ByteWise: A Case Study in Neural Network Obfuscation Identification
Conference Paper
Overview
Research
Identity
Additional Document Info
Other
View All
Overview
abstract
Researchers taking advantage of recent advancements in neural networks have made leaps in many fields such as image recognition, natural language processing, and speech recognition. However, little work has been done with neural networks in the field of binary analysis. Recently, researchers have used neural networks to recognize function boundaries in binaries, using only the bytes of the programs as features. In this paper, we extend their work to detect the bytes of bogus basic blocks added in the dead branches of opaque predicates. We perform a case study using the bogus control flow transformation offered by Obfuscator-LLVM. We detect the bytes of bogus basic blocks with a 94% F1 score. This information can be used to prune code for static reverse engineering. We believe this line of research will yield optimized triage, reverse engineering tools, and malware detection based on obfuscation identification using neural networks.
name of conference
2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC)