基于符号执行的通用O-LLVM自动多架构去混淆框架

Proceedings of the 4th International Conference on Advanced Information Science and System Pub Date : 2022-11-25 DOI:10.1145/3573834.3574541

Yuhan Li, Bin Wen, Haixiao Zheng

{"title":"基于符号执行的通用O-LLVM自动多架构去混淆框架","authors":"Yuhan Li, Bin Wen, Haixiao Zheng","doi":"10.1145/3573834.3574541","DOIUrl":null,"url":null,"abstract":"Nowadays, the O-LLVM obfuscation framework makes it difficult to analyze various types of malware. To address this problem, this paper proposes a multi-architecture automated deobfuscation framework GOAMD specifically for O-LLVM obfuscation technology, which can intelligently identify the differences of programs on different architectures and perform targeted deobfuscation work on them. The experimental results show that the framework has high deobfuscation accuracy and portability.","PeriodicalId":345434,"journal":{"name":"Proceedings of the 4th International Conference on Advanced Information Science and System","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Generic O-LLVM Automatic Multi-architecture Deobfuscation Framework Based on Symbolic Execution\",\"authors\":\"Yuhan Li, Bin Wen, Haixiao Zheng\",\"doi\":\"10.1145/3573834.3574541\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays, the O-LLVM obfuscation framework makes it difficult to analyze various types of malware. To address this problem, this paper proposes a multi-architecture automated deobfuscation framework GOAMD specifically for O-LLVM obfuscation technology, which can intelligently identify the differences of programs on different architectures and perform targeted deobfuscation work on them. The experimental results show that the framework has high deobfuscation accuracy and portability.\",\"PeriodicalId\":345434,\"journal\":{\"name\":\"Proceedings of the 4th International Conference on Advanced Information Science and System\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 4th International Conference on Advanced Information Science and System\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3573834.3574541\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 4th International Conference on Advanced Information Science and System","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3573834.3574541","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

目前，O-LLVM混淆框架使得分析各种类型的恶意软件变得困难。针对这一问题，本文提出了一种针对O-LLVM混淆技术的多架构自动去混淆框架GOAMD，该框架可以智能识别不同架构上的程序差异，并对其进行有针对性的去混淆工作。实验结果表明，该框架具有较高的去混淆精度和可移植性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Generic O-LLVM Automatic Multi-architecture Deobfuscation Framework Based on Symbolic Execution

Nowadays, the O-LLVM obfuscation framework makes it difficult to analyze various types of malware. To address this problem, this paper proposes a multi-architecture automated deobfuscation framework GOAMD specifically for O-LLVM obfuscation technology, which can intelligently identify the differences of programs on different architectures and perform targeted deobfuscation work on them. The experimental results show that the framework has high deobfuscation accuracy and portability.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 4th International Conference on Advanced Information Science and System

自引率

0.00%

发文量