Topic
Obfuscation
About: Obfuscation is a research topic. Over the lifetime, 1288 publications have been published within this topic receiving 25330 citations.
Papers published on a yearly basis
Papers
27 Oct 2008
TL;DR: Ether, a transparent and external approach to malware analysis, is proposed, which is motivated by the intuition that for a malware analyzer to be transparent, it must not induce any side-effects that are unconditionally detectable by malware.
Abstract: Malware has become the centerpiece of most security threats on the Internet. Malware analysis is an essential technology that extracts the runtime behavior of malware, and supplies signatures to detection systems and provides evidence for recovery and cleanup. The focal point in the malware analysis battle is how to detect versus how to hide a malware analyzer from malware during runtime. State-of-the-art analyzers reside in or emulate part of the guest operating system and its underlying hardware, making them easy to detect and evade. In this paper, we propose a transparent and external approach to malware analysis, which is motivated by the intuition that for a malware analyzer to be transparent, it must not induce any side-effects that are unconditionally detectable by malware. Our analyzer, Ether, is based on a novel application of hardware virtualization extensions such as Intel VT, and resides completely outside of the target OS environment. Thus, there are no in-guest software components vulnerable to detection, and there are no shortcomings that arise from incomplete or inaccurate systememulation. Our experiments are based on our study of obfuscation techniques used to create 25,000 recent malware samples. The results show that Ether remains transparent and defeats the obfuscation tools that evade existing approaches.
810 citations
4 Aug 2003
TL;DR: An architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations is presented, and experimental results demonstrate the efficacy of the prototype tool, SAFE (a static analyzer for executables).
Abstract: Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an obfuscation-deobfuscation game between malicious code writers and researchers working on malicious code detection. Malicious code writers attempt to obfuscate the malicious code to subvert the malicious code detectors, such as anti-virus software. We tested the resilience of three commercial virus scanners against code-obfuscation attacks. The results were surprising: the three commercial virus scanners could be subverted by very simple obfuscation transformations! We present an architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations. Experimental results demonstrate the efficacy of our prototype tool, SAFE (a static analyzer for executables).
785 citations
27 Oct 2003
TL;DR: Experimental results indicate that significant portions of executables that have been obfuscated using the techniques described are disassembled incorrectly, thereby showing the efficacy of the methods.
Abstract: A great deal of software is distributed in the form of executable code. The ability to reverse engineer such executables can create opportunities for theft of intellectual property via software piracy, as well as security breaches by allowing attackers to discover vulnerabilities in an application. The process of reverse engineering an executable program typically begins with disassembly, which translates machine code to assembly code. This is then followed by various decompilation steps that aim to recover higher-level abstractions from the assembly code. Most of the work to date on code obfuscation has focused on disrupting or confusing the decompilation phase. This paper, by contrast, focuses on the initial disassembly phase. Our goal is to disrupt the static disassembly process so as to make programs harder to disassemble correctly. We describe two widely used static disassembly algorithms, and discuss techniques to thwart each of them. Experimental results indicate that significant portions of executables that have been obfuscated using our techniques are disassembled incorrectly, thereby showing the efficacy of our methods.
725 citations
8 May 2005
TL;DR: It is argued that obfuscation is an important technique for protecting an individual's location privacy within a pervasive computing environment and a formal framework within which obfuscated location-based services are defined is set out.
Abstract: Obfuscation concerns the practice of deliberately degrading the quality of information in some way, so as to protect the privacy of the individual to whom that information refers. In this paper, we argue that obfuscation is an important technique for protecting an individual's location privacy within a pervasive computing environment. The paper sets out a formal framework within which obfuscated location-based services are defined. This framework provides a computationally efficient mechanism for balancing an individual's need for high-quality information services against that individual's need for location privacy. Negotiation is used to ensure that a location-based service provider receives only the information it needs to know in order to provide a service of satisfactory quality. The results of this work have implications for numerous applications of mobile and location-aware systems, as they provide a new theoretical foundation for addressing the privacy concerns that are acknowledged to be retarding the widespread acceptance and use of location-based services.
723 citations
3 Jun 2012
TL;DR: This work demonstrates that an attacker can decipher the obfuscated nctlist, in a time linear to the number of keys, by sensitizing the key values to the output, and develops techniques to fix this vulnerability and make obfuscation truly exponential in thenumber of inserted keys.
Abstract: Due to globalization of Integrated Circuit (IC) design flow, rogue elements in the supply chain can pirate ICs, overbuild ICs, and insert hardware trojans. EPIC [1] obfuscates the design by randomly inserting additional gates; only a correct key makes the design to produce correct outputs. We demonstrate that an attacker can decipher the obfuscated nctlist, in a time linear to the number of keys, by sensitizing the key values to the output. We then develop techniques to fix this vulnerability and make obfuscation truly exponential in the number of inserted keys.
579 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2026 | 3 |
| 2025 | 140 |
| 2024 | 204 |
| 2023 | 285 |
| 2022 | 485 |
| 2021 | 92 |