首页> 外文会议>Symposium on Chemistry as a second language >binOb+: A Framework for Potent and Stealthy Binary Obfuscation
【24h】

binOb+: A Framework for Potent and Stealthy Binary Obfuscation

机译:Binob +:有效和隐秘的二进制混淆框架

获取原文

摘要

Reverse engineering is the process of discovering a high-level structure and its semantics from a lower-level structure. In order to prevent malicious use of reverse engineering against binaries, various techniques have been developed called bi nary obfuscation. Obfuscated binary is a transformed binary which retains original binary's executing behavior while its outer representation obstructs the reverse engineering. In this paper we propose three novel approaches to improve the binary obfuscation. First we propose a generalized binary obfuscation algorithm that covers any specific or whole part of a binary code by using confusing code and redirecting control-flow using exceptions. Second, we employ a data mining method to make our obfuscated binary look like a normal binary. And third, we address the issue that the previous techniques could not be applied to Windows bi naries by designing a new exception hooking mechanism in Windows. Experimental results show that our obfuscated binary can hide 60-90% of the original instructions from re verse engineering tools, while its execution slows down a little, and moreover the obfuscated binary's stealth can be guaranteed.
机译:逆向工程是从较低级别的结构发现高级结构及其语义的过程。为了防止恶意利用反向工程反对二进制文件,已经开发了各种技术称为BI NARY混淆。混淆二进制文件是一个转换的二进制文件,它保留原始二进制的执行行为,而其外部表示妨碍了逆向工程。在本文中,我们提出了三种新颖的方法来提高二元混淆。首先,我们提出了一种广义二进制混淆算法,通过使用混淆代码和使用例外重定向控制流来涵盖二进制代码的任何特定或全部。其次,我们采用数据挖掘方法来使我们的混淆二进制类似于正常二进制。第三,我们解决了通过在Windows中设计新的异常挂钩机制来应用于以前的技术无法应用于Windows BI Naries的问题。实验结果表明,我们的混淆二进制文件可以隐藏来自诗歌工程工具的60-90%的原始说明,而其执行减速了一点,而且可以保证混淆的二进制隐身。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号