Abstract
Mutants produced by current metamorphic engine are divers, but they still contain shortcomings that reliably distinguish them from normal program. This paper introduces a novel binary obfuscation technique with the potential of evading both statistical and semantic detections. It transforms the binary program into mimicry executables that exhibit high similarity to benign programs in terms of statistical properties and semantic characteristics. Experimental results show that the mimicry executables are indistinguishable from benign programs in byte frequency distribution and entropy, and no false instructions produced.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: The commoditization of malware distribution. In: Proceedings of USENIX Security Sym. (2011)
Szor, P.: The art of computer virus research and defense, pp. 67–72. Symantec Press (2005)
Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Security and Privacy 5(2), 40–45 (2007)
Vishwath, M.: Frankenstein: Stithching malware from benign binaries. In: Proceedings of the 6th USENIX Conference on Offensive Technologies (WOOT 2012), pp. 8–15 (2012)
Wu, Z., Steven, G., Xie, M.: Mimimorphism: A new approach to binary code obfuscation. In: Proceedings of the 17th ACM Conference on Computer and Communications Security(CCS 2010), pp. 536–546 (2010), doi:10.1145/1866307.1866368
Wayner, P.: Mimic function. Cryptogia 16(3), 193–214 (1992)
Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Security and Privacy 5(2), 40–45 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Niu, X., Li, Q., Wang, W., Weng, X. (2013). Binary Program Statistical Features Hiding through Huffman Obfuscated Coding. In: Huang, DS., Bevilacqua, V., Figueroa, J.C., Premaratne, P. (eds) Intelligent Computing Theories. ICIC 2013. Lecture Notes in Computer Science, vol 7995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39479-9_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-39479-9_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39478-2
Online ISBN: 978-3-642-39479-9
eBook Packages: Computer ScienceComputer Science (R0)