8,215 Hits in 10.6 sec

The effectiveness of source code obfuscation: An experimental assessment

Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo Ricca, Marco Torchiano, Paolo Tonella
2009 2009 IEEE 17th International Conference on Program Comprehension  
Results quantify to what extent code obfuscation is able to make attacks more difficult to be performed, and reveal that obfuscation can mitigate the effect of factors that can alter the likelihood of  ...  Source code obfuscation is a protection mechanism widely used to limit the possibility of malicious reverse engineering or attack activities on a software system.  ...  Investigating the effect of obfuscation on the attack efficiency is a crucial point in our experimentation: although we are aware that an attacker could be able to com-plete an attack on obfuscated code  ... 
doi:10.1109/icpc.2009.5090041 dblp:conf/iwpc/CeccatoPNFRTT09 fatcat:igcefbpchvexffjxgxw2s4wfkq

A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques

Mariano Ceccato, Massimiliano Di Penta, Paolo Falcarin, Filippo Ricca, Marco Torchiano, Paolo Tonella
2013 Empirical Software Engineering  
Aim: this paper experimentally assesses the impact of code obfuscation on the capability of human subjects to understand and change source code.  ...  Despite the extensive adoption of obfuscation, its assessment has been addressed indirectly either by using internal metrics or taking the point of view of code analysis, e.g., considering the associated  ...  Investigating the effect of obfuscation on the attack efficiency is a crucial point in our experimentation: although we are aware that an attacker could be able to complete an attack on obfuscated code  ... 
doi:10.1007/s10664-013-9248-x fatcat:luc3xinb7jhl5fansw6apchvbi

Translingual Obfuscation [article]

Pei Wang and Shuai Wang and Jiang Ming and Yufei Jiang and Dinghao Wu
2016 arXiv   pre-print
Program obfuscation is an important software protection technique that prevents attackers from revealing the programming logic and design of the software.  ...  Our experiments show that BABEL provides effective and stealthy software obfuscation, while the cost is only modest compared to one of the most popular commercial obfuscators on the market.  ...  This research was supported in part by the National Science Foundation (NSF) grants CNS-1223710 and CCF-1320605, and the Office of Naval Research (ONR) grant N00014-13-1-0175.  ... 
arXiv:1601.00763v4 fatcat:l3qhq4e6nnbspehdbeedovjqbq

Obfuscation using Encryption [article]

Johannes Schneider, Thomas Locher
2016 arXiv   pre-print
Thus, an attacker must 'guess' the encrypted selector variables to disguise the confidential source code.  ...  The evaluation reveals that our approach is effective in that it successfully preserves source code confidentiality.  ...  Thus, we believe that source code encryption is effective. VII.  ... 
arXiv:1612.03345v1 fatcat:z4niy4ouv5bmlpg3ikhfuandnm

Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Duy-Phuc Pham, Damien Marion, Matthieu Mastio, Annelie Heuser
2021 Annual Computer Security Applications Conference  
Even more, our results show that we are able to classify altered malware samples with unseen obfuscation techniques during the training phase, and to determine what kind of obfuscations were applied to  ...  In our experiments, we were able to predict three generic malware types (and one benign class) with an accuracy of 99.82%.  ...  The work was supported by the French Agence Nationale de la Recherche (ANR) under reference ANR-18-CE39-0001 (AHMA).  ... 
doi:10.1145/3485832.3485894 fatcat:tqzl6tvwffdvxftflyzzdcyp3u

Assessment of Source Code Obfuscation Techniques

Alessio Viticchie, Leonardo Regano, Marco Torchiano, Cataldo Basile, Mariano Ceccato, Paolo Tonella, Roberto Tiella
2016 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM)  
While preliminary empirical studies have been conducted to determine the impact of code obfuscation, our work aims at assessing the effectiveness and efficiency in preventing attacks of a specific data  ...  The experiment showed a significant effect of data obfuscation on both the time required to complete and the successful attack efficiency.  ...  ACKNOWLEDGEMENT The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement number 609734.  ... 
doi:10.1109/scam.2016.17 dblp:conf/scam/ViticchieRTBCTT16 fatcat:ohikixngkjdevm2zn3gkiiftzu

Towards experimental evaluation of code obfuscation techniques

Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo Ricca, Marco Torchiano, Paolo Tonella
2008 Proceedings of the 4th ACM workshop on Quality of protection - QoP '08  
The goal of this empirical study is to analyze the effect of source code obfuscation techniques with the purpose of evaluating their effectiveness in making the code resilient to malicious attacks.  ...  We aim at empirically assessing the capability of source code obfuscation techniques to make decompiled code resilient to comprehension and attack activities.  ... 
doi:10.1145/1456362.1456371 dblp:conf/ccs/CeccatoPNFRTT08 fatcat:4jmvded3q5a63ae5zy5brmeflm

Control flow based obfuscation

Jun Ge, Soma Chaudhuri, Akhilesh Tyagi
2005 Proceedings of the 5th ACM workshop on Digital rights management - DRM '05  
In this paper we describe the design of an obfuscator which consists of two parts.  ...  The second part protects Monitor-process converting it into an Aucsmith like self-modifying version. We prove the correctness of the obfuscation scheme.  ...  When main calls mPrcs, it passes the two arrays EXPERIMENTAL EVALUATION OF THE OBFUSCATOR We used experimental methods to evaluate the efficiency of the obfuscator.  ... 
doi:10.1145/1102546.1102561 dblp:conf/drm/GeCT05 fatcat:7ci6nvo62zaljmc5skofswidei

Style Obfuscation by Invariance [article]

Chris Emmery, Enrique Manjavacas, Grzegorz Chrupała
2018 arXiv   pre-print
The task of obfuscating writing style using sequence models has previously been investigated under the framework of obfuscation-by-transfer, where the input text is explicitly rewritten in another style  ...  However, based on human evaluation we demonstrate a trade-off between the level of obfuscation and the observed quality of the output in terms of meaning preservation and grammaticality.  ...  Experimental Set-up Our main goal is investigating the effectiveness of obfuscation-by-invariance, and more specifically to what extent style-invariant representations preserve sentential semantics of  ... 
arXiv:1805.07143v1 fatcat:kq5rkkqsobh4vansjfxs4zpdnq

Specification-Based Protocol Obfuscation

Julien Duchene, Eric Alata, Vincent Nicomette, Mohamed Kaaniche, Colas Le Guernic
2018 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)  
Various metrics recorded from the experiments show the significant increase of the complexity of the obfuscated protocol binary compared to the non-obfuscated code.  ...  The obfuscation is based on the transformation of protocol message format specification.  ...  This last challenge is taken into account during the generation of the code source used to manipulate, parse and serialize an AST.  ... 
doi:10.1109/dsn.2018.00056 dblp:conf/dsn/DucheneANKG18 fatcat:qy4bqqkzwfgtpax43lydkxvmuu

Protecting Software through Obfuscation

Sebastian Schrittwieser, Stefan Katzenbeisser, Johannes Kinder, Georg Merzdovnik, Edgar Weippl
2016 ACM Computing Surveys  
The main goal of this survey is to analyze the effectiveness of different classes of software obfuscation against the continuously improving de-obfuscation techniques and off-the-shelf code analysis tools  ...  Still, it remains largely unexplored to what extent today's software obfuscations keep up with state-of-the-art code analysis, and where we stand in the arms race between software developers and code analysts  ...  In fact, it is often simpler to dynamically analyze binaries than source code, because traces recorded at runtime show addresses of instructions in the binary and not just (obfuscated) source code information  ... 
doi:10.1145/2886012 fatcat:6ze4t4rrzjfr3lhmgp2kvmqblq

Analysis of Obfuscated Code with Program Slicing

Mahin Talukder, Syed Islam, Paolo Falcarin
2019 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)  
Obfuscation increases complexity of software code, by obscuring the structure of code and data in order to thwart the reverse engineering process.  ...  In general, there is no accepted methodology to determine the strength of obfuscated code; however resilience is often considered a good metric as it indicates the percentage of obfuscated code that cannot  ...  One of the more recent metrics used to assess the effectiveness of obfuscation is the concept of resilience, defined as the percentage of obfuscated code that cannot be removed by automated de-obfuscation  ... 
doi:10.1109/cybersecpods.2019.8885094 dblp:conf/cybersecpods/TalukderIF19 fatcat:tisjl37c2ba4ra3o6fawfcv27q

Benchmarking Obfuscators of Functionality [article]

Clark Thomborson
2015 arXiv   pre-print
We propose a set of benchmarks for evaluating the practicality of software obfuscators which rely on provably-secure methods for functional obfuscation.  ...  an obfuscated function, and we have proposed an experimental method for validating our proposed estimation method.  ...  It is technically challenging -and this is the primary technical focus of our article -to construct an easily-assessed measure of runtime performance which is valid, at least as a rough approximation,  ... 
arXiv:1501.02885v1 fatcat:wfylymx6jvarbdcwgxz73m55dy

AndrODet: An adaptive Android obfuscation detector

O. Mirzaei, J.M. de Fuentes, J. Tapiador, L. Gonzalez-Manzano
2019 Future generations computer systems  
h i g h l i g h t s • An online learning system to detect 3 types of obfuscation in Android applications. • ID-renaming detection module identifies obfuscated apps after observing few samples. • String  ...  encryption detection module improves its accuracy by observing few apps. • Control flow obfuscation detection module reaches a good accuracy from few seen apps. • The proposed system is compared with  ...  The authors would like to thank the Allatori technical team for its valuable assistance, and, also, the authors of the AMD and PraGuard datasets which made their repositories available to us.  ... 
doi:10.1016/j.future.2018.07.066 fatcat:4b4ipsmrxjc5dau2gyhtutfck4

Detection of Obfuscated Malicious JavaScript Code

Ammar Alazab, Ansam Khraisat, Moutaz Alazab, Sarabjot Singh
2022 Future Internet  
This paper proposes an automatic IDS of obfuscated JavaScript that employs several features and machine-learning techniques that effectively distinguish malicious and benign JavaScript codes.  ...  Websites on the Internet are becoming increasingly vulnerable to malicious JavaScript code because of its strong impact and dramatic effect.  ...  Conflicts of Interest: The authors declare that they have no conflict of interest.  ... 
doi:10.3390/fi14080217 fatcat:fzjapxqd4fct7pkubrx2eta64a
« Previous Showing results 1 — 15 out of 8,215 results