REDIR: Automated static detection of obfuscated anti-debugging techniques. Smith, A. J., Mills, R. F., Bryant, A. R., Peterson, G. L., & Grimaila, M. R. In 2014 International Conference on Collaboration Technologies and Systems (CTS), pages 173–180, Minneapolis, MN, USA, May, 2014. IEEE.
REDIR: Automated static detection of obfuscated anti-debugging techniques [link]Paper  doi  abstract   bibtex   
Reverse Code Engineering (RCE) to detect anti-debugging techniques in software is a very difficult task. Code obfuscation is an anti-debugging technique makes detection even more challenging. The Rule Engine Detection by Intermediate Representation (REDIR) system for automated static detection of obfuscated anti-debugging techniques is a prototype designed to help the RCE analyst improve performance through this tedious task. Three tenets form the REDIR foundation. First, Intermediate Representation (IR) improves the analyzability of binary programs by reducing a large instruction set down to a handful of semantically equivalent statements. Next, an Expert System (ES) ruleengine searches the IR and initiates a sensemaking process for anti-debugging technique detection. Finally, an IR analysis process confirms the presence of an anti-debug technique. The REDIR system is implemented as a debugger plug-in. Within the debugger, REDIR interacts with a program in the disassembly view. Debugger users can instantly highlight anti-debugging techniques and determine if the presence of a debugger will cause a program to take a conditional jump or fall through to the next instruction.
@inproceedings{smith_redir_2014,
	address = {Minneapolis, MN, USA},
	title = {{REDIR}: {Automated} static detection of obfuscated anti-debugging techniques},
	isbn = {978-1-4799-5158-1 978-1-4799-5157-4 978-1-4799-5156-7},
	shorttitle = {{REDIR}},
	url = {http://ieeexplore.ieee.org/document/6867561/},
	doi = {10.1109/CTS.2014.6867561},
	abstract = {Reverse Code Engineering (RCE) to detect anti-debugging techniques in software is a very difficult task. Code obfuscation is an anti-debugging technique makes detection even more challenging. The Rule Engine Detection by Intermediate Representation (REDIR) system for automated static detection of obfuscated anti-debugging techniques is a prototype designed to help the RCE analyst improve performance through this tedious task. Three tenets form the REDIR foundation. First, Intermediate Representation (IR) improves the analyzability of binary programs by reducing a large instruction set down to a handful of semantically equivalent statements. Next, an Expert System (ES) ruleengine searches the IR and initiates a sensemaking process for anti-debugging technique detection. Finally, an IR analysis process confirms the presence of an anti-debug technique. The REDIR system is implemented as a debugger plug-in. Within the debugger, REDIR interacts with a program in the disassembly view. Debugger users can instantly highlight anti-debugging techniques and determine if the presence of a debugger will cause a program to take a conditional jump or fall through to the next instruction.},
	language = {en},
	urldate = {2020-05-21},
	booktitle = {2014 {International} {Conference} on {Collaboration} {Technologies} and {Systems} ({CTS})},
	publisher = {IEEE},
	author = {Smith, Adam J. and Mills, Robert F. and Bryant, Adam R. and Peterson, Gilbert L. and Grimaila, Michael R.},
	month = may,
	year = {2014},
	pages = {173--180}
}
Downloads: 0
About
Documentation
Keywords
Search
Users
Terms and Conditions of Use
Privacy Policy
Sitemap
© BibBase.org 2021