Static Detection of Disassembly Errors

12 years 4 months ago
Static Detection of Disassembly Errors
—Static disassembly is a crucial first step in reverse engineering executable files, and there is a considerable body of work in reverse-engineering of binaries, as well as areas such as semantics-based security analysis, that assumes that the input executable has been correctly disassembled. However, disassembly errors, e.g., arising from binary obfuscations, can render this assumption invalid. This work describes a machine-learning-based approach, using decision trees, for statically identifying possible errors in a static disassembly; such potential errors may then be examined more closely, e.g., using dynamic analyses. Experimental results using a variety of input executables indicate that our approach performs well, correctly identifying most disassembly errors with relatively few false positives. Keywords-disassembly; reverse engineering; binary analysis; machine learning;
Nithya Krishnamoorthy, Saumya K. Debray, Keith Fli
Added 21 May 2010
Updated 21 May 2010
Type Conference
Year 2009
Where WCRE
Authors Nithya Krishnamoorthy, Saumya K. Debray, Keith Fligg
Comments (0)