Skip to main content
Kent Academic Repository

Partial Evaluation of String Obfuscations for Java Malware Detection

Chawdhary, Aziem, King, Andy, Singh, Ranjeet (2016) Partial Evaluation of String Obfuscations for Java Malware Detection. Formal Aspects of Computing, 29 (1). ISSN 0934-5043. E-ISSN 1433-299X. (doi:10.1007/s00165-016-0357-3) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided) (KAR id:53716)

The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided.
Official URL:
https://doi.org/10.1007/s00165-016-0357-3

Abstract

The fact that Java is platform independent gives hackers the opportunity to write exploits that can target users on any platform, which has a JVM implementation. Metasploit is a well-known source of Javaexploits and to circumvent detection by Anti Virus (AV) software, obfuscation techniques are routinely applied to make an exploit more difficult to recognise. Popular obfuscation techniques for Java include stringobfuscation and applying reflection to hide method calls; two techniques that can either be used together or independently. This paper shows how to apply partial evaluation to remove these obfuscations and thereby improve AV matching. The paper presents a partial evaluator for Jimple, which is an intermediate language for JVM bytecode designed for optimisation and program analysis, and demonstrates how partially evaluated Jimple code, when transformed back into Java, improves the detection rates of a number of commercial AV products.

Item Type: Article
DOI/Identification number: 10.1007/s00165-016-0357-3
Uncontrolled keywords: Partial evaluation; Malware detection; String deobfuscation
Subjects: Q Science
Q Science > QA Mathematics (inc Computing science)
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Andy King
Date Deposited: 14 Jan 2016 14:41 UTC
Last Modified: 05 Nov 2024 10:40 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/53716 (The current URI for this page, for reference purposes)

University of Kent Author Information

Chawdhary, Aziem.

Creator's ORCID:
CReDIT Contributor Roles:

King, Andy.

Creator's ORCID: https://orcid.org/0000-0001-5806-4822
CReDIT Contributor Roles:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.