(DEPSCOR FY 09) Obfuscation and Deobfuscation of Intent of Computer Programs
Final rept. 30 Sep 2009-29 Sep 2012
LOUISIANA UNIV LAFAYETTE
Pagination or Media Count:
This research aimed at developing a theoretical framework to predict the next obfuscation or deobfuscation move of the adversary, with the intent of making cyber defense proactive. The goal was to understand the relationship between obfuscation and deobfuscation techniques employed in malware offense and defense. The strategy was to build upon previous work of Giacobazzi and Dalla Preda on modeling obfuscation and deobfuscation as abstract interpretations, further that effort by developing an analytical model of the best obfuscation with respect to a deobfuscator. In addition, this research aimed at developing cost models for obfuscation and deobfuscations. The key findings of this research include a theoretical model of computing the best obfuscation for a deobfuscator, a method for context-sensitive analysis of obfuscated code, a method for learning obfuscation transformations used by a metamorphic engine, several insights into the use of machine learning in deobfuscation, and game-theoretic models of certain scenarios of offense-defense games in software protection.
- Computer Programming and Software
- Computer Systems Management and Standards