• Title/Summary/Keyword: obfuscate

Search Result 8, Processing Time 0.018 seconds

An Efficient Android Code Obfuscate (효율적인 안드로이드 코드 난독화 기법)

  • Jung, Hyo-Ran;Lee, Su-Hyun
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2014.07a
    • /
    • pp.57-59
    • /
    • 2014
  • 공개 플랫폼을 지향하는 안드로이드는 손쉽게 안드로이드 설치파일(APK)를 얻을 수 있어 디컴파일 하기 쉽다. 보안에 민감한 금융 앱이나 웹서버를 이용하여 데이터를 주고받는 앱일 경우 역공학을 통해 얻는 정보가 매우 위험할 수 있다. 이러한 문제는 최근에 사회적 큰 이슈가 되기 때문에 안드로이드 코드 보안에 유의해야 한다. 이 논문에서는 안드로이드 코드 난독화의 동향과 안드로이드에서 제공하는 프로가드의 기술에 대해서 알아보고 프로가드의 한계에 대해서 파악한 후 향후 안드로이드 코드 난독화 개선 방법에 대해서 알아본다.

  • PDF

Security Threat Analysis for Remote Monitoring and Control Functions of Connected Car Services

  • Jin Kim;Jinho Yoo
    • Journal of Information Processing Systems
    • /
    • v.20 no.2
    • /
    • pp.173-184
    • /
    • 2024
  • The connected car services are one of the most widely used services in the Internet of Things environment, and they provide numerous services to existing vehicles by connecting them through networks inside and outside the vehicle. However, although vehicle manufacturers are developing services considering the means to secure the connected car services, concerns about the security of the connected car services are growing due to the increasing number of attack cases. In this study, we reviewed the research related to the connected car services that have been announced so far, and we identified the threats that may exist in the connected car services through security threat modeling to improve the fundamental security level of the connected car services. As a result of performing the test to the applications for connected car services developed by four manufacturers, we found that all four companies' applications excessively requested unnecessary permissions for application operation, and the apps did not obfuscate the source code. Additionally, we found that there were still vulnerabilities in application items such as exposing error messages and debugging information.

An analysis of vulnerability and the method to secure on Android SNS applications from alteration of the code segments (안드로이드 기반 SNS 어플리케이션의 코드 변조를 통한 취약점 분석 및 보안 기법 연구)

  • Lee, Sang Ho;Ju, Da Young
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.2
    • /
    • pp.213-221
    • /
    • 2013
  • According to the rapid growth of the number of SNS(Social Networking Service) applications based on Android OS, the importance of its security is also raised. Especially, many applications using KaKaoTalk platform has been released in these days, and these are top ranked in the relative markets. However, security issues on SNS applications have not been resolved clearly. Therefore, it is crucial to provide means to cope with the security threats posed by code-segment modification in the development stage of Android OS based SNS applications. In this paper, we analyze the security threats by modifying SNS application code segments and suggest effective security techniques.

Breaking character and natural image based CAPTCHA using feature classification (특징 분리를 통한 자연 배경을 지닌 글자 기반 CAPTCHA 공격)

  • Kim, Jaehwan;Kim, Suah;Kim, Hyoung Joong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.1011-1019
    • /
    • 2015
  • CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart) is a test used in computing to distinguish whether or not the user is computer or human. Many web sites mostly use the character-based CAPTCHA consisting of digits and characters. Recently, with the development of OCR technology, simple character-based CAPTCHA are broken quite easily. As an alternative, many web sites add noise to make it harder for recognition. In this paper, we analyzed the most recent CAPTCHA, which incorporates the addition of the natural images to obfuscate the characters. We proposed an efficient method using support vector machine to separate the characters from the background image and use convolutional neural network to recognize each characters. As a result, 368 out of 1000 CAPTCHAs were correctly identified, it was demonstrated that the current CAPTCHA is not safe.

Design and implementation of Android obfuscation technique using layout file transformation (레이아웃 파일 변환을 이용한 안드로이드 난독화 기법의 설계 및 구현)

  • Park, Heewan
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.11
    • /
    • pp.1-7
    • /
    • 2020
  • Android apps are mostly distributed as an apk files, and when the apk file is uncompressed, resource files such as xml files, images, and sounds related to app design can be extracted. If the resources of banking or finance-related apps are stolen and fake apps are distributed, personal information could be stolen or financial fraud may occur. Therefore, it is necessary to make it difficult to steal the design as well as the code when distributing the app. In this paper, we implemented a tool to convert the xml file into Java code and obfuscate using the Proguard, and evaluated the execution performance. If the layout obfuscation technique proposed in this paper is used, it is expected that the app operation performance can be improved and the illegal copying damage caused by the theft of the screen design can be prevented.

De-Obfuscated Scheme for Obfuscation Techniques Based on Trampoline Code (트램폴린 코드 기반의 난독화 기법을 위한 역난독화 시스템)

  • Minho Kim;Jeong Hyun Yi;Haehyun Cho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.6
    • /
    • pp.1043-1053
    • /
    • 2023
  • Malware analysts work diligently to analyze and counteract malware, while developers persistently devise evasion tactics, notably through packing and obfuscation techniques. Although previous works have proposed general unpacking approaches, they inadequately address techniques like OEP obfuscation and API obfuscation employed by modern packers, leading to occasional failures during the unpacking process. This paper examines the OEP and API obfuscation techniques utilized by various packers and introduces a system designed to automatically de-obfuscate them. The system analyzes the memory of packed programs, detects trampoline codes, and identifies obfuscated information, for program reconstruction. Experimental results demonstrate the effectiveness of our system in de-obfuscating programs that have undergone OEP and API obfuscation techniques.

A Method for Generating Malware Countermeasure Samples Based on Pixel Attention Mechanism

  • Xiangyu Ma;Yuntao Zhao;Yongxin Feng;Yutao Hu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.18 no.2
    • /
    • pp.456-477
    • /
    • 2024
  • With information technology's rapid development, the Internet faces serious security problems. Studies have shown that malware has become a primary means of attacking the Internet. Therefore, adversarial samples have become a vital breakthrough point for studying malware. By studying adversarial samples, we can gain insights into the behavior and characteristics of malware, evaluate the performance of existing detectors in the face of deceptive samples, and help to discover vulnerabilities and improve detection methods for better performance. However, existing adversarial sample generation methods still need help regarding escape effectiveness and mobility. For instance, researchers have attempted to incorporate perturbation methods like Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), and others into adversarial samples to obfuscate detectors. However, these methods are only effective in specific environments and yield limited evasion effectiveness. To solve the above problems, this paper proposes a malware adversarial sample generation method (PixGAN) based on the pixel attention mechanism, which aims to improve adversarial samples' escape effect and mobility. The method transforms malware into grey-scale images and introduces the pixel attention mechanism in the Deep Convolution Generative Adversarial Networks (DCGAN) model to weigh the critical pixels in the grey-scale map, which improves the modeling ability of the generator and discriminator, thus enhancing the escape effect and mobility of the adversarial samples. The escape rate (ASR) is used as an evaluation index of the quality of the adversarial samples. The experimental results show that the adversarial samples generated by PixGAN achieve escape rates of 97%, 94%, 35%, 39%, and 43% on the Random Forest (RF), Support Vector Machine (SVM), Convolutional Neural Network (CNN), Convolutional Neural Network and Recurrent Neural Network (CNN_RNN), and Convolutional Neural Network and Long Short Term Memory (CNN_LSTM) algorithmic detectors, respectively.

Implementation of the Automated De-Obfuscation Tool to Restore Working Executable (실행 파일 형태로 복원하기 위한 Themida 자동 역난독화 도구 구현)

  • Kang, You-jin;Park, Moon Chan;Lee, Dong Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.4
    • /
    • pp.785-802
    • /
    • 2017
  • As cyber threats using malicious code continue to increase, many security and vaccine companies are putting a lot of effort into analysis and detection of malicious codes. However, obfuscation techniques that make software analysis more difficult are applied to malicious codes, making it difficult to respond quickly to malicious codes. In particular, commercial obfuscation tools can quickly and easily generate new variants of malicious codes so that malicious code analysts can not respond to them. In order for analysts to quickly analyze the actual malicious behavior of the new variants, reverse obfuscation(=de-obfuscation) is needed to disable obfuscation. In this paper, general analysis methodology is proposed to de-obfuscate the software used by a commercial obfuscation tool, Themida. First, We describe operation principle of Themida by analyzing obfuscated executable file using Themida. Next, We extract original code and data information of executable from obfuscated executable using Pintool, DBI(Dynamic Binary Instrumentation) framework, and explain the implementation results of automated analysis tool which can deobfuscate to original executable using the extracted original code and data information. Finally, We evaluate the performance of our automated analysis tool by comparing the original executable with the de-obfuscated executable.