Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.1.59

Program Slicing for Binary code Deobfuscation  

Mok, Seong-Kyun (Chungnam National University)
Jeon, Hyeon-gu (Chungnam National University)
Cho, Eun-Sun (Chungnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.1, 2017 , pp. 59-66 More about this Journal
Abstract
Hackers have obfuscated their malware to avoid being analyzed. Recently, obfuscation tools translate original codes into bytecodes to use virtualized-obfuscation, so that bytecodes are executed by virtual machines. In such cases, malware analysts fail to know about the malware before execution of the codes. We found that program slicing is one of promising program analysis techniques to solve this problem. The main concepts of program slice include slicing criteria given by analysts and sliced statements according to the slicing criteria. This paper proposes a deobfuscation method based on program slicing technique.
Keywords
Obfuscation; Deobfuscation; Program Slicing; Dynamic binary analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 K.Coogan, G.Lu and S.Debray, "Deobfuscation of Virtualization-Obfuscated Software," Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 275-284, Oct, 2011.
2 B.Yadegari and S.Debray, "Bit-level Taint Analysis," 14th IEEE International Working Conference on Source Code Analysis and Manipulation, pp. 255-264, Sep, 2014
3 N.Sasirekha, A. Edwin Robert and M.Hemalatha, "Program slicing techniques and its applications," International Journal of Software Engineering and Applications, vol. 2 no. 3, pp. 50-64, July, 2011   DOI
4 X.Zhang, R.Gupta and Y.Zhang, "Precise Dynamic Slicing Algorithms," Proceedings of the 25th International Conference on Software Engineering, pp. 319-329, May, 2003
5 T.Dullien and S.Porst, "REIL: A platform-independent intermediate representation of dissassembled code for static code analysis," CanSecWest 2009, 2009
6 Pin, https://software.intel.com/en-us/a rticles/pin-a-dynamic-binary-instrume ntation-tool
7 CodeVirualizer, http://oreans.com/codevirtua lizer.php
8 H.Agrawal and Joseph R. Horgan, "Dynamic Program Slicing," Proceedings of the ACM SIGPLAN'90 Conference on Programming Language Design and Implementation, pp. 246-256, June, 1990
9 VMware, http://www.vmware.com/kr.html
10 https://github.com/tarequeh/DES
11 UPX, https://upx.github.io/
12 VDT, https://github.com/rrbranco/VDT
13 D.Kim and S.Kim, "Triaging Crashes with Backward Taint Analysis for ARM Architecture," Black Hat EUROPE 2015, Nov, 2015
14 M.Sharif, A.Lanzi, J.Giffin and W.Lee, "Automatic Reverse Engineering of Malware Emulators," 30th IEEE Symposium on Security and Privacy, pp.94-109, May, 2009
15 midgetpack, https://github.com/arisada/midgetpack