45
0
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | 이우석 | - |
| dc.date.accessioned | 2024-06-17T23:53:23Z | - |
| dc.date.available | 2024-06-17T23:53:23Z | - |
| dc.date.issued | 2023-11-21 | - |
| dc.identifier.citation | CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, page. 2351-2365 | en_US |
| dc.identifier.uri | https://dl.acm.org/doi/10.1145/3576915.3623186 | en_US |
| dc.identifier.uri | https://repository.hanyang.ac.kr/handle/20.500.11754/190777 | - |
| dc.description.abstract | Mixed Boolean Arithmetic (MBA) obfuscation transforms a pro- gram expression into an equivalent but complex expression that is hard to understand. MBA obfuscation has been popular to pro- tect programs from reverse engineering thanks to its simplicity and effectiveness. However, it is also used for evading malware detection, necessitating the development of effective MBA deob- fuscation techniques. Existing deobfuscation methods suffer from either of the four limitations: (1) lack of general applicability, (2) lack of flexibility, (3) lack of scalability, and (4) lack of correctness. In this paper, we propose a versatile MBA deobfuscation method that synergistically combines program synthesis, term rewriting, and an algebraic simplification method. The key novelty of our approach is that we perform on-the-fly learning of transformation rules for deobfuscation, and apply them to rewrite the input MBA expression. We implement our method in a tool called ProMBA and evaluate it on over 4000 MBA expressions obfuscated by the state-of-the-art obfuscation tools. Experimental results show that our method outperforms the state-of-the-art MBA deobfuscation tool by a large margin, successfully simplifying a vast majority of the obfuscated expressions into their original forms. | en_US |
| dc.description.sponsorship | We thank the reviewers for insightful comments. The first author majors in Bio Artificial Intelligence. This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2021R1A5A1021944) and Institute for Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2022-0-00995). | en_US |
| dc.language | en_US | en_US |
| dc.publisher | ACM | en_US |
| dc.relation.ispartofseries | ;2351-2365 | - |
| dc.subject | Program Synthesis | en_US |
| dc.subject | Mixed Boolean Arithmetic Obfuscation | en_US |
| dc.subject | Term Rewriting | en_US |
| dc.title | Simplifying Mixed Boolean-Arithmetic Obfuscation by Program Synthesis and Term Rewriting | en_US |
| dc.type | Article | en_US |
| dc.identifier.doi | https://doi.org/10.1145/3576915.3623186 | en_US |
| dc.relation.page | 2351-2365 | - |
| dc.contributor.googleauthor | Lee, Jaehyung | - |
| dc.contributor.googleauthor | Lee, Woosuk | - |
| dc.relation.code | 20230008 | - |
| dc.sector.campus | E | - |
| dc.sector.daehak | COLLEGE OF COMPUTING[E] | - |
| dc.sector.department | SCHOOL OF COMPUTER SCIENCE | - |
| dc.identifier.pid | woosuk | - |
- Appears in Collections:
- COLLEGE OF COMPUTING[E](소프트웨어융합대학) > COMPUTER SCIENCE(소프트웨어학부) > Articles
- Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
