Design and Evaluation of the De-obfuscation Method against the Identifier Renaming Methods

DOI

10.2991/ijndc.2018.6.4.6How to use a DOI?

Keywords

De-obfuscation; identifier renaming method; software protection; random forest

Abstract

The Identifier Renaming Method (IRM) is a well-used obfuscation method since almost obfuscation tools use the algorithm, and easy to implement. The IRM transforms the identifier names in the programs to meaningless names in order to hard to understand. However, the evaluations against attacks such as de-obfuscation were not conducted. Therefore, this paper proposes the method for restoring the verbs in method names from identifier renamed programs. This approach is one of the attack of the de-obfuscation, thus, this paper evaluates IRM tolerance against the attack. From the experimental evaluation, the proposed method can restore the 49.71% of method names to the original verbs. Furthermore, focusing on the meanings of verbs, the proposed method recommends the verbs of similar meanings to the original verbs in 57.01% of methods.

Copyright

© 2018 The Authors. Published by Atlantis Press SARL.

Open Access

This is an open access article under the CC BY-NC license (http://creativecommons.org/licences/by-nc/4.0/).

Download article (PDF)
View full text (HTML)

TY  - JOUR
AU  - Yosuke Isobe
AU  - Haruaki Tamada
PY  - 2018
DA  - 2018/09/28
TI  - Design and Evaluation of the De-obfuscation Method against the Identifier Renaming Methods
JO  - International Journal of Networked and Distributed Computing
SP  - 232
EP  - 238
VL  - 6
IS  - 4
SN  - 2211-7946
UR  - https://doi.org/10.2991/ijndc.2018.6.4.6
DO  - 10.2991/ijndc.2018.6.4.6
ID  - Isobe2018
ER  -