Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (1): 393-400.doi: 10.11896/jsjkx.231100181

• Information Security • Previous Articles     Next Articles

Anti-semantic Analysis Script Fusion Technology

TIAN Bowen1,2, YANG Ju2, XIONG Xiaobing2, DUAN Shuang2, WEI Ran2   

  1. 1 School of Cyber Science and Engineering,Zhengzhou University,Zhengzhou 450001,China
    2 School of Cyber Science and Engineering,Information Engineering University,Zhengzhou 450001,China
  • Received:2023-11-27 Revised:2024-05-03 Online:2025-01-15 Published:2025-01-09
  • About author:TIAN Bowen,born in 1999,master.His main research interests include reverse engineering and software protection.
    XIONG Xiaobing,born in 1985,Ph.D,associate professor.His main research interests include reverse engineering and software protection.

PDF (PC)

126

Abstract: In recent years,script programs have been widely used in the field of computer science.Script programs are increasingly being used in the current network environment due to their powerful functionality and high execution efficiency,simpler writing and smaller file size than binary programs.Currently,the main types of script obfuscation techniques include encoding obfuscation,structural obfuscation,and encryption obfuscation.However,existing script obfuscation methods have obvious features and are at risk of being deobfuscated.Once a script is deobfuscated,its functionality can be easily analyzed and understood.To address this issue,an anti-semantic analysis script fusion technique is proposed.By deeply merging camouflage code with the target code that needs to be protected after dividing them into blocks,the fused code contains the code from both scripts,and the semantics and logic of different scripts are intertwined and interdependent,making semantic analysis more difficult.Understanding and analyzing the fused code requires stronger semantic reasoning and contextual understanding capabilities.Experimental results on PowerShell scripts show that the control flow complexity of the fused script programs is increased by 81.51% on average,and the obfuscation strength of the code is greatly enhanced.This technique effectively blurs the script’s semantics,alters control flow characteristics,and performs well in the face of semantic analysis by ChatGPT.

Key words: Code protection, Obfuscation, Code division, Fuse, Script program

CLC Number: 

  • TP311
[1]SUDHAKAR,KUMAR S.An emerging threat Fileless mal-ware:a survey and research challenges[J].Cybersecurity,2020,3(1):1.
[2]CHAI H,YING L,DUAN H,et al.Invoke-deobfuscation:AST-based and semantics-preserving deobfuscation for PowerShell scripts[C]//2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks(DSN).IEEE,2022:295-306.
[3]MIMURA M,TAJIRI Y.Static detection of malicious Power-Shell based on word embeddings[J].Internet of Things,2021,15:100404.
[4]RUSAK G,AL-DUJAILI A,O′REILLY U M.Ast-based deep learning for detecting malicious powershell[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:2276-2278.
[5]HENDLER D,KELS S,RUBIN A.Detecting malicious powershell commands using deep neural networks[C]//Proceedings of the 2018 on Asia Conference on Computer and Communications Security.2018:187-197.
[6]BLANC G,KADOBAYASHI Y.A step towards static scriptmalware abstraction:Rewriting obfuscated script with maude[J].IEICE Transactions on Information and Systems,2011,94(11):2159-2166.
[7]HERRERA A.Optimizing away javascript obfuscation[C]//2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation(SCAM).IEEE,2020:215-220.
[8]LIU W Y,FU A Y,DENG X.Exposing homograph obfuscation intentions by coloring unicode strings[C]//Asia-Pacific Web Conference.Berlin:Springer,2008:275-286.
[9]SHARIF M I,LANZI A,GIFFIN J T,et al.Impeding Malware Analysis Using Conditional Code Obfuscation[C]//NDSS.2008.
[10]FASS A,BACKES M,STOCK B.Hidenoseek:Camouflagingmalicious javascript in benign asts[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.2019:1899-1913.
[11]BOHANNON D,HOLMES L.Revoke-obfuscation:powershell obfuscation detection using science[J/OL].https://www.blackhat.com/docs/us-17/thursday/us-17-Bohannon-Revoke-Obfuscation-PowerShell-Obfuscation-Detection-And%20Evasion-Using-Science-wp.pdf.
[12]ISMANTO R N,SALMAN M.Improving security level through obfuscation technique for source code protection using AES algorithm[C]//Proceedings of the 2017 the 7th International Conference on Communication and Network Security.2017:18-22.
[13]COLLBERG C S,THOMBORSON C.Watermarking,tamper-proofing,and obfuscation-tools for software protection[J].IEEE Transactions on Software Engineering,2002,28(8):735-746.
[14]LYNN B,PRABHAKARAN M,SAHAI A.Positive results and techniques for obfuscation[C]//International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2004:20-39.
[15]CHEN Z,JIA C,XU D.Hidden path:dynamic software watermarking based on control flow obfuscation[C]//2017 IEEE International Conference on Computational Science and Enginee-ring(CSE) and IEEE International Conference on Embedded and Ubiquitous Computing(EUC).IEEE,2017,2:443-450.
[16]XIONG X B,SHU H,KANG F.Method of diversity software protection based on fusion compilation[J].Chinese Journal of Network and Information Security,2020,6(6):13-24.
[17]YU P,SHU H,XIONG X B,et al.Implicit Code ObfuscationTechnique Based on Code Slice Fusion[J].Journal of Software,2023,34(4):1650-1665.
[18]WU T,HE S,LIU J,et al.A brief overview of ChatGPT:The history,status quo and potential future development[J].IEEE/CAA Journal of Automatica Sinica,2023,10(5):1122-1136.
[19]LIU Y,HAN T,MA S,et al.Summary of chatgpt-related research and perspective towards the future of large language models[J].Meta-Radiology,20231(2):100017.
[20]ZHOU C,LI Q,LI C,et al.A comprehensive survey on pre-trained foundation models:A history from bert to chatgpt[J].arXiv:2302.09419,2023.
[21]MCCABE T J.A complexity measure[J].IEEE Transactions on software Engineering,1976(4):308-320.
[22]ZHAO Y J,TANG Z Y,WANG N,et al.Evaluation of code obfuscating transformation[J].Journal of Software,2012,23(3):700-711.
[23]BROWN T,MANN B,RYDER N,et al.Language models arefew-shot learners[J].Advances in Neural Information Proces-sing Systems,2020,33:1877-1901.
[24]WEI J,WANG X,SCHUURMANS D,et al.Chain-of-thought prompting elicits reasoning in large language models[J].Advances in Neural Information Processing Systems,2022,35:24824-24837.
[1] FAN Yi, HU Tao, YI Peng. Host Anomaly Detection Framework Based on Multifaceted Information Fusion of SemanticFeatures for System Calls [J]. Computer Science, 2024, 51(7): 380-388.
[2] WANG Yufang, LE Deguang, Jack TAN, XIAO Le, GONG Shengrong. Opaque Predicate Construction Algorithm Without Size Constraints [J]. Computer Science, 2023, 50(8): 352-358.
[3] YUAN Jiangfeng, LI Haoxiang, YOU Wei, HUANG Jianjun, SHI Wenchang, LIANG Bin. Locating Third-party Library Functions in Obfuscated Applications [J]. Computer Science, 2023, 50(7): 293-301.
[4] YU Jiuyang, ZHANG Dean, DAI Yaonan, HU Tianhao, XIA Wenfeng. Image Super-resolution Reconstruction Based on Structured Fusion Attention Network [J]. Computer Science, 2023, 50(6A): 220600240-5.
[5] LI Chen, WAN Yuan. Study on Time Series Shapelets Extraction Based on Optimization and Two-phase Filtering [J]. Computer Science, 2023, 50(2): 146-157.
[6] HE Yuan, XING Chang-you, ZHANG Guo-min, SONG Li-hua, YU Hang. Differential Privacy Based Fingerprinting Obfuscation Mechanism Towards NetworkReconnaissance Deception [J]. Computer Science, 2022, 49(11): 351-359.
[7] MA Bin, HOU Jin-cheng, WANG Chun-peng, LI Jian, SHI Yun-qing. High Capacity Reversible Data Hiding Algorithm for Audio Files Based on Code Division Multiplexing [J]. Computer Science, 2021, 48(9): 298-305.
[8] XU Hao, LIU Yue-lei. UAV Sound Recognition Algorithm Based on Deep Learning [J]. Computer Science, 2021, 48(7): 225-232.
[9] LIU Ya-qun, XING Chang-you, GAO Ya-zhuo, ZHANG Guo-min. TopoObfu:A Network Topology Obfuscation Mechanism to Defense Network Reconnaissance [J]. Computer Science, 2021, 48(10): 278-285.
[10] WANG Cheng-zhang, BAI Xiao-ming, DU Jin-li. Diffuse Interface Based Unsupervised Images Clustering Algorithm [J]. Computer Science, 2020, 47(5): 149-153.
[11] XI Chen-jing,GAO Yuan-yuan,SHA Nan. Performance Study on Constellation Obfuscation Design Method for Physical Layer Security [J]. Computer Science, 2020, 47(3): 304-311.
[12] SU Qing, LIN Ze-ming, LIN Zhi-yi, HUANG Jian-feng. Code Obfuscation Effectiveness Assessment Model Based on Nonlinear Fuzzy Matrices [J]. Computer Science, 2019, 46(4): 197-202.
[13] ZHANG Yu-jia, PANG Jian-min, ZHANG Zheng and WU Jiang-xing. Mimic Security Defence Strategy Based on Software Diversity [J]. Computer Science, 2018, 45(2): 215-221.
[14] LI Lei, JIA Hui-wen, BAN Xue-hua and HE Yu-fan. Obfuscation-based Broadcasting Multi-signature Scheme [J]. Computer Science, 2017, 44(Z11): 329-333.
[15] SU Qing and SUN Jin-tian. Research on Opaque Predicate Obfuscation Technique Based on Chaotic Opaque Expression [J]. Computer Science, 2017, 44(12): 114-114.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.