dc.contributor.author |
Kanzaki, Yuichiro |
en |
dc.contributor.author |
Thomborson, Clark |
en |
dc.contributor.author |
Monden, A |
en |
dc.contributor.author |
Collberg, C |
en |
dc.coverage.spatial |
Los Angeles, United States |
en |
dc.date.accessioned |
2016-02-02T20:25:43Z |
en |
dc.date.issued |
2015-12 |
en |
dc.identifier.citation |
Proceedings of the 5th Program Protection and Reverse Engineering Workshop, 2015, pp. A8.1 - A8.9 |
en |
dc.identifier.isbn |
9781450336420 |
en |
dc.identifier.uri |
http://hdl.handle.net/2292/28169 |
en |
dc.description.abstract |
In this paper, we propose a pinpoint-hide defense method, which aims to improve the stealth of obfuscated code. In the pinpointing process, we scan the obfuscated code in a few small code fragment level and identify all surprising fragments, that is, very unusual fragments which may draw the attention of an attacker to the obfuscated code. In the hiding process, we transform the pinpointed surprising fragments into unsurprising ones while preserving semantics. The obfuscated code transformed by our method consists only by unsurprising code fragments, therefore is more difficult for attackers to be distinguished from unobfuscated code than the original. In the case study, we apply our pinpoint-hide method to some programs transformed by well-known obfuscation techniques. The result shows our method can pinpoint surprising fragments such as dummy code that does not fit in the context of the program, and instructions used in a complicated arithmetic expression. We also confirm that instruction camouflage can make the pinpointed surprising fragments unsurprising ones, and that it runs correctly. |
en |
dc.description.uri |
http://www.pprew.org/docs/Agenda-PPREW5.pdf |
en |
dc.publisher |
Association for Computing Machinery (ACM) |
en |
dc.relation.ispartof |
5th Program Protection and Reverse Engineering (PPREW-5) |
en |
dc.relation.ispartofseries |
Proceedings of the 5th Program Protection and Reverse Engineering Workshop |
en |
dc.rights |
Items in ResearchSpace are protected by copyright, with all rights reserved, unless otherwise indicated. Previously published items are made available in accordance with the copyright policy of the publisher. |
en |
dc.rights.uri |
https://researchspace.auckland.ac.nz/docs/uoa-docs/rights.htm |
en |
dc.title |
Pinpointing and Hiding Surprising Fragments in an Obfuscated Program |
en |
dc.type |
Conference Item |
en |
dc.identifier.doi |
10.1145/2843859.2843862 |
en |
pubs.begin-page |
A8.1 |
en |
dc.rights.holder |
Copyright:
Association for Computing Machinery (ACM) |
en |
pubs.author-url |
http://dl.acm.org/citation.cfm?doid=2843859.2843862 |
en |
pubs.end-page |
A8.9 |
en |
pubs.finish-date |
2015-12-08 |
en |
pubs.start-date |
2015-12-08 |
en |
dc.rights.accessrights |
http://purl.org/eprint/accessRights/RestrictedAccess |
en |
pubs.subtype |
Proceedings |
en |
pubs.elements-id |
517980 |
en |
pubs.record-created-at-source-date |
2016-01-25 |
en |