Accession Number : ADA583338


Title :   (DEPSCOR FY 09) Obfuscation and Deobfuscation of Intent of Computer Programs


Descriptive Note : Final rept. 30 Sep 2009-29 Sep 2012


Corporate Author : LOUISIANA UNIV LAFAYETTE


Personal Author(s) : Lakhotia, Arun ; Phoha, Vir V


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a583338.pdf


Report Date : 21 Dec 2012


Pagination or Media Count : 13


Abstract : This research aimed at developing a theoretical framework to predict the next obfuscation (or deobfuscation) move of the adversary, with the intent of making cyber defense proactive. The goal was to understand the relationship between obfuscation and deobfuscation techniques employed in malware offense and defense. The strategy was to build upon previous work of Giacobazzi and Dalla Preda on modeling obfuscation and deobfuscation as abstract interpretations, further that effort by developing an analytical model of the best obfuscation with respect to a deobfuscator. In addition, this research aimed at developing cost models for obfuscation and deobfuscations. The key findings of this research include: a theoretical model of computing the best obfuscation for a deobfuscator, a method for context-sensitive analysis of obfuscated code, a method for learning obfuscation transformations used by a metamorphic engine, several insights into the use of machine learning in deobfuscation, and game-theoretic models of certain scenarios of offense-defense games in software protection.


Descriptors :   *COMPUTER PROGRAMS , COMPUTER SECURITY , COST MODELS , GAME THEORY , POLYMORPHISM


Subject Categories : Computer Programming and Software
      Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE