SoK: use of cryptography in malware obfuscation

Hassan Asghar, Benjamin Zhao, Muhammad Ikram, Duc Linh Giang Nguyen, Dali Kaafar, Sean Lamont, Daniel Coscia

Research output: Contribution to conferencePaperpeer-review

Abstract

We look at the use of cryptography to obfuscate malware. Most surveys on malware obfuscation only discuss simple encryption techniques (e.g., XOR encryption), which are easy to defeat (in principle), since the decryption algorithm and the key is shipped
within the program. This SoK proposes a principled definition of malware obfuscation, and categorises instances of malware obfuscation that use cryptographic tools into those which evade detection and those which are detectable. The SoK first examines easily detectable schemes such as string encryption, class encryption and XOR encoding, found in most obfuscated malware. It then details schemes that can be shown to be hard to break, such as the use of environmental keying. We also analyse formal cryptographic obfuscation, i.e., the notions of indistinguishability and virtual black box obfuscation, from the lens of our proposed model on malware obfuscation.
Original languageEnglish
Publication statusSubmitted - 31 Aug 2022
EventAsia Computer Communication Security Conference - Melbourne, Australia, Melbourne, Australia
Duration: 10 Jul 202314 Jul 2023
Conference number: 14
https://asiaccs2023.org/

Conference

ConferenceAsia Computer Communication Security Conference
Abbreviated titleAsiaCCS
Country/TerritoryAustralia
CityMelbourne
Period10/07/2314/07/23
Internet address

Fingerprint

Dive into the research topics of 'SoK: use of cryptography in malware obfuscation'. Together they form a unique fingerprint.

Cite this