Mondon, Pierre, de Lemos, Rogério (2024) Detecting Cryptographic Functions for String Obfuscation. In: 2024 IEEE International Conference on Cyber Security and Resilience (CSR). 2024 IEEE International Conference on Cyber Security and Resilience (CSR). 97. pp. 315-320. IEEE ISBN 979-8-3503-7537-4. E-ISBN 979-8-3503-7536-7. (doi:10.1109/csr61664.2024.10679462) (KAR id:107434)
|
PDF
Author's Accepted Manuscript
Language: English 
This work is licensed under a Creative Commons Attribution 4.0 International License.
|
|
|
Download this file (PDF/362kB) |
Preview |
| Request a format suitable for use with assistive technology e.g. a screenreader | |
| Official URL: https://doi.org/10.1109/csr61664.2024.10679462 |
|
Abstract
Analysing complex evasion and obfuscation techniques is crucial for creating more robust defences against malware. String obfuscation is an easy-to-implement technique that hides information, such as domain names, registry keys, etc. Its detection and removal allow malware to be more accurately analysed. This paper proposes a new method for generating detectors for string obfuscation in binary executables. This is achieved by combining features extracted from the assembly of a binary, and its respective control flow graph and the directed graph derived from the control flow graph. Our method generates highly efficient detectors tailored for string obfuscation achieving more than 90% across all evaluation metrics.
| Item Type: | Conference or workshop item (Paper) |
|---|---|
| DOI/Identification number: | 10.1109/csr61664.2024.10679462 |
| Additional information: | © 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works |
| Uncontrolled keywords: | Measurement, Directed graphs, Detectors, Feature extraction, Malware, Flow graphs, Cryptography |
| Subjects: | Q Science > QA Mathematics (inc Computing science) |
| Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
| Funders: | University of Kent (https://ror.org/00xkeyj56) |
| SWORD Depositor: | JISC Publications Router |
| Depositing User: | JISC Publications Router |
| Date Deposited: | 09 Oct 2024 14:15 UTC |
| Last Modified: | 05 Nov 2024 13:13 UTC |
| Resource URI: | https://kar.kent.ac.uk/id/eprint/107434 (The current URI for this page, for reference purposes) |
University of Kent Author Information
Mondon, Pierre.
| Creator's ORCID: | |
|---|---|
| CReDIT Contributor Roles: |
de Lemos, Rogério.
| Creator's ORCID: |
 https://orcid.org/0000-0002-0281-6308
|
|---|---|
| CReDIT Contributor Roles: |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):
Altmetric
Altmetric
