Machine Learning Classification of Obfuscation using Image Visualization

Colby Parker; J. McDonald; Dimitrios Damopoulos

doi:10.5220/0010607408540859

Machine Learning Classification of Obfuscation using Image Visualization

Colby Parker, J. McDonald, Dimitrios Damopoulos

2021

Abstract

As the need for new techniques to analyze obfuscated software has grown, recent work has shown the ability to analyze programs via machine learning in order to perform automated metadata recovery. Often these techniques really on disassembly or other means of direct code analysis. We showcase an approach combining code visualization and image analysis via convolutional neural networks capable of statically classifying obfuscation transformations. By first turning samples into gray scale images, we are able to analyze the structure and side effects of transformations used in the software with no heavy code analysis or feature preparation. With experimental results samples produced with the Tigress and OLLVM obfuscators, our models are capable of labeling transformations with F1-scores between 90% and 100% across all tests. We showcase our approach via models designed as both a binary classification problem as well as a multi label and multi output problem. We retain high performance even in the presence of multiple transformations in a file.

Download

Paper Citation

in Harvard Style

Parker C., McDonald J. and Damopoulos D. (2021). Machine Learning Classification of Obfuscation using Image Visualization. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 854-859. DOI: 10.5220/0010607408540859

in Bibtex Style

@conference{secrypt21,
author={Colby Parker and J. McDonald and Dimitrios Damopoulos},
title={Machine Learning Classification of Obfuscation using Image Visualization},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={854-859},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010607408540859},
isbn={978-989-758-524-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Machine Learning Classification of Obfuscation using Image Visualization
SN - 978-989-758-524-1
AU - Parker C.
AU - McDonald J.
AU - Damopoulos D.
PY - 2021
SP - 854
EP - 859
DO - 10.5220/0010607408540859