{"title":"通过红外可视化检测密码","authors":"Patrick Kochberger, Florian Seitl","doi":"10.1109/ICSSA45270.2018.00015","DOIUrl":null,"url":null,"abstract":"The detection of important functionality in binaries is a complex and time consuming task in reverse engineering and malware analysis. Especially cryptographic routines as part of an executable are of interest to an analyst. There are already several automated techniques for finding cryptography within a binary available, ranging from static signatures detection to dynamic behavioural observation. This paper presents a novel approach for functionality detection through the disassembly of binaries, lifted into an intermediate representation (IR). A visualization of the IR then aids an human analyst to find functionality. We evaluate the approach with a binary containing the libgcrypt cryptographic library. The results suggest this to be another useful method for visual binary analysis.","PeriodicalId":223442,"journal":{"name":"2018 International Conference on Software Security and Assurance (ICSSA)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detecting Cryptography through IR Visualization\",\"authors\":\"Patrick Kochberger, Florian Seitl\",\"doi\":\"10.1109/ICSSA45270.2018.00015\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The detection of important functionality in binaries is a complex and time consuming task in reverse engineering and malware analysis. Especially cryptographic routines as part of an executable are of interest to an analyst. There are already several automated techniques for finding cryptography within a binary available, ranging from static signatures detection to dynamic behavioural observation. This paper presents a novel approach for functionality detection through the disassembly of binaries, lifted into an intermediate representation (IR). A visualization of the IR then aids an human analyst to find functionality. We evaluate the approach with a binary containing the libgcrypt cryptographic library. The results suggest this to be another useful method for visual binary analysis.\",\"PeriodicalId\":223442,\"journal\":{\"name\":\"2018 International Conference on Software Security and Assurance (ICSSA)\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference on Software Security and Assurance (ICSSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSSA45270.2018.00015\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Software Security and Assurance (ICSSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSSA45270.2018.00015","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The detection of important functionality in binaries is a complex and time consuming task in reverse engineering and malware analysis. Especially cryptographic routines as part of an executable are of interest to an analyst. There are already several automated techniques for finding cryptography within a binary available, ranging from static signatures detection to dynamic behavioural observation. This paper presents a novel approach for functionality detection through the disassembly of binaries, lifted into an intermediate representation (IR). A visualization of the IR then aids an human analyst to find functionality. We evaluate the approach with a binary containing the libgcrypt cryptographic library. The results suggest this to be another useful method for visual binary analysis.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
