Static Detection of Disassembly Errors

W
WCRE
2009
2009 16th Working Conference on Reverse Engineering
Abstract - Static Detection of Disassembly Errors

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Nithya Krishnamoorthy Articles by Saumya Debray Articles by Keith Fligg

2009 16th Working Conference on Reverse Engineering

Lille, France

October 13-October 16

ISBN: 978-0-7695-3867-9

	ASCII Text	x
	Nithya Krishnamoorthy, Saumya Debray, Keith Fligg, "Static Detection of Disassembly Errors," Reverse Engineering, Working Conference on, pp. 259-268, 2009 16th Working Conference on Reverse Engineering, 2009.

	BibTex	x
	@article{ 10.1109/WCRE.2009.16, author = {Nithya Krishnamoorthy and Saumya Debray and Keith Fligg}, title = {Static Detection of Disassembly Errors}, journal ={Reverse Engineering, Working Conference on}, volume = {0}, year = {2009}, issn = {1095-1350}, pages = {259-268}, doi = {http://doi.ieeecomputersociety.org/10.1109/WCRE.2009.16}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Reverse Engineering, Working Conference on TI - Static Detection of Disassembly Errors SN - 1095-1350 SP259 EP268 A1 - Nithya Krishnamoorthy, A1 - Saumya Debray, A1 - Keith Fligg, PY - 2009 KW - disassembly KW - reverse engineering KW - binary analysis KW - machine learning VL - 0 JA - Reverse Engineering, Working Conference on ER -

Nithya Krishnamoorthy

Saumya Debray

Keith Fligg

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/WCRE.2009.16

Static disassembly is a crucial first step in reverse engineering executable files, and there is a considerable body of work in reverse-engineering of binaries, as well as areas such as semantics-based security analysis, that assumes that the input executable has been correctly disassembled. However, disassembly errors, e.g., arising from binary obfuscations, can render this assumption invalid. This work describes a machine-learning-based approach, using decision trees, for statically identifying possible errors in a static disassembly; such potential errors may then be examined more closely, e.g., using dynamic analyses. Experimental results using a variety of input executables indicate that our approach performs well, correctly identifying most disassembly errors with relatively few false positives.

Index Terms:

disassembly, reverse engineering, binary analysis, machine learning

Citation:

Nithya Krishnamoorthy, Saumya Debray, Keith Fligg, "Static Detection of Disassembly Errors," wcre, pp.259-268, 2009 16th Working Conference on Reverse Engineering, 2009

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.