期刊文献+

一种基于Huffman和LZW编码的移动应用混淆方法 被引量:3

Obfuscation Tool for Mobile Apps Based on Huffman and LZW Encoding
下载PDF
导出
摘要 二进制混淆技术在规避恶意软件分析、防止利用逆向工程篡改中扮演着重要的角色.一些广泛使用的混淆技术关注于基于语法的检测,基于语义的分析技术在很多年前也已经被提出以防止逃避检测.近年来,一些考虑到统计特征和基于语义的二进制混淆技术开始被提出,这些方法开始关注混淆的隐蔽性,但总体来说效率较低或无法同时考虑到安全性的要求.提出一种针对Android移动应用的、基于Huffman编码和LZW编码的二进制混淆技术,同时将强度、开销和隐蔽性等考虑在内,具备规避基于统计特性和语义特征检测的能力.该技术构造混淆所需的指令编码表,一方面利用编码表对原始指令序列进行置乱,提高混淆技术的隐蔽性;另一方面,将核心编码表从代码执行数据段分离,通过白盒AES加密的方式在提高混淆技术本身安全性的同时隐藏密钥及密钥查找算法.研发出该技术工具原型Obfus Droid.最后,从安全强度、开销、平台适应性和隐蔽性这几个方面,对该技术进行评估和阐述. Binary obfuscation plays an essential role in evading malware analysis and tampering with reverse engineering. Some widely used code obfuscation techniques focus on evading syntax based detection, however semantic analysis techniques have been developed to thwart their evasion attempts. Recently some binary obfuscation techniques with potential of evading both statistical and semantic detections have been proposed, taking concealment into account but lacking efficiency or security strength. This study proposes a binary obfuscation technique for mobile apps based on LZW and Huffman encoding to offer the potential of evading both statistical and semantic detections while taking intensity and concealment into account. This technique constructs the required instruction encoding tables. On one hand, it scrambles the sequence of original instructions with encoding tables to improve the intensity and conceatment. On the other hand, it reinforces intensity by separating the encoding tables encrypted by white-box AES from code segment, concealing the key and lookup algorithm, in order to evading attacks on keys. A prototype tool for this technique, called ObfusDroid, is put forward, and an evaluation on ObfusDroid is given from aspects of intensity, cost, compatibility and concealment to demonstrate its capability of evading statistical analysis.
出处 《软件学报》 EI CSCD 北大核心 2017年第9期2264-2280,共17页 Journal of Software
基金 国家高技术研究发展计划(863)(2015AA017202)~~
关键词 二进制 混淆 隐蔽性 HUFFMAN LZW 白盒AES加密 binary obfuscation concealment Huffman LZW White-box AES cryptography
  • 相关文献

参考文献1

二级参考文献15

  • 1Van Oorschot P C.Revisiting Software Protection[C]∥Proc of the6th International Information Security Conference(ISC’03),2006:1-13.
  • 2Collberg C,Nagra J.Surreptitious Software:Obfuscation,Watermarking,and Tamperproofing for Software Protection[M].San Francisco:No Starch Press,2002.
  • 3Tamperproofing for Program Protection[M].Addison-Wes-ley Professional,2009.
  • 4Debray S,Evans W.Profile-Guided Code Compression[C]∥Proc of the ACM SIGPLAN Conference on Programming Language Design and Implementation,2002:95-105.
  • 5Linn C,Debray S.Obfuscation of Executable Code to Im-prove Resistance to Static Disassembly[C]∥Proc of the10th ACM Conference on Computer and Communi-cations Securi-ty,2003:290-299.
  • 6Lin H,Mo Xuan-sheng,Gao Ying.Based on RSA and Self-Modifying Mechanism of Software Protection[C]∥Proc of the2010International Symposium on Parallel and Distributed Processing with Applications,2010:474-477.
  • 7Ansel J,Marchenki P,Erlingsson U,et al.Language-Inde-pendent Sandboxing of Just-in-Time Compilation and Self-Modifying Code[C]∥Proc of the32nd ACM SIGPLIN Con-ference on Programming Language Design and Implemention,2011:355-366.
  • 8Collberg C,Thomborson C.Watermarking,Tamper-Proo-fing,and Obfuscation-Tools for Software Protection[J].IEEE Transactions on Software Engineering,2002,28(6):735-746.
  • 9Cappaert J,Preneel B,Anckaert B,et al.Towards Tamper Resistant Code Encryption:Practice and Experience[J].LNCS,2008j,4991:86-100.
  • 10Kanzaki Y,Monden A,Nakamura M,et al.Exploiting Self-Modification Mechanism for Program Protection[C]∥Proc of the27th Annual Computer Software and Applications Conference,2003:170-179.

共引文献4

同被引文献13

引证文献3

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部