IIT Home Page CNR Home Page

Evaluating Model Checking for Cyber Threats Code Obfuscation Identification

Code obfuscation is a set of transformations that make code programs harder to understand. The goal of code obfuscation is to make reverse engineering of programs infeasible, while maintaining the logic on the program. Originally, it has been used to protect intellectual property. However, recently code obfuscation has been also used by malware writers in order to make cyber threats easily able to evade antimalware scanners. As a matter of fact, metamorphic and polymorphic viruses exhibit the ability to obfuscate their code as they propagate. In this paper we propose a model checking-based approach which is able to identify the most widespread obfuscating techniques, without making any assumptions about the nature of the obfuscations used. We evaluate the proposed method on a real-world dataset obtaining an accuracy equal to 0.9 in the identification of obfuscation techniques.

Journal of Parallel and Distributed Computing, 2018

External authors: Vittoria Nardone (Dipartimento di Ingegneria, Università degli Studi del Sannio), Antonella Santone (Dipartimento di Bioscienze e Territorio, Università degli Studi del Molise), Arun Kumar Sangaiah (School of Computing Science and Engineering, VIT University), Aniello Cimitile (Dipartimento di Ingegneria, Università degli Studi del Sannio)
IIT authors:

Type: Contributo in rivista ISI
Field of reference: Computer Science & Engineering

File: evaluating-mc_obf.pdf

Activity: Metodi formali per la sicurezza di sistemi ICT
Sicurezza di dispositivi mobili