A de-obfuscation system based on Markov models

Zhixuan Ni; Chenxu Wang; Jing Tao; Qi Zhang

doi:10.1117/12.2640798

A de-obfuscation system based on Markov models

Zhixuan Ni
, Chenxu Wang
, Jing Tao
, Qi Zhang

Faculty of Electronic and Information Engineering

Xi'an Jiaotong University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Android malware authors have widely used obfuscation techniques to avoid their harmful apps from detection. In this paper, we present an automatic method for de-obfuscation of Android apps. It is based on Markov models. Our tool mainly focuses on layout obfuscation created by obfuscator ProGuard, which is one of the most widely used obfuscators. The evaluation of the system verifies the effectiveness of the de-obfuscation task.

Original language	English
Title of host publication	International Conference on Computer Network Security and Software Engineering, CNSSE 2022
Editors	Wenshun Sheng, Yongquan Yan
Publisher	SPIE
ISBN (Electronic)	9781510655980
DOIs	https://doi.org/10.1117/12.2640798
State	Published - 2022
Event	2022 International Conference on Computer Network Security and Software Engineering, CNSSE 2022 - Zhuhai, China Duration: 25 Feb 2022 → 27 Feb 2022

Publication series

Name	Proceedings of SPIE - The International Society for Optical Engineering
Volume	12290
ISSN (Print)	0277-786X
ISSN (Electronic)	1996-756X

Conference

Conference	2022 International Conference on Computer Network Security and Software Engineering, CNSSE 2022
Country/Territory	China
City	Zhuhai
Period	25/02/22 → 27/02/22

Keywords

abstract syntax tree
de-obfuscation
Markov models
obfuscation

Access to Document

10.1117/12.2640798

Cite this

@inproceedings{c266a275783d49ab857117a4c8e94768,

title = "A de-obfuscation system based on Markov models",

abstract = "Android malware authors have widely used obfuscation techniques to avoid their harmful apps from detection. In this paper, we present an automatic method for de-obfuscation of Android apps. It is based on Markov models. Our tool mainly focuses on layout obfuscation created by obfuscator ProGuard, which is one of the most widely used obfuscators. The evaluation of the system verifies the effectiveness of the de-obfuscation task.",

keywords = "abstract syntax tree, de-obfuscation, Markov models, obfuscation",

author = "Zhixuan Ni and Chenxu Wang and Jing Tao and Qi Zhang",

note = "Publisher Copyright: {\textcopyright} 2022 SPIE.; 2022 International Conference on Computer Network Security and Software Engineering, CNSSE 2022 ; Conference date: 25-02-2022 Through 27-02-2022",

year = "2022",

doi = "10.1117/12.2640798",

language = "英语",

series = "Proceedings of SPIE - The International Society for Optical Engineering",

publisher = "SPIE",

editor = "Wenshun Sheng and Yongquan Yan",

booktitle = "International Conference on Computer Network Security and Software Engineering, CNSSE 2022",

}

Ni, Z, Wang, C, Tao, J & Zhang, Q 2022, A de-obfuscation system based on Markov models. in W Sheng & Y Yan (eds), International Conference on Computer Network Security and Software Engineering, CNSSE 2022., 1229008, Proceedings of SPIE - The International Society for Optical Engineering, vol. 12290, SPIE, 2022 International Conference on Computer Network Security and Software Engineering, CNSSE 2022, Zhuhai, China, 25/02/22. https://doi.org/10.1117/12.2640798

A de-obfuscation system based on Markov models. / Ni, Zhixuan; Wang, Chenxu; Tao, Jing et al.
International Conference on Computer Network Security and Software Engineering, CNSSE 2022. ed. / Wenshun Sheng; Yongquan Yan. SPIE, 2022. 1229008 (Proceedings of SPIE - The International Society for Optical Engineering; Vol. 12290).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A de-obfuscation system based on Markov models

AU - Ni, Zhixuan

AU - Wang, Chenxu

AU - Tao, Jing

AU - Zhang, Qi

PY - 2022

Y1 - 2022

N2 - Android malware authors have widely used obfuscation techniques to avoid their harmful apps from detection. In this paper, we present an automatic method for de-obfuscation of Android apps. It is based on Markov models. Our tool mainly focuses on layout obfuscation created by obfuscator ProGuard, which is one of the most widely used obfuscators. The evaluation of the system verifies the effectiveness of the de-obfuscation task.

AB - Android malware authors have widely used obfuscation techniques to avoid their harmful apps from detection. In this paper, we present an automatic method for de-obfuscation of Android apps. It is based on Markov models. Our tool mainly focuses on layout obfuscation created by obfuscator ProGuard, which is one of the most widely used obfuscators. The evaluation of the system verifies the effectiveness of the de-obfuscation task.

KW - abstract syntax tree

KW - de-obfuscation

KW - Markov models

KW - obfuscation

UR - https://www.scopus.com/pages/publications/85140992386

U2 - 10.1117/12.2640798

DO - 10.1117/12.2640798

M3 - 会议稿件

AN - SCOPUS:85140992386

T3 - Proceedings of SPIE - The International Society for Optical Engineering

BT - International Conference on Computer Network Security and Software Engineering, CNSSE 2022

A2 - Sheng, Wenshun

A2 - Yan, Yongquan

PB - SPIE

T2 - 2022 International Conference on Computer Network Security and Software Engineering, CNSSE 2022

Y2 - 25 February 2022 through 27 February 2022

ER -

A de-obfuscation system based on Markov models

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this