ByteWise: A Case Study in Neural Network Obfuscation Identification Conference Paper uri icon

abstract

  • Researchers taking advantage of recent advancements in neural networks have made leaps in many fields such as image recognition, natural language processing, and speech recognition. However, little work has been done with neural networks in the field of binary analysis. Recently, researchers have used neural networks to recognize function boundaries in binaries, using only the bytes of the programs as features. In this paper, we extend their work to detect the bytes of bogus basic blocks added in the dead branches of opaque predicates. We perform a case study using the bogus control flow transformation offered by Obfuscator-LLVM. We detect the bytes of bogus basic blocks with a 94% F1 score. This information can be used to prune code for static reverse engineering. We believe this line of research will yield optimized triage, reverse engineering tools, and malware detection based on obfuscation identification using neural networks.

author list (cited authors)

  • Jones, L., Banescu, S., Christman, D., & Carlisle, M.

citation count

  • 1

publication date

  • January 2018

publisher