, A. Burton, E. Driscoll, M. Elder, T. Andersen, and T. Reps. 2010. Directed proof generation for machine code. In Proceedings of the 22th International Conference on Computer Aided Verification (CAV’10). Springer, Berlin, 288--305.Google Scholar
- S. R. Tilley, S. Paul, and D. B. Smith. 1996. Towards a framework for program understanding. In Proceedings of the 4th Workshop on Program Comprehension. IEEE, 19--28.Google Scholar
- S. Treadwell and M. Zhou. 2009. A heuristic approach for detection of obfuscated malware. In Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI’09). IEEE, 291--299.Google Scholar
- H. Y. Tsai, Y. L. Huang, and D. Wagner. 2009. A graph approach to quantitative analysis of control-flow obfuscating transformations. IEEE Trans. Inform. Forens. Security 4, 2 (2009), 257--267.Google ScholarDigital Library
- S. K. Udupa, S. K. Debray, and M. Madou. 2005. Deobfuscation: Reverse engineering obfuscated code. In Proceedings of the 12th Working Conference on Reverse Engineering. IEEE.Google Scholar
- Zeljko Vrba, Pål Halvorsen, and Carsten Griwodz. 2010. Program obfuscation by strong cryptography. In Proceedings of the International Conference on Availability, Reliability, and Security (ARES’10). IEEE, 242--247.Google ScholarCross Ref
- A. Walenstein, R. Mathur, M. R. Chouchane, and A. Lakhotia. 2006. Normalizing metamorphic malware using term rewriting. In Proceedings of the 6th IEEE International Workshop on Source Code Analysis and Manipulation (SCAM’06). IEEE, 75--84.Google Scholar
- C. Wang, J. Davidson, J. Hill, and J. Knight. 2001. Protection of software-based survivability mechanisms. In Proceedings of the 2001 International Conference on Dependable Systems and Networks (Formerly: FTCS). IEEE, 193--202.Google Scholar
- C. Wang, J. Hill, J. Knight, and J. Davidson. 2000. Software Tamper Resistance: Obstructing Static Analysis of Programs. Technical Report. CS-2000-12, University of Virginia.Google Scholar
- M. Webster and G. Malcolm. 2009. Detection of metamorphic and virtualization-based malware using algebraic specification. J. Comput. Virol. 5, 3 (2009), 221--245.Google ScholarCross Ref
- H. Wee. 2005. On obfuscating point functions. In Proceedings of the 37th Annual ACM Symposium on Theory of Computing. ACM, New York, NY, 523--532.Google ScholarDigital Library
- N. Wilde and M. C. Scully. 2006. Software reconnaissance: Mapping program features to code. J. Software Maint.: Res. Pract. 7, 1 (2006), 49--62.Google ScholarDigital Library
- Carsten Willems and Felix C. Freiling. 2012. Reverse code engineering-state of the art and countermeasures. Inform. Technol. 54, 2 (2012), 53--63.Google ScholarCross Ref
- M. J. Wolfe, C. Shanklin, and L. Ortega. 1995. High Performance Compilers for Parallel Computing. Addison-Wesley Longman, Reading, MA.Google Scholar
- Z. Wu, S. Gianvecchio, M. Xie, and H. Wang. 2010. Mimimorphism: A new approach to binary code obfuscation. In Proceedings of the 17th ACM Conference on Computer and Communications Security. ACM, New York, NY, 536--546.Google Scholar
- Brecht Wyseur. 2009. White-Box Cryptography. Ph.D. Dissertation. KU Leuven.Google Scholar
- B. Wyseur, W. Michiels, P. Gorissen, and B. Preneel. 2007. Cryptanalysis of white-box DES implementations with arbitrary external encodings. In Proceedings of the 14th International Conference on Selected Areas in Cryptography. Springer, Berlin, 264--277.Google Scholar
- Brecht Wyseur and Bart Preneel. 2005. Condensed white-box implementations. In Proceedings of the 26th Symposium on Information Theory in the Benelux. 296--301.Google Scholar
- Khaled Yakdan, Sebastian Eschweiler, Elmar Gerhards-Padilla, and Matthew Smith. 2015. No more gotos: Decompilation using pattern-independent control-flow structuring and semantics-preserving transformations. In Proceedings of the 22nd Network and Distributed Systems Security Symposium (NDSS).Google ScholarCross Ref
- Heng Yin and Dawn Song. 2010. TEMU: Binary Code Analysis Via Whole-System Layered Annotative Execution. Technical Report UCB/EECS-2010-3. EECS Department, University of California, Berkeley.Google Scholar
- Junyuan Zeng, Yangchun Fu, Kenneth A. Miller, Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. 2013. Obfuscation resilient binary code reuse through trace-oriented programming. In Proceedings of the 20th ACM Conference on Computer and Communications Security. ACM, New York, NY.Google ScholarDigital Library
- Xiangyu Zhang and Rajiv Gupta. 2005. Matching execution histories of program versions. In ACM SIGSOFT Software Engineering Notes, Vol. 30. ACM, New York, NY 197--206.Google ScholarDigital Library
- Z. Zhao, G. J. Ahn, and H. Hu. 2011. Automatic extraction of secrets from malware. In Proceedings of the 18th Working Conference on Reverse Engineering (WCRE’11). IEEE, 159--168.Google Scholar
- Yongxin Zhou, Alec Main, Yuan X. Gu, and Harold Johnson. 2007. Information hiding in software with mixed boolean-arithmetic transforms. In Information Security Applications. Springer, Berlin, 61--75.Google Scholar
- X. Zhuang, T. Zhang, H. H. S. Lee, and S. Pande. 2004. Hardware assisted control flow obfuscation for embedded processors. In Proceedings of the 2004 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems. 292--302.Google Scholar
Index Terms
- Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis?
Recommendations
Obfuscation: The Hidden Malware
A cyberwar exists between malware writers and antimalware researchers. At this war's heart rages a weapons race that originated in the 80s with the first computer virus. Obfuscation is one of the latest strategies to camouflage the telltale signs of ...
Taking a Lesson from Stealthy Rootkits
Attackers' obfuscation techniques make it difficult to detect kernel rootkits merely by looking at symbol-table information. The authors show how software developers can use obfuscation techniques to fight commercial-software reverse engineering and ...
Malware Obfuscation through Evolutionary Packers
GECCO Companion '15: Proceedings of the Companion Publication of the 2015 Annual Conference on Genetic and Evolutionary ComputationA malicious botnet is a collection of compromised hosts coordinated by an external entity. The malicious software, or malware, that infect the systems are its basic units and they are responsible for its global behavior. Anti Virus software and ...
Comments