Skip to main content
SpringerLink
Log in

Binary Program Statistical Features Hiding through Huffman Obfuscated Coding

  • Conference paper
Intelligent Computing Theories (ICIC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7995))

Included in the following conference series:

Abstract

Mutants produced by current metamorphic engine are divers, but they still contain shortcomings that reliably distinguish them from normal program. This paper introduces a novel binary obfuscation technique with the potential of evading both statistical and semantic detections. It transforms the binary program into mimicry executables that exhibit high similarity to benign programs in terms of statistical properties and semantic characteristics. Experimental results show that the mimicry executables are indistinguishable from benign programs in byte frequency distribution and entropy, and no false instructions produced.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: The commoditization of malware distribution. In: Proceedings of USENIX Security Sym. (2011)

    Google Scholar 

  2. Szor, P.: The art of computer virus research and defense, pp. 67–72. Symantec Press (2005)

    Google Scholar 

  3. Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Security and Privacy 5(2), 40–45 (2007)

    Article  Google Scholar 

  4. Vishwath, M.: Frankenstein: Stithching malware from benign binaries. In: Proceedings of the 6th USENIX Conference on Offensive Technologies (WOOT 2012), pp. 8–15 (2012)

    Google Scholar 

  5. Wu, Z., Steven, G., Xie, M.: Mimimorphism: A new approach to binary code obfuscation. In: Proceedings of the 17th ACM Conference on Computer and Communications Security(CCS 2010), pp. 536–546 (2010), doi:10.1145/1866307.1866368

    Google Scholar 

  6. Wayner, P.: Mimic function. Cryptogia 16(3), 193–214 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  7. Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Security and Privacy 5(2), 40–45 (2007)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Digital Switching System Engineering and Technological Research Center, Zhengzhou, China

    Xiaopeng Niu, Qingbao Li, Wei Wang & Xiaokang Weng

Authors
  1. Xiaopeng Niu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qingbao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaokang Weng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Machine Learning and Systems Biology Laboratory, Tongji University, 4800 Caoan Road, 201804, Shanghai, China

    De-Shuang Huang

  2. Electrical and Electronics Department, Polytechnic of Bari, Via Orabona 4, 70125, Bari, Italy

    Vitoantonio Bevilacqua

  3. Faculty of Engineering, District University Francisco José de Caldas, Cra. 7a No. 40-53, Fifth Floor, Bogotá, Colombia

    Juan Carlos Figueroa

  4. School of Electrical, Computer and Telecommunications Engineering, The University of Wollongong, 2522, North Wollongong, NSW, Australia

    Prashan Premaratne

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Niu, X., Li, Q., Wang, W., Weng, X. (2013). Binary Program Statistical Features Hiding through Huffman Obfuscated Coding. In: Huang, DS., Bevilacqua, V., Figueroa, J.C., Premaratne, P. (eds) Intelligent Computing Theories. ICIC 2013. Lecture Notes in Computer Science, vol 7995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39479-9_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-39479-9_33

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-39478-2

  • Online ISBN: 978-3-642-39479-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation