Title :
Static Detection of Disassembly Errors
Author :
Krishnamoorthy, Nithya ; Debray, Saumya ; Fligg, Keith
Author_Institution :
Dept. of Comput. Sci., Univ. of Arizona, Tucson, AZ, USA
Abstract :
Static disassembly is a crucial first step in reverse engineering executable files, and there is a considerable body of work in reverse-engineering of binaries, as well as areas such as semantics-based security analysis, that assumes that the input executable has been correctly disassembled. However, disassembly errors, e.g., arising from binary obfuscations, can render this assumption invalid. This work describes a machine-learning-based approach, using decision trees, for statically identifying possible errors in a static disassembly; such potential errors may then be examined more closely, e.g., using dynamic analyses. Experimental results using a variety of input executables indicate that our approach performs well, correctly identifying most disassembly errors with relatively few false positives.
Keywords :
decision trees; learning (artificial intelligence); program diagnostics; reverse engineering; security of data; decision tree; dynamic analysis; machine learning; reverse engineering; semantics-based security analysis; static disassembly error detection; Computer errors; Computer science; Computer security; Decision trees; Decoding; Encoding; Error correction; Information analysis; Machine learning; Reverse engineering; binary analysis; disassembly; machine learning; reverse engineering;
Conference_Titel :
Reverse Engineering, 2009. WCRE '09. 16th Working Conference on
Conference_Location :
Lille
Print_ISBN :
978-0-7695-3867-9
DOI :
10.1109/WCRE.2009.16
