Mon 18 Jun 2018 11:00 - 11:30 at Columbus Ballroom A - Code Search

Android applications are usually obfuscated before release, making it difficult to analyze them for malware presence or intellectual property violations. Obfuscators might hide the true intent of code by renaming variables and/or modifying program structures. It is challenging to search for executables relevant to the original version of an obfuscated application for developers to analyze efficiently. Prior approaches toward obfuscation resilient search have relied on certain structural parts of apps remaining as landmarks, un-touched by obfuscation. For instance, some prior approaches have assumed that the structural relationships between identifiers are not broken by obfuscators; others have assumed that control flow graphs maintain their structures. Both approaches can be easily defeated by a motivated obfuscator. We present a new approach, MACSOP, to search for relevant programs of obfuscated executables that leverages deep learning and principle features on instructions. MACSOP makes few assumptions about the kinds of modifications that an obfuscator might perform. We show that it has high search precision for executables obfuscated by a state-of-the-art obfuscator that changes control ow and inserts new methods. Further, we also demonstrate the potential of MACSOP to help developers understand executables without analyzing them, where MACSOP infers keywords (which are from un-obfuscated programs) for obfuscated executables.

Mon 18 Jun

mapl-2018-papers
11:00 - 12:00: MAPL 2018 - Code Search at Columbus Ballroom A
mapl-2018-papers11:00 - 11:30
Talk
Fang-Hsiang SuColumbia University, New York, Jonathan BellGeorge Mason University, Gail KaiserColumbia University, New York, Baishakhi RayColumbia University, New York
mapl-2018-papers11:30 - 12:00
Talk
Saksham SachdevFacebook, Hongyu LiRice University, Sifei LuanFacebook, Seohyun KimFacebook, Koushik SenUniversity of California, Berkeley, Satish ChandraFacebook