Obfuscation-Resilient Semantic Functionality Identification Through Program Simulation

Veröffentlichungen: Beitrag in BuchBeitrag in KonferenzbandPeer Reviewed

Abstract

Figuring out whether a particular semantic functionality exists in a binary program is challenging. While pattern-matching-based detection is susceptible to syntactic changes of the code, formal equivalence proofs quickly hit complexity limitations in practice. In this paper, we present SimID, a novel approach to semantic detection of functionality based on observation of input-output behavior of functions during simulated program execution. An evaluation with 4259 functions from 31 binary programs demonstrates that the approach has high detection accuracy across various compilers and even computing architectures (x86-64 and ARM64) as well as in the presence of state-of-the-art obfuscations such as code virtualization. Analysis complexity is low enough for practical use cases.
OriginalspracheEnglisch
TitelSecure IT Systems
Untertitel27th Nordic Conference, NordSec 2022, Reykjavic, Iceland, November 30–December 2, 2022, Proceedings
Redakteure*innenHans P. Reiser, Marcel Kyas
ErscheinungsortCham
Herausgeber (Verlag)Springer
Seiten273-291
Seitenumfang19
ISBN (elektronisch)978-3-031-22295-5
ISBN (Print)978-3-031-22294-8
DOIs
PublikationsstatusVeröffentlicht - 1 Nov. 2022

ÖFOS 2012

  • 102016 IT-Sicherheit

Fingerprint

Untersuchen Sie die Forschungsthemen von „Obfuscation-Resilient Semantic Functionality Identification Through Program Simulation“. Zusammen bilden sie einen einzigartigen Fingerprint.

Zitationsweisen