基于分片融合的代码隐式混淆技术

doi:10.13328/j.cnki.jos.006719

微信服务号

微信订阅号

2025年5月11日 11:21 星期日

首页 > 过刊浏览>2023年第34卷第4期 >1650-1665. DOI:10.13328/j.cnki.jos.006719

PDF HTML阅读 XML下载导出引用引用提醒

基于分片融合的代码隐式混淆技术
DOI:
                        10.13328/j.cnki.jos.006719
                    
CSTR:
                        
                    
作者:
                        于璞于璞
数学工程与先进计算国家重点实验室, 河南 郑州 450001
在期刊界中查找
在百度中查找
在本站中查找
舒辉舒辉
数学工程与先进计算国家重点实验室, 河南 郑州 450001
在期刊界中查找
在百度中查找
在本站中查找
熊小兵熊小兵
数学工程与先进计算国家重点实验室, 河南 郑州 450001
在期刊界中查找
在百度中查找
在本站中查找
康绯康绯
数学工程与先进计算国家重点实验室, 河南 郑州 450001
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:于璞(1996-),男,硕士生,主要研究领域为网络安全,代码保护;熊小兵(1985-),男,博士,副教授,主要研究领域为逆向工程,软件保护;舒辉(1974-),男,博士,教授,博士生导师,主要研究领域为网络安全,逆向工程;康绯(1972-),女,教授,主要研究领域为网络安全.
通讯作者:
中图分类号:TP311
基金项目:国家重点研发计划(2016YFB08011601)

Implicit Code Obfuscation Technique Based on Code Slice Fusion

Author:

YU Pu
YU Pu
State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China
在期刊界中查找
在百度中查找
在本站中查找
SHU Hui
SHU Hui
State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China
在期刊界中查找
在百度中查找
在本站中查找
XIONG Xiao-Bing
XIONG Xiao-Bing
State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China
在期刊界中查找
在百度中查找
在本站中查找
KANG Fei
KANG Fei
State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China
在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [20]

相似文献

引证文献

资源附件

文章评论

摘要:

目前, 在代码保护技术研究领域, 传统的混淆方法具有明显的混淆特征, 分析人员可根据特征对其进行定制化的去混淆处理. 为此, 提出了一种基于分片融合的代码保护技术, 通过在源代码层面将目标代码按照语法规则进行代码分片,依据执行顺序与语法规则,将分片插入另一程序的不同位置, 在修复函数调用过程与数据关系后, 形成可正常运行两个代码功能的融合后代码. 在实验部分, 对混淆后的代码, 从运行效率、代码复杂度影响、代码相似性这3个维度, 与其他混淆技术进行对比. 从测试结果可以看出: 基于分片融合的代码隐式混淆技术能够有效地模糊代码语义, 改变控制流特征, 且没有明显的混淆特征. 因此, 融合技术在对抗多种相似性对比算法的能力上有明显优势.

关键词:代码保护;混淆;代码分片;融合;混淆特征

Abstract:

At present, in the field of code protection technology research, traditional obfuscation methods have obvious obfuscation characteristics, and analysts can perform customized de-obfuscation processing based on these characteristics. For this reason, this study proposes a code protection technology based on code slice fusion. This technology slices the target code into code fragments according to grammatical rules at the source code level, and inserts the fragments into different positions of another program according to the execution order and grammatical rules. After repairing the function call process and the data relationship, the fusion code that can run the two code functions normally is formed. A comparative experiment for the fusion code is carried out from three perspectives, namely, resource overhead, code complexity impact, and code similarity. The test results demonstrate that the implicit code obfuscation technique based on code slice fusion can effectively obfuscate code semantics, change control flow characteristics, and has no obvious obfuscation characteristics. Therefore, fusion technology has obvious advantages in the ability to fight against multiple similarity comparison algorithms.

Key words:code protection;obfuscation;code slice;fuse;obfuscation characteristics

参考文献

[1] Collberg C, Thomborson C, Low D. A taxonomy of obfuscating transformations. Technical Report, 148. Department of Computer Science the University of Auckland New Zealand, 1997.[doi:10.1109/SEFM.2005.13]

[2] Blazy S, Trieu A. Formal verification of control-flow graph flattening. In:Proc. of the 5th ACM SIGPLAN Conf. on Certified Programs and Proofs. St. Petersburg:ACM, 2016. 176-187.[doi:10.1145/2854065.2854082]

[3] Hosseinzadeh S, Rauti S, Laurén S, et al. Diversification and obfuscation techniques for software security:A systematic literature review. Information and Software Technology, 2018, 104:72-93.[doi:10.1016/j.infsof.2018.07.007]

[4] Ismanto RN, Salman M. Improving security level through obfuscation technique for source code protection using aes algorithm. In:Proc. of the 7th the Int'l Conf. on Communication and Network Security (ICCNS 2017). Tokyo:ACM, 2017. 18-22.[doi:10.1145/3163058.3163071]

[5] Qin J, Bai Z, Bai Y. Polymorphic algorithm of javascript code protection. In:Proc. of the 2008 Int'l Symp. on Computer Science and Computational Technology. Shanghai:IEEE, 2008.[doi:10.1109/ISCSCT.2008.48]

[6] Fass A, Backes M, Stock B. HideNoSeek:Camouflaging malicious Javascript in benign asts. In:Proc. of the 2019 ACM SIGSAC Conf. on Computer and Communications Security. London:ACM, 2019. 1899-1913.[doi:10.1145/3319535. 3345656]

[7] Popov IV, Debray SK, Andrews GR. Binary obfuscation using signals. In:Proc. of the USENIX Security Symp. 2007. 275-290.

[8] Darwish SM, Guirguis SK, Zalat MS. Stealthy code obfuscation technique for software security. In:Proc. of the 2010 Int'l Conf. on Computer Engineering & Systems. Cairo:IEEE, 2010. 93-99.[doi:10.1109/ICCES.2010.5674830]

[9] Peng Y, Su G, Tian B, et al. Control flow obfuscation based protection method for android applications. China Communications, 2017, 14(11):247-259.[doi:10.1109/CC.2017.8233664]

[10] Xu D, Ming J, Wu D. Generalized dynamic opaque predicates:A new control flow obfuscation method. In:Bishop M, Nascimento ACA, eds. Proc. of the Information Security, Vol.9866. Cham:Springer Int'l Publishing, 2016. 323-342.[doi:10.1007/978-3-319- 45871-7_20]

[11] Junod P, Rinaldini J, Wehrli J, et al. Obfuscator-llvm-Software protection for the masses. In:Proc. of the 2015 IEEE/ACM 1st Int'l Workshop on Software Protection. Florence:IEEE, 2015. 3-9.[doi:10.1109/SPRO.2015.10]

[12] Lim K, Jeong J, Cho S, et al. An anti-reverse engineering technique using native code and obfuscator- llvm for android applications. In:Proc. of the Int'l Conf. on Research in Adaptive and Convergent Systems. Krakow:ACM, 2017. 217-221.[doi:10.1145/3129676.3129708]

[13] Ming J, Xu D, Wang L, et al. LOOP:Logic-oriented opaque predicate detection in obfuscated binary code. In:Proc. of the 22nd ACM SIGSAC Conf. on Computer and Communications Security. Denver:ACM, 2015. 757-768.[doi:10.1145/2810103.2813617]

[14] Balachandran V, Keong NW, Emmanuel S. Function level control flow obfuscation for software security. In:Proc. of the 8th Int'l Conf. on Complex, Intelligent and Software Intensive Systems. Birmingham:IEEE, 2014. 133-140.[doi:10.1109/CISIS. 2014.20]

[15] Collberg C, Myles GR, Huntwork A. Sandmark-A tool for software protection research. IEEE Security & Privacy, 2003, 1(4):40-49.[doi:10.1109/MSECP.2003.1219058]

[16] Kulkarni A, Metta R. A code obfuscation framework using code clones. In:Proc. of the 22nd Int'l Conf. on Program Comprehension (ICPC 2014). Hyderabad:ACM, 2014. 295-299.[doi:10.1145/2597008.2597807]

[17] Aravalli S. Some novice methods for software protection with obfuscation[MS. Thesis]. University of New Orleans, 2006.

[18] Yu P, Shu H, Xiong X, et al. A random code generation method based on syntax tree layering model. In:Proc. of the Int'l Conf. on Electronic Information Engineering and Computer Technology (EIECT 2021), Vol.12087. SPIE, 2021. 465-476.

[19] Ding SHH, Fung BCM, Charland P. Asm2Vec:Boosting static representation robustness for binary clone search against code obfuscation and compiler optimization. In:Proc. of the 2019 IEEE Symp. on Security and Privacy (SP). San Francisco:IEEE, 2019. 472-489.[doi:10.1109/SP.2019.00003]

[20] Ding SHH, Fung BCM, Charland P. Kam1n0:Mapreduce-based assembly clone search for reverse engineering. In:Proc. of the 22nd ACM SIGKDD Int'l Conf. on Knowledge Discovery and Data Mining. San Francisco:ACM, 2016. 461-470.[doi:10.1145/2939672.2939719]

引用本文

于璞,舒辉,熊小兵,康绯.基于分片融合的代码隐式混淆技术.软件学报,2023,34(4):1650-1665

复制

文章指标

点击次数:
下载次数:
HTML阅读次数:
引用次数:

历史

收稿日期:2021-09-02
最后修改日期:2022-03-22
录用日期:
在线发布日期: 2023-04-04
出版日期: 2023-04-06

微信服务号

微信订阅号

引用本文

相关视频

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

相关视频

分享

微信扫一扫：分享

文章指标

历史

文章二维码