Pinpointing and hiding surprising fragments in an obfuscated program

Yuichiro Kanzaki, Clark Thomborson, Akito Monden, Christian Collberg

Research output: Chapter in Book/Report/Conference proceedingConference contribution


In this paper, we propose a pinpoint-hide defense method, which aims to improve the stealth of obfuscated code. In the pinpointing process, we scan the obfuscated code in a few small code fragment level and identify all surprising fragments, that is, very unusual fragments which may draw the attention of an attacker to the obfuscated code. In the hiding process, we transform the pinpointed surprising fragments into unsurprising ones while preserving semantics. The obfuscated code transformed by our method consists only by unsurprising code fragments, therefore is more difficult for attackers to be distinguished from unobfuscated code than the original. In the case study, we apply our pinpoint-hide method to some programs transformed by well-known obfuscation techniques. The result shows our method can pinpoint surprising fragments such as dummy code that does not fit in the context of the program, and instructions used in a complicated arithmetic expression. We also confirm that instruction camouflage can make the pinpointed surprising fragments unsurprising ones, and that it runs correctly.

Original languageEnglish (US)
Title of host publicationProceedings of the 5th Program Protection and Reverse Engineering Workshop, PPREW 2015 - Software Security and Protection Workshop 2015, SSP 2015
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450336420
StatePublished - Dec 8 2015
Event5th Program Protection and Reverse Engineering Workshop, PPREW 2015 - Los Angeles, United States
Duration: Dec 8 2015 → …

Publication series

NameACM International Conference Proceeding Series


Other5th Program Protection and Reverse Engineering Workshop, PPREW 2015
Country/TerritoryUnited States
CityLos Angeles
Period12/8/15 → …


  • Code obfuscation
  • Code stealth
  • N-gram
  • Program analysis
  • Software protection

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications


Dive into the research topics of 'Pinpointing and hiding surprising fragments in an obfuscated program'. Together they form a unique fingerprint.

Cite this