scholarly journals On the Automatic Analysis of the Practical Resistance of Obfusting Transformations

2019 ◽  
Vol 26 (3) ◽  
pp. 317-331 ◽  
Author(s):  
Petr D. Borisov ◽  
Yu. V. Kosolapov
Keyword(s):  
Execution Time ◽  
Hamming Distance ◽  
Symbolic Execution ◽  
Similarity Index ◽  
Control Flow ◽  
Control Flow Graph ◽  
Flow Graph ◽  
Similarity Indices ◽  
Program Characteristics ◽  
Flow Graphs

A method is developed for assessing the practical persistence of obfuscating transformations of programs based on the calculation of the similarity index for the original, obfuscated and deobfuscated programs. Candidates are proposed for similarity indices, which are based on such program characteristics as the control flow graph, symbolic execution time and degree of coverage for symbolic execution. The control flow graph is considered as the basis for building other candidates for program similarity indicators. On its basis, a new candidate is proposed for the similarity index, which, when calculated, finds the Hamming distance between the adjacency matrices of control flow graphs of compared programs. A scheme for estimating (analyzing) the persistence of obfuscating transformations is constructed, according to which for the original, obfuscated and deobfuscated programs, the characteristics of these programs are calculated and compared in accordance with the chosen comparison model. The developed scheme, in particular, is suitable for comparing programs based on similarity indices. This paper develops and implements one of the key units of the constructed scheme - a block for obtaining program characteristics compiled for the x86/x86 64 architecture. The developed unit allow to find the control flow graph, the time for symbolic execution and the degree of coverage for symbolic execution. Some results of work of the constructed block are given.

EXTENDED CONTROL FLOW GRAPH BASED PERFORMANCE AND ENERGY CONSUMPTION OPTIMIZATION USING SCRATCH-PAD MEMORY

2009 ◽  
Vol 18 (04) ◽  
pp. 697-711
Author(s):  
XUEXIANG WANG ◽  
HANLAI PU ◽  
JUN YANG ◽  
LONGXING SHI
Keyword(s):  
Energy Consumption ◽  
Greedy Algorithm ◽  
Directed Graph ◽  
Execution Time ◽  
Control Flow ◽  
Control Flow Graph ◽  
Flow Graph ◽  
Scratch Pad Memory ◽  
Energy Consumption Optimization ◽  
Time And Energy

A Scratch-Pad memory (SPM) allocation method to improve the performance of a specified application while reducing its energy consumption is presented in this paper. Integrated in the design is an extended control flow graph (ECFG) built directly from the application's instruction flow. The application of the design is transformed into a directed graph that consists of nodes and relationships. Likewise, to provide a solution in decreasing the overhead of moving nodes to SPM, the design is enhanced with a refined greedy algorithm based on ECFG. An experiment is conducted to prove the feasibility and efficiency of the method. The results indicate that the method indeed improves performance by an average of 11% and consumes lesser energy by an average of 28%. This is in comparison to previous research which based on the control flow graph (CFG) method. The latter was discovered to have disregarded the relationships of nodes. In conclusion, the application's execution time and energy consumption were reduced by an average up to 56% and 69% respectively, compared to a non-SPM environment.

Control Flow Graph Based Multiclass Malware Detection Using Bi-normal Separation

2016 ◽  
Vol 66 (2) ◽  
pp. 138 ◽  
Author(s):  
Akshay Kapoor ◽  
Sunita Dhavale
Keyword(s):  
Detection System ◽  
Malware Detection ◽  
Control Flow ◽  
Detection Accuracy ◽  
Control Flow Graph ◽  
Flow Graph ◽  
Document Frequency ◽  
Normal Separation ◽  
Metamorphic Malware ◽  
Flow Graphs

<p>Control flow graphs (CFG) and OpCodes extracted from disassembled executable files are widely used for malware detection. Most of the research in static analysis is focused on binary class malware detection which only classifies an executable as benign or malware. To overcome this issue, CFG based multiclass malware detection system that automatically classifies the malware into their respective families is proposed. The use Bi-normal separation (BNS) as a feature scoring metric. Experimental results show that proposed method using BNS outperforms compared to hitherto use technique of document Frequency for multiclass metamorphic malware detection and achieves detection accuracy of 99.5 per cent.</p><p> </p>

scholarly journals A combined method of similar code sequences search in executable files

2019 ◽  
pp. 394-400
Author(s):  
A S Yumaganov
Keyword(s):  
Experimental Studies ◽  
Control Flow ◽  
Structural Description ◽  
Control Flow Graph ◽  
Flow Graph ◽  
Syntax Analysis ◽  
Fixed Order ◽  
Analysis Of Function ◽  
Similar Code ◽  
Flow Graphs

The article is devoted to the development of a method of similar code sequences search in executable files, which is based on both syntax analysis of the code and function’s control flow graphs analysis. The syntax analysis method used in this paper is based on a comparison of the spatial distribution of processor instructions in the function body. The analysis of function control flow graph is used a structural description of fixed-order subgraphs of the function control flow graph. The results of experimental studies, including the comparison of the proposed method and previously known methods of searching for similar code sequences, are presented.

Sign in / Sign up

Export Citation Format

Share Document