Title :
An obfuscation method to build a fake call flow graph by hooking method calls
Author :
Fukuda, Kenji ; Tamada, Haruaki
Author_Institution :
Div. of Frontier Inf., Kyoto Sangyo Univ., Kyoto, Japan
fDate :
June 30 2014-July 2 2014
Abstract :
This paper proposes an obfuscation method against illegal analysis. The proposed method tries to build a fake call flow graph from debugging tools. The call flow graph represents relations among methods, and helps understanding of a program. The fake call flow graph leads misunderstanding of the program. We focus on a hook mechanism of the method call for changing a callee. We conduct two experiments to evaluate the proposed method. First experiment simulates attacks by existing tools: Soot, jad, Procyon, and Krakatau. The Procyon only succeeded decompilation, the others crashed. Second experiment evaluates understandability of the obfuscated program by the hand. Only one subject in the nine subjects answered the correct value. The experiments shows the proposed method has good tolerance against existing tools, and high difficulty of understanding even if the target program is tiny and simple program.
Keywords :
flow graphs; program debugging; software tools; Krakatau; Procyon; Soot; debugging tools; fake call flow graph; hooking method calls; illegal analysis; jad; obfuscation method; Buildings; DVD; Educational institutions; Flow graphs; Java; Runtime; Software; Call Flow Graph; Hook Mechanism; Java 7; Obfuscation;
Conference_Titel :
Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2014 15th IEEE/ACIS International Conference on
Conference_Location :
Las Vegas, NV
DOI :
10.1109/SNPD.2014.6888726
