SYSTEM AND METHOD FOR BYPASSING EVASION TESTS WITH APPLICATIONS IN ANALYSIS AND MONITORING OF MOBILE APPLICATIONS

摘要

A given program is said to be evasive when it performs different behaviors under different running conditions. In general, the aim of evasion is to make the analysis, monitoring or reverse engineering of the given software system harder for an analyzer. Evasion is largely used by malware to increase its effectiveness. Aspects of the invention include a system, method and computer program product to detect and bypass evasion mechanisms for software analysis. Given a set of fingerprinting sources and a program, we first search for evasion candidates. These are program slices where the data depending on fingerprinting sources is used at branching point. In a second step, instrumentation strategies are applied to generate programs where the combination of possible branches is forced via toggling of return values and/or expression values. Finally, the resulting programs are each executed dynamically to monitor deltas between observed behaviors across the original and instrumented versions.