Twinner: A framework for automated software deobfuscation

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

MOMENI B.; KHARRAZI M.

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: Scientia Iranica Year:2019 | Volume:26 | Issue:6 (Special Issue on: Transactions D: Computer Science & Engineering and Electrical Engineering) Page(s): 3485-3509

Download Full-Text

View:

172

Download:

131

Cites:

Information Journal Paper

Title

Twinner: A framework for automated software deobfuscation

Author(s)

MOMENI B. | KHARRAZI M. | Issue Writer Certificate

Keywords

Virtualization obfuscation

Malware analysis

Automated deobfuscation

Twincode generation

Abstract

Malware analysis is essential to understanding the internal logic and intent of malware programs in order to mitigate their threats. As the analysis methods have evolved, malware authors have adopted more techniques such as the Virtualization obfuscation to protect the malware inner workings. This manuscript presents a framework for deobfuscating software which abstracts the input program as much as a mathematical model of its behavior, through monitoring every single operation performed during the malware execution. Also the program is guided to run through its di erent execution paths automatically in order to gather as much knowledge as possible in the shortest time span. This makes it possible to nd hidden logics and deobfuscate di erent obfuscation techniques without being dependent on their speci c details. The resulting model is then recoded as a C program without the arti cially added complexities. This code is called a twincode and behaves in the same manner as the obfuscated binary. As a proof of concept, the proposed framework is implemented and its e ectiveness is evaluated on obfuscated binaries. Program control flow graphs are inspected as a measure of successful code recovery. The performance of the proposed framework is evaluated using the set of SPEC test programs.

Multimedia

No record.

Cites

No record.

References

No record.

Cite

APA: Copy

MOMENI, B., & KHARRAZI, M.. (2019). Twinner: A framework for automated software deobfuscation. SCIENTIA IRANICA, 26(6 (Special Issue on: Transactions D: Computer Science & Engineering and Electrical Engineering)), 3485-3509. SID. https://sid.ir/paper/290877/en

Vancouver: Copy

MOMENI B., KHARRAZI M.. Twinner: A framework for automated software deobfuscation. SCIENTIA IRANICA[Internet]. 2019;26(6 (Special Issue on: Transactions D: Computer Science & Engineering and Electrical Engineering)):3485-3509. Available from: https://sid.ir/paper/290877/en

IEEE: Copy

B. MOMENI, and M. KHARRAZI, “Twinner: A framework for automated software deobfuscation,” SCIENTIA IRANICA, vol. 26, no. 6 (Special Issue on: Transactions D: Computer Science & Engineering and Electrical Engineering), pp. 3485–3509, 2019, [Online]. Available: https://sid.ir/paper/290877/en

Related Journal Papers

No record.

Related Seminar Papers

No record.

Related Plans

No record.

Recommended Workshops