Abstracting stack to detect obfuscated calls in binaries

Proceedings - Fourth IEEE International Workshop on Source Code Analysis and Manipulation

Volumn , Issue , 2004, Pages 17-28

  Lakhotia, Arun ^a   Kumar, Eric Uday ^a  

^a University of Louisiana at Lafayette   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ABSTRACT STACKS; DECOMPILATION; KERNEL FUNCTIONS; KERNEL LIBRARIES;

ABSTRACTING; ALGORITHMS; COMPUTER OPERATING SYSTEMS; COMPUTER VIRUSES; GRAPH THEORY; INFORMATION ANALYSIS; PROGRAM COMPILERS;

BINARY CODES;

EID: 14344257909     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SCAM.2004.2     Document Type: Conference Paper

References (19)

1. "Teso, Burneye Elf Encryption Program," https://teso.scene.at, Last accessed July 1, 2004.
2. "Z0mbie," http://z0mbie.host.sk, Last accessed July 1, 2004.
3. G. Balakrishnan and T. Reps, "Analyzing Memory Accesses in X86 Executables," in International Conference on Compiler Construction (CC) 2004, Barcelona, Spain, 2004.
4. B. Barak, et al., "On the (Impossibility of Obfuscating Programs," in Advances in Cryptology (CRYPTO'01), Santa Barbara, California, USA, 2001.
5. S. Cho, "Win32 Disassembler," http://www.geocities.com/ ~sangcho/disasm.html, Last accessed July 1, 2004.
6. M. Christodrescu and S. Jha, "Static Analysis of Executables to Detect Malicious Patterns," in The 12th USENIX Security Symposium (Security '03), Washington DC, USA, 2003.
7. C. Cifuentes and K. J. Gough, "Decompilation of Binary Programs," Software Practice and Experience, vol. 25, pp. 811 - 829, 1995.
8. C. Collberg and C. Thomborson, "Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection," IEEE Transactions on Software Engineering, vol. 28, pp. 735-746, 2002.
9. C. Collberg, C. Thomborson, and D. Low, "A Taxonomy of Obfuscating Transformations," Department of Computer Science, The University of Auckland, 148, July 1997.
10. N. D. Jones and F. Nielson, "Abstract Interpretation: A Semantics-Based Tool for Program Analysis," in Handbook of Logic in Computer Science: Semantic Modelling, vol. 4, S. Abramsky, et al., Eds. Oxford, UK: Oxford University Press, 1995, pp. 527-636.
11. C. Kruegel, et al., "Static Disassembly of Obfuscated Binaries," in USENIX Security 2004, San Diego, 2004.
12. A. Lakhotia and P. K. Singh, "Challenges in Getting Formal with Viruses," Virus Bulletin, 2003, http://www.virusbtn.com/magazine/archives/ 200309/formal.xml.
13. C. Linn and S. Debray, "Obfuscation of Executable Code to Improve Resistance to Static Disassembly," in Proceedings of the 10th ACM Conference on Computer and Communication Security 2003, Washington D.C., USA, 2003.
14. M. Mohammed, Zeroing in on Metamorphic Viruses, The Center for Advanced Computer Studies, University of Louisiana at Lafayette, M.S. Thesis, 2003.
15. B. Schwarz, S. Debray, and G. Andrews, "Disassembly of Executable Code Revisited," in Ninth Working Conference on Reverse Engineering (WCRE'02), Richmond, Virginia, 2002.
16. Symantec, "Understanding Heuristics: Symantec's Bloodhound Technology," http://www.symantec.com/avcenter/reference/heuristc.pdf, Last accessed July 1, 2004.
17. P. Szor and P. Ferrie, "Hunting for Metamorphic," in Virus Bulletin Conference, Prague, 2001.
18. L. Vinciguerra, et al., "An Experimentation Framework for Evaluating Disassembly and Decompilation Tools for C++ and Java," in 10th Working Conference on Reverse Engineering, 2003.
19. G. Wroblewski, General Method of Program Code Obfuscation, Institute of Engineering Cybernetics, Wroclaw University of Technology, PhD. Thesis, 2002.