Browse > Article
http://dx.doi.org/10.7840/kics.2015.40.4.709

Java Automatic Identifier Renaming Technique and Protection Method  

Kim, Ji-Yun (Hanyang University Division of Computer Science & Engineering)
Hong, Soo-Hwa (Hanyang University Division of Computer Science & Engineering)
Go, Nam-Hyeon (Korea Open National University Department of Computer Science)
Lee, Woo-Seung (Hanyang University Division of Computer Science & Engineering)
Park, Yong-Su (Hanyang University Division of Computer Science & Engineering)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.40, no.4, 2015 , pp. 709-719 More about this Journal
Abstract
This paper introduces a proper renaming service using variable action and security services against the analysis techniques in Java code. The renaming service that is introduced is separated into API pattern and loop condition. We present our scheme algorithm with known Java obfuscation techniques and tools in order to help readers understanding, and implement prototype to prove practicality in this paper. Test result using prototype shows 73% successful variable renaming rate. Using our scheme, cooperators can intuitionally understand all of code. Also, It helps malware analysts to predict malware action by variable name. But application source code that is developed by Java is exposed to hackers easily using our scheme. So we introduce Java application code protection methods, too.
Keywords
Java; renaming; deobfuscation;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 Y. K. Kim and H. Y. Youn, "The java decompilation-preventive method by java class file encryption," Korea Computer Congress 2009, vol. 36, no. 1C, pp. 571-574, Jeju Island, Korea, Jun. 2009.
2 T. Varaneckas, README(readme.txt), Retrieved Mar, 12, 2015, from http://varaneckas.com/jad/
3 B. Y. Lee and Y. S. Choi, "The status and analysis of obfuscation techniques and perspective development," J. Security Eng., vol. 5, no. 3, pp. 219-228, Jun. 2009.
4 J. U. Noh, B. M. Cho, H. S. Oh, H. Y. Chang, M. Y. Jung, S. W. Lee, Y. S. Park, J. H. Woo, and S. J. Cho, "An implementation of control flow obfuscator for C++ language," Korea Computer Congress, vol. 33, no. 1, pp. 295-297, Yongpyong, Korea, Jun. 2006.
5 C. Christian, C. Thomborson, and D. Low, "A taxonomy of obfuscating transformations," Dept. Computer Sci., The University of Auckland, New Zealand, 1997.
6 Y. Piao, "Server-based bytecode obfuscation scheme for tamper detection of android applications," M. S. Thesis, Dept. Computer, Soongsil Univ., Korea, 2013.
7 J. Y. Kim, N. H. Go, and Y. S. Park, "A code concealment method using java reflection and dynamic loading in android," J. The Korea Inst. Inf. Security & Cryptol., vol. 25, no. 1, pp. 17-30, Feb. 2015.   DOI   ScienceOn
8 ORACLE, The Java$^{TM}$ Tutorials - Trail: The Reflection API(2015), Retrieved Mar. 6, 2015, from http:/ /docs.oracle.com/javase/tutorial/reflect/
9 M. Sosonkin, G. Naumovich, and N. Memon, "Obfuscation of design intent in objectoriented applications," in Proc. 3rd ACM Workshop on Digital Rights Management (DRM '03), pp. 142-153, Washington, DC, USA, Oct. 2003.
10 PREEMPTIVE SOLUTIONS, User's Guide (2009), Retrieved Mar. 6, 2015., from http:// www.agtech.co.jp/products/preemptive/dasho/fi les/userguide6.pdf
11 Y. Piao, J. H. Jung, and J. H. Yi, "Structural and functional analyses of ProGuard obfuscation tool," J. KICS, vol. 38B, no. 08, pp. 654-662, Aug. 2013.
12 J. Hoenicke, JODE(2002), Retrieved Mar. 12, 2015., from http://jode.sourceforge.net/
13 Retrologic Systems, User's Manual(2010), Retrieved Mar. 12, 2015., from http://www.ret rologic.com/retroguard-docs.html
14 jarg, jarg - Java Archive Grinder(2003), Retrieved Mar. 12, 2015., from http://jarg.sou rceforge.net
15 yWorks, yGuard - Java$^{TM}$ Bytecode Obfuscator and Shrinker(2015), Retrieved Mar. 12, 2015., from http://www.yworks.com/en/products_ygua rd_about.html
16 V. Raychev, M. Vechev, and A. Krause, "Predicting program properties from "Big Code"," in Proc. 42nd Annu. ACM SIGPLANSIGACT Symp. Principles of Programming Languages, pp. 111-124, Mumbai, India, Jan. 2015.
17 B. Taskar, C. Guestrin, and D. Koller, "Max-margin markov networks," Advances in Neural Inf. Process. Syst. 16 (NIPS 2003), pp. 25-32, Vancouver and Whistler, British Columbia, Canada, Dec. 2003.
18 ORACLE, Java$^{TM}$ Platform, Standard Edition 7 - API Specification(2014), Retrieved Mar., 12, 2015, from http://docs.oracle.com/javase/7/ docs/api/
19 tutorialspoint, Java Tutorial(2014) Retrieved Mar., 9, 2015, from http://www.tutorialspoint.com/java/
20 OREANS TECHNOLOGIES, THEMIDA OVERVIEW(2015), Retrieved Mar. 12, 2015, from http://www.oreans.com/themida.php
21 IDC, Android and iOS squeeze the competition, swelling to 96.3% of the smartphone operating system market for both 4Q14 and CY14, According to IDC(2015), Retrieved Mar., 12, 2015, from http://www. idc.com/getdoc.jsp?containerId=prUS25450615
22 M. K. Son and N. H. Kang, "Design and implementation of java crypto provider for android platform," J. KICS, vol. 37C, no. 09, pp. 851-858, Sept. 2012.
23 B. H. Choi, H. J. Shim, C. H. Lee, S. W. Cho, and S. J. Cho, "An APK overwrite scheme for preventing modification of android applications," J. KICS, vol. 39B, no. 05, pp. 309-136, Jun. 2014.