Internet Archive Scholar

Generic Reverse Compilation to Recognize Specific Behavior

Lukᚡdurfina Lukᚡdurfina
unpublished

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (361.2 kB)
https://web.archive.org/web/20180410000817/http://acmbulletin.fiit.stuba.sk/vol7num1/durfina2015.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL. The file type is application/pdf.

This extended abstract of the doctoral thesis introduces the recognition of specific behavior by generic reverse compilation. The generic reverse compilation is a process that transforms executables from different architectures and object file formats to the same high level language. This process is covered by a tool Lissom Decompiler. For a purpose of behavior recognition, we introduce Language for Decompilation-LfD. LfD represents a simple imperative language, which is suitable for a
more » ... n. The specific behavior is given by the known executable (e.g. malware) and the recognition is performed as finding the ratio of similarity with other unknown executable. This ratio of similarity is calculated by a tool LfDComparator, which processes two LfD sources to decide their similarity.
fatcat:oesgtdal3rftlkdyfui7d4l3ru
Citation

Lukᚡdurfina Lukᚡdurfina. "Generic Reverse Compilation to Recognize Specific Behavior."