Code obfuscation is a crucial technique for protecting software against reverse engineering and security attacks.Among various obfuscation methods,opaque predicates,which are recognized as flexible and promising,are w...Code obfuscation is a crucial technique for protecting software against reverse engineering and security attacks.Among various obfuscation methods,opaque predicates,which are recognized as flexible and promising,are widely used to increase control-flow complexity.However,traditional opaque predicates are increasingly vulnerable to Dynamic Symbolic Execution(DSE)attacks,which can efficiently identify and eliminate them.To address this issue,this paper proposes a novel approach for anti-DSE opaque predicates that effectively resists symbolic execution-based deobfuscation.Our method introduces two key techniques:single-way function opaque predicates,which leverage hash functions and logarithmic transformations to prevent constraint solvers from generating feasible inputs,and path-explosion opaque predicates,which generate an excessive number of execution paths,overwhelming symbolic execution engines.To evaluate the effectiveness of our approach,we implemented a prototype obfuscation tool and tested it against prominent symbolic execution engines.Experimental results demonstrate that our approach signifi-cantly increases resilience against symbolic execution attacks while maintaining acceptable performance overhead.This paper provides a robust and scalable obfuscation technique,contributing to the enhancement of software protection strategies in adversarial environments.展开更多
IoT(Internet of Things)devices are being used more and more in a variety of businesses and for a variety of tasks,such as environmental data collection in both civilian and military situations.They are a desirable att...IoT(Internet of Things)devices are being used more and more in a variety of businesses and for a variety of tasks,such as environmental data collection in both civilian and military situations.They are a desirable attack target for malware intended to infect specific IoT devices due to their growing use in a variety of applications and their increasing computational and processing power.In this study,we investigate the possibility of detecting IoT malware using recurrent neural networks(RNNs).RNNis used in the proposed method to investigate the execution operation codes of ARM-based Internet of Things apps(OpCodes).To train our algorithms,we employ a dataset of IoT applications that includes 281 malicious and 270 benign pieces of software.The trained model is then put to the test using 100 brand-new IoT malware samples across three separate LSTM settings.Model exposure was not previously conducted on these samples.Detecting newly crafted malware samples with 2-layer neurons had the highest accuracy(98.18%)in the 10-fold cross validation experiment.A comparison of the LSTMtechnique to other machine learning classifiers shows that it yields the best results.展开更多
基金supported byOpen Foundation of Key Laboratory of Cyberspace Security,Ministry of Education of China(No.KLCS20240211)Henan Science and Technology Major Project No.241110210100.
文摘Code obfuscation is a crucial technique for protecting software against reverse engineering and security attacks.Among various obfuscation methods,opaque predicates,which are recognized as flexible and promising,are widely used to increase control-flow complexity.However,traditional opaque predicates are increasingly vulnerable to Dynamic Symbolic Execution(DSE)attacks,which can efficiently identify and eliminate them.To address this issue,this paper proposes a novel approach for anti-DSE opaque predicates that effectively resists symbolic execution-based deobfuscation.Our method introduces two key techniques:single-way function opaque predicates,which leverage hash functions and logarithmic transformations to prevent constraint solvers from generating feasible inputs,and path-explosion opaque predicates,which generate an excessive number of execution paths,overwhelming symbolic execution engines.To evaluate the effectiveness of our approach,we implemented a prototype obfuscation tool and tested it against prominent symbolic execution engines.Experimental results demonstrate that our approach signifi-cantly increases resilience against symbolic execution attacks while maintaining acceptable performance overhead.This paper provides a robust and scalable obfuscation technique,contributing to the enhancement of software protection strategies in adversarial environments.
文摘IoT(Internet of Things)devices are being used more and more in a variety of businesses and for a variety of tasks,such as environmental data collection in both civilian and military situations.They are a desirable attack target for malware intended to infect specific IoT devices due to their growing use in a variety of applications and their increasing computational and processing power.In this study,we investigate the possibility of detecting IoT malware using recurrent neural networks(RNNs).RNNis used in the proposed method to investigate the execution operation codes of ARM-based Internet of Things apps(OpCodes).To train our algorithms,we employ a dataset of IoT applications that includes 281 malicious and 270 benign pieces of software.The trained model is then put to the test using 100 brand-new IoT malware samples across three separate LSTM settings.Model exposure was not previously conducted on these samples.Detecting newly crafted malware samples with 2-layer neurons had the highest accuracy(98.18%)in the 10-fold cross validation experiment.A comparison of the LSTMtechnique to other machine learning classifiers shows that it yields the best results.
