Modelirovanie i Analiz Informatsionnykh Sistem
RUS  ENG    JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB  
General information
Latest issue
Archive
Impact factor

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS



Model. Anal. Inform. Sist.:
Year:
Volume:
Issue:
Page:
Find






Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register


Modelirovanie i Analiz Informatsionnykh Sistem, 2021, Volume 28, Number 1, Pages 38–51
DOI: https://doi.org/10.18255/1818-1015-2021-1-38-51
(Mi mais734)
 

Computer system organization

On characteristics of symbolic execution in the problem of assessing the quality of obfuscating transformations

P. D. Borisov, Yu. V. Kosolapov

Southern Federal University, 8a Milchakova str., Rostov-on-Don 344090, Russia
References:
Abstract: Obfuscation is used to protect programs from analysis and reverse engineering. There are theoretically effective and resistant obfuscation methods, but most of them are not implemented in practice yet. The main reasons are large overhead for the execution of obfuscated code and the limitation of application only to a specific class of programs. On the other hand, a large number of obfuscation methods have been developed that are applied in practice. The existing approaches to the assessment of such obfuscation methods are based mainly on the static characteristics of programs. Therefore, the comprehensive (taking into account the dynamic characteristics of programs) justification of their effectiveness and resistance is a relevant task. It seems that such a justification can be made using machine learning methods, based on feature vectors that describe both static and dynamic characteristics of programs. In this paper, it is proposed to build such a vector on the basis of characteristics of two compared programs: the original and obfuscated, original and deobfuscated, obfuscated and deobfuscated. In order to obtain the dynamic characteristics of the program, a scheme based on a symbolic execution is constructed and presented in this paper. The choice of the symbolic execution is justified by the fact that such characteristics can describe the difficulty of comprehension of the program in dynamic analysis. The paper proposes two implementations of the scheme: extended and simplified. The extended scheme is closer to the process of analyzing a program by an analyst, since it includes the steps of disassembly and translation into intermediate code, while in the simplified scheme these steps are excluded. In order to identify the characteristics of symbolic execution that are suitable for assessing the effectiveness and resistance of obfuscation based on machine learning methods, experiments with the developed schemes were carried out. Based on the obtained results, a set of suitable characteristics is determined.
Keywords: obfuscation, symbolic execution, program similarity, program comprehension.
Received: 20.02.2021
Revised: 10.03.2021
Accepted: 12.03.2021
Document Type: Article
UDC: 517,9
MSC: 68N20
Language: Russian
Citation: P. D. Borisov, Yu. V. Kosolapov, “On characteristics of symbolic execution in the problem of assessing the quality of obfuscating transformations”, Model. Anal. Inform. Sist., 28:1 (2021), 38–51
Citation in format AMSBIB
\Bibitem{BorKos21}
\by P.~D.~Borisov, Yu.~V.~Kosolapov
\paper On characteristics of symbolic execution in the problem of assessing the quality of obfuscating transformations
\jour Model. Anal. Inform. Sist.
\yr 2021
\vol 28
\issue 1
\pages 38--51
\mathnet{http://mi.mathnet.ru/mais734}
\crossref{https://doi.org/10.18255/1818-1015-2021-1-38-51}
Linking options:
  • https://www.mathnet.ru/eng/mais734
  • https://www.mathnet.ru/eng/mais/v28/i1/p38
  • Citing articles in Google Scholar: Russian citations, English citations
    Related articles in Google Scholar: Russian articles, English articles
    Моделирование и анализ информационных систем
     
      Contact us:
     Terms of Use  Registration to the website  Logotypes © Steklov Mathematical Institute RAS, 2024