TY - GEN
T1 - Static detection of disassembly errors
AU - Krishnamoorthy, Nithya
AU - Debray, Saumya
AU - Fligg, Keith
PY - 2009
Y1 - 2009
N2 - Static disassembly is a crucial first step in reverse engineering executable files, and there is a considerable body of work in reverse-engineering of binaries, as well as areas such as semantics-based security analysis, that assumes that the input executable has been correctly disassembled. However, disassembly errors, e.g., arising from binary obfuscations, can render this assumption invalid. This work describes a machine-learning-based approach, using decision trees, for statically identifying possible errors in a static disassembly; such potential errors may then be examined more closely, e.g., using dynamic analyses. Experimental results using a variety of input executables indicate that our approach performs well, correctly identifying most disassembly errors with relatively few false positives.
AB - Static disassembly is a crucial first step in reverse engineering executable files, and there is a considerable body of work in reverse-engineering of binaries, as well as areas such as semantics-based security analysis, that assumes that the input executable has been correctly disassembled. However, disassembly errors, e.g., arising from binary obfuscations, can render this assumption invalid. This work describes a machine-learning-based approach, using decision trees, for statically identifying possible errors in a static disassembly; such potential errors may then be examined more closely, e.g., using dynamic analyses. Experimental results using a variety of input executables indicate that our approach performs well, correctly identifying most disassembly errors with relatively few false positives.
KW - Binary analysis
KW - Disassembly
KW - Machine learning
KW - Reverse engineering
UR - http://www.scopus.com/inward/record.url?scp=73449084797&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=73449084797&partnerID=8YFLogxK
U2 - 10.1109/WCRE.2009.16
DO - 10.1109/WCRE.2009.16
M3 - Conference contribution
AN - SCOPUS:73449084797
SN - 9780769538679
T3 - Proceedings - Working Conference on Reverse Engineering, WCRE
SP - 259
EP - 268
BT - Proceedings - 16th Working Conference on Reverse Engineering, WCRE 2009
T2 - 16th Working Conference on Reverse Engineering, WCRE 2009
Y2 - 13 October 2009 through 16 October 2009
ER -