FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2891539454> ?p ?o ?g. }

• W2891539454 abstract "Code virtualization is a highly sophisticated obfuscation technique adopted by malware authors to stay under the radar. However, the increasing complexity of code virtualization also becomes a double-edged sword for practical application. Due to its performance limitations and compatibility problems, code virtualization is seldom used on an entire program. Rather, it is mainly used only to safeguard the key parts of code such as security checks and encryption keys. Many techniques have been proposed to reverse engineer the virtualized code, but they share some common limitations. They assume the scope of virtualized code is known in advance and mainly focus on the classic structure of code emulator. Also, few work verifies the correctness of their deobfuscation results. In this paper, with fewer assumptions on the type and scope of code virtualization, we present a verifiable method to address the challenge of partially-virtualized binary code simplification. Our key insight is that code virtualization is a kind of process-level virtual machine (VM), and the context switch patterns when entering and exiting the VM can be used to detect the VM boundaries. Based on the scope of VM boundary, we simplify the virtualized code. We first ignore all the instructions in a given virtualized snippet that do not affect the final result of that snippet. To better revert the data obfuscation effect that encodes a variable through bitwise operations, we then run a new symbolic execution called multiple granularity symbolic execution to further simplify the trace snippet. The generated concise symbolic formulas facilitate the correctness testing of our simplification results. We have implemented our idea as an open source tool, VMHunt, and evaluated it with real-world applications and malware. The encouraging experimental results demonstrate that VMHunt is a significant improvement over the state of the art." @default.
• W2891539454 created "2018-09-27" @default.
• W2891539454 creator A5003467063 @default.
• W2891539454 creator A5008435786 @default.
• W2891539454 creator A5025582376 @default.
• W2891539454 creator A5087023767 @default.
• W2891539454 date "2018-10-15" @default.
• W2891539454 modified "2023-09-30" @default.
• W2891539454 title "VMHunt" @default.
• W2891539454 cites W10639112 @default.
• W2891539454 cites W1538186256 @default.
• W2891539454 cites W1892063863 @default.
• W2891539454 cites W1975157166 @default.
• W2891539454 cites W1975857176 @default.
• W2891539454 cites W1981033991 @default.
• W2891539454 cites W1997847700 @default.
• W2891539454 cites W2000507036 @default.
• W2891539454 cites W2002325351 @default.
• W2891539454 cites W2008453980 @default.
• W2891539454 cites W2010142027 @default.
• W2891539454 cites W2010417554 @default.
• W2891539454 cites W2025025782 @default.
• W2891539454 cites W2049629426 @default.
• W2891539454 cites W2100002952 @default.
• W2891539454 cites W2115428539 @default.
• W2891539454 cites W2117030266 @default.
• W2891539454 cites W2119251836 @default.
• W2891539454 cites W2126851641 @default.
• W2891539454 cites W2128389850 @default.
• W2891539454 cites W2131266495 @default.
• W2891539454 cites W2137530017 @default.
• W2891539454 cites W2142980910 @default.
• W2891539454 cites W2165597437 @default.
• W2891539454 cites W2167505354 @default.
• W2891539454 cites W2171035369 @default.
• W2891539454 cites W2339802588 @default.
• W2891539454 cites W2408027109 @default.
• W2891539454 cites W2514974017 @default.
• W2891539454 cites W2536319814 @default.
• W2891539454 cites W2560252021 @default.
• W2891539454 cites W2560284310 @default.
• W2891539454 cites W2586453064 @default.
• W2891539454 cites W2614925308 @default.
• W2891539454 cites W2620946705 @default.
• W2891539454 cites W2642053679 @default.
• W2891539454 cites W2670925489 @default.
• W2891539454 cites W2742249911 @default.
• W2891539454 cites W4239813889 @default.
• W2891539454 cites W62185554 @default.
• W2891539454 doi "https://doi.org/10.1145/3243734.3243827" @default.
• W2891539454 hasPublicationYear "2018" @default.
• W2891539454 type Work @default.
• W2891539454 sameAs 2891539454 @default.
• W2891539454 citedByCount "31" @default.
• W2891539454 countsByYear W28915394542018 @default.
• W2891539454 countsByYear W28915394542019 @default.
• W2891539454 countsByYear W28915394542020 @default.
• W2891539454 countsByYear W28915394542021 @default.
• W2891539454 countsByYear W28915394542022 @default.
• W2891539454 countsByYear W28915394542023 @default.
• W2891539454 crossrefType "proceedings-article" @default.
• W2891539454 hasAuthorship W2891539454A5003467063 @default.
• W2891539454 hasAuthorship W2891539454A5008435786 @default.
• W2891539454 hasAuthorship W2891539454A5025582376 @default.
• W2891539454 hasAuthorship W2891539454A5087023767 @default.
• W2891539454 hasBestOaLocation W28915394541 @default.
• W2891539454 hasConcept C111919701 @default.
• W2891539454 hasConcept C112904061 @default.
• W2891539454 hasConcept C160145156 @default.
• W2891539454 hasConcept C199360897 @default.
• W2891539454 hasConcept C25344961 @default.
• W2891539454 hasConcept C2777904410 @default.
• W2891539454 hasConcept C2779639559 @default.
• W2891539454 hasConcept C41008148 @default.
• W2891539454 hasConcept C513985346 @default.
• W2891539454 hasConcept C55439883 @default.
• W2891539454 hasConcept C68793194 @default.
• W2891539454 hasConcept C79974875 @default.
• W2891539454 hasConceptScore W2891539454C111919701 @default.
• W2891539454 hasConceptScore W2891539454C112904061 @default.
• W2891539454 hasConceptScore W2891539454C160145156 @default.
• W2891539454 hasConceptScore W2891539454C199360897 @default.
• W2891539454 hasConceptScore W2891539454C25344961 @default.
• W2891539454 hasConceptScore W2891539454C2777904410 @default.
• W2891539454 hasConceptScore W2891539454C2779639559 @default.
• W2891539454 hasConceptScore W2891539454C41008148 @default.
• W2891539454 hasConceptScore W2891539454C513985346 @default.
• W2891539454 hasConceptScore W2891539454C55439883 @default.
• W2891539454 hasConceptScore W2891539454C68793194 @default.
• W2891539454 hasConceptScore W2891539454C79974875 @default.
• W2891539454 hasFunder F4320338298 @default.
• W2891539454 hasLocation W28915394541 @default.
• W2891539454 hasOpenAccess W2891539454 @default.
• W2891539454 hasPrimaryLocation W28915394541 @default.
• W2891539454 hasRelatedWork W1950051066 @default.
• W2891539454 hasRelatedWork W1973516247 @default.
• W2891539454 hasRelatedWork W2005435933 @default.
• W2891539454 hasRelatedWork W2168735232 @default.
• W2891539454 hasRelatedWork W2540384226 @default.
• W2891539454 hasRelatedWork W2578892675 @default.

• next