Result Details
Generic detection of register realignment
ĎURFINA, L.; KOLÁŘ, D. Generic detection of register realignment. AIP Conference Proceedings. AIP conference proceedings. Kassandra, Halkidiki: American Institute of Physics, 2011. no. 1, p. 806-809. ISBN: 978-0-7354-0956-9. ISSN: 1551-7616.
Type
conference paper
Language
English
Authors
Ďurfina Lukáš, Ing., Ph.D., DIFS (FIT)
Kolář Dušan, doc. Dr. Ing., DIFS (FIT)
Kolář Dušan, doc. Dr. Ing., DIFS (FIT)
Abstract
The register realignment is a method of binary obfuscation and it is used by malware writers. The paper introduces the method how register realignment can be recognized by analysis based on the scattered context grammars. Such an analysis
includes exploration of bytes affected by realignment, finding new valid values for them, building the scattered context grammar and parse an obfuscated code by this grammar. The created grammar has LL property - an ability for parsing by this type of grammar.
Keywords
Formal languages, scattered context grammars, register realignment
URL
Published
2011
Pages
806–809
Journal
AIP conference proceedings, vol. 1389, no. 1, ISSN 1551-7616
Proceedings
AIP Conference Proceedings
Conference
9th International Conference of Numerical Analysis and Applied Mathematics
ISBN
978-0-7354-0956-9
Publisher
American Institute of Physics
Place
Kassandra, Halkidiki
BibTeX
@inproceedings{BUT76294,
author="Lukáš {Ďurfina} and Dušan {Kolář}",
title="Generic detection of register realignment",
booktitle="AIP Conference Proceedings",
year="2011",
journal="AIP conference proceedings",
volume="1389",
number="1",
pages="806--809",
publisher="American Institute of Physics",
address="Kassandra, Halkidiki",
isbn="978-0-7354-0956-9",
issn="0094-243X",
url="http://link.aip.org/link/apcpcs/v1389/i1/p806/pdf"
}
Projects
Security-Oriented Research in Information Technology, MŠMT, Institucionální prostředky SR ČR (např. VZ, VC), MSM0021630528, start: 2007-01-01, end: 2013-12-31, running
System for Support of Platform Independent Malware Analysis in Executable Files, TAČR, Program aplikovaného výzkumu a experimentálního vývoje ALFA, TA01010667, start: 2011-01-01, end: 2013-12-31, completed
System for Support of Platform Independent Malware Analysis in Executable Files, TAČR, Program aplikovaného výzkumu a experimentálního vývoje ALFA, TA01010667, start: 2011-01-01, end: 2013-12-31, completed
Research groups
Hardware-Software Codesign research group (RG LISSOM)
Departments