8 Hits in 5.2 sec

SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask [article]

Chengbin Pang, Ruotong Yu, Yaohui Chen, Eric Koskinen, Georgios Portokalidis, Bing Mao, Jun Xu
2020 arXiv   pre-print
In this paper, we systematize binary disassembly through the study of nine popular, open-source tools.  ...  Disassembly of binary code is hard, but necessary for improving the security of binary software.  ...  Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding agency.  ... 
arXiv:2007.14266v1 fatcat:ybenn35pg5g3doazw33drrjroa

Staged Method of Code Similarity Analysis for Firmware Vulnerability Detection

Yisen Wang, Jianjing Shen, Jian Lin, Rui Lou
2019 IEEE Access  
The security situation of the Internet of Things (IoT) is more serious than ever, and there is an urgent need to detect and patch device vulnerability rapidly.  ...  The first stage, function embedding based on neural network is used to analyze the similarities among functions, and large-scale firmware security inspection can be achieved efficiently.  ...  Embedding depth: The embedding depth is the number of layers of the neural networks in the model, and the size of embedding depth has an impact on the embedding accuracy and performance; if the depth is  ... 
doi:10.1109/access.2019.2893733 fatcat:3lkkvovgcjhr3gb7mznluxzp5a

Building Embedded Systems Like It's 1996 [article]

Ruotong Yu, Francesca Del Nin, Yuchen Zhang, Shan Huang, Pallavi Kaliyar, Sarah Zakto, Mauro Conti, Georgios Portokalidis, Jun Xu
2022 arXiv   pre-print
To this end, this paper presents an in-depth study on the adoption of common attack mitigations on embedded devices.  ...  We envision these will turn into insights towards improving the adoption of attack mitigations on embedded devices in the future.  ...  Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding agency.  ... 
arXiv:2203.06834v1 fatcat:q6wlx2ug6vgvvmj3e6kl42vzue

Cutting Through the Complexity of Reverse Engineering Embedded Devices

Sam L. Thomas, Jan Van den Herrewegen, Georgios Vasilakis, Zitai Chen, Mihai Ordean, Flavio D. Garcia
2021 Transactions on Cryptographic Hardware and Embedded Systems  
We use Incision to analyze a variety of devices and firmware. Our evaluation spans firmware based on three RTOSes, an automotive ECU, and a 4G/LTE baseband.  ...  Performing security analysis of embedded devices is a challenging task.  ...  [ACvdV + 16] provide an in-depth analysis of the problems faced when performing disassembly on realworld x86/x64 binaries.  ... 
doi:10.46586/tches.v2021.i3.360-389 fatcat:hrw6z3dfw5bxndoxeye53rphkq

Obfuscation-Resilient Executable Payload Extraction From Packed Malware

Binlin Cheng, Jiang Ming, Erika A Leal, Haotian Zhang, Jianming Fu, Guojun Peng, Jean-Yves Marion
2021 Zenodo  
In this paper, we aim to achieve the ultimate goal of Windows malware unpacking: recovering an executable malware program from the packed and obfuscated binary code.  ...  As malware's APIs provide rich information about malicious behavior, one common anti-analysis strategy is API obfuscation, which removes the metadata of imported APIs from malware's PE header and complicates  ...  We thank the University of Texas at Arlington and the Department of Education for supporting us with a Graduate Assistance in Areas of National Need (GAANN) fellowship.  ... 
doi:10.5281/zenodo.5653364 fatcat:igdh5vjiw5gnpoch32kk5pmqve

The Effect of Code Obfuscation on Authorship Attribution of Binary Computer Files. Doctoral dissertation

Steven Hendrikse, Steven, Steven Hendrikse, Yong Tao, Steven Hendrikse
2017 unpublished
Existing research has demonstrated good success in attributing the authorship of an executable file of unknown provenance using methods based on static analysis of the specimen file.  ...  Research has identified methods for the attribution of binary files that have not been obfuscated, but a significant percentage of malicious software has been obfuscated in an effort to hide both the details  ...  The disadvantage of this method is that Intel X86/X64 assembly code is self-healing (Linn & Debray, 2003) , which allows for the possibility of inaccurate or incomplete disassembly based on an incorrect  ... 

Android-COCO: Android Malware Detection with Graph Neural Network for Byte- and Native-Code [article]

Peng Xu
2022 arXiv   pre-print
In this work, we explore an ensemble mechanism, which presents how the combination of byte-code and native-code analysis of Android applications can be efficiently used to cope with the advanced sophistication  ...  Large-scale experiments on 100,113 samples (35,113 malware and 65,000 benign) show that only byte-code sub-system yields 99.8% accuracy and native-code sub-system yields an accuracy of 96.6%, whereas the  ...  Large scale experiments on the used datasets result in an accuracy rate of 96.66%.  ... 
arXiv:2112.10038v2 fatcat:5wbiq52wp5hsfo2jlcaxawcpjq

The Effects of Traditional Anti-Virus Labels on Malware Detection Using Dynamic Runtime Opcodes

Domhnall Carlin, Alexandra Cowan, Philip O'Kane, Sakir Sezer
2017 IEEE Access  
Recent research has focused on the analysis of low-level opcodes, both static and dynamic, as a way to detect malware.  ...  Signature detection methods have been unable to cope with the onslaught of new binaries aided by rapidly developing obfuscation techniques.  ...  The preconfigured list of opcodes was, for the first count phase, the 610 opcodes from the Intel x86/x64 architecture [31] .  ... 
doi:10.1109/access.2017.2749538 fatcat:agpuxnhlrbf3tb733hq3sbdrgi