A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask
[article]
2020
arXiv
pre-print
Preserved Fulltext
In this paper, we systematize binary disassembly through the study of nine popular, open-source tools. ...
Disassembly of binary code is hard, but necessary for improving the security of binary software. ...
Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding agency. ...
arXiv:2007.14266v1
fatcat:ybenn35pg5g3doazw33drrjroa
Staged Method of Code Similarity Analysis for Firmware Vulnerability Detection
2019
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
The security situation of the Internet of Things (IoT) is more serious than ever, and there is an urgent need to detect and patch device vulnerability rapidly. ...
The first stage, function embedding based on neural network is used to analyze the similarities among functions, and large-scale firmware security inspection can be achieved efficiently. ...
Embedding depth: The embedding depth is the number of layers of the neural networks in the model, and the size of embedding depth has an impact on the embedding accuracy and performance; if the depth is ...
doi:10.1109/access.2019.2893733
fatcat:3lkkvovgcjhr3gb7mznluxzp5a
Building Embedded Systems Like It's 1996
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
To this end, this paper presents an in-depth study on the adoption of common attack mitigations on embedded devices. ...
We envision these will turn into insights towards improving the adoption of attack mitigations on embedded devices in the future. ...
Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding agency. ...
arXiv:2203.06834v1
fatcat:q6wlx2ug6vgvvmj3e6kl42vzue
Cutting Through the Complexity of Reverse Engineering Embedded Devices
2021
Transactions on Cryptographic Hardware and Embedded Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
We use Incision to analyze a variety of devices and firmware. Our evaluation spans firmware based on three RTOSes, an automotive ECU, and a 4G/LTE baseband. ...
Performing security analysis of embedded devices is a challenging task. ...
[ACvdV + 16] provide an in-depth analysis of the problems faced when performing disassembly on realworld x86/x64 binaries. ...
doi:10.46586/tches.v2021.i3.360-389
fatcat:hrw6z3dfw5bxndoxeye53rphkq
Obfuscation-Resilient Executable Payload Extraction From Packed Malware
2021
Zenodo
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
In this paper, we aim to achieve the ultimate goal of Windows malware unpacking: recovering an executable malware program from the packed and obfuscated binary code. ...
As malware's APIs provide rich information about malicious behavior, one common anti-analysis strategy is API obfuscation, which removes the metadata of imported APIs from malware's PE header and complicates ...
We thank the University of Texas at Arlington and the Department of Education for supporting us with a Graduate Assistance in Areas of National Need (GAANN) fellowship. ...
doi:10.5281/zenodo.5653364
fatcat:igdh5vjiw5gnpoch32kk5pmqve
The Effect of Code Obfuscation on Authorship Attribution of Binary Computer Files. Doctoral dissertation
2017
unpublished
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Existing research has demonstrated good success in attributing the authorship of an executable file of unknown provenance using methods based on static analysis of the specimen file. ...
Research has identified methods for the attribution of binary files that have not been obfuscated, but a significant percentage of malicious software has been obfuscated in an effort to hide both the details ...
The disadvantage of this method is that Intel X86/X64 assembly code is self-healing (Linn & Debray, 2003) , which allows for the possibility of inaccurate or incomplete disassembly based on an incorrect ...
fatcat:mgbtvqc6afh6vizm725uowsjty
Android-COCO: Android Malware Detection with Graph Neural Network for Byte- and Native-Code
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
In this work, we explore an ensemble mechanism, which presents how the combination of byte-code and native-code analysis of Android applications can be efficiently used to cope with the advanced sophistication ...
Large-scale experiments on 100,113 samples (35,113 malware and 65,000 benign) show that only byte-code sub-system yields 99.8% accuracy and native-code sub-system yields an accuracy of 96.6%, whereas the ...
Large scale experiments on the used datasets result in an accuracy rate of 96.66%. ...
arXiv:2112.10038v2
fatcat:5wbiq52wp5hsfo2jlcaxawcpjq
The Effects of Traditional Anti-Virus Labels on Malware Detection Using Dynamic Runtime Opcodes
2017
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Recent research has focused on the analysis of low-level opcodes, both static and dynamic, as a way to detect malware. ...
Signature detection methods have been unable to cope with the onslaught of new binaries aided by rapidly developing obfuscation techniques. ...
The preconfigured list of opcodes was, for the first count phase, the 610 opcodes from the Intel x86/x64 architecture [31] . ...
doi:10.1109/access.2017.2749538
fatcat:agpuxnhlrbf3tb733hq3sbdrgi