Home » Publications

Category Archives: Publications

Obfuscation Resilient Search through Executable Classification

Android applications are usually obfuscated before release,
making it difficult to analyze them for malware presence or
intellectual property violations. Obfuscators might hide the
true intent of code by renaming variables and/or modifying
program structures. It is challenging to search for executables
relevant to an obfuscated application for developers to analyze
efficiently. Prior approaches toward obfuscation resilient
search have relied on certain structural parts of apps remaining
as landmarks, un-touched by obfuscation. For instance,
some prior approaches have assumed that the structural relationships
between identifiers are not broken by obfuscators;
others have assumed that control flow graphs maintain their
structures. Both approaches can be easily defeated by a motivated
obfuscator. We present a new approach, MACNETO,
to search for programs relevant to obfuscated executables
leveraging deep learning and principal features on instructions.
MACNETO makes few assumptions about the kinds of
modifications that an obfuscator might perform. We show
that it has high search precision for executables obfuscated
by a state-of-the-art obfuscator that changes control flow. Further,
we also demonstrate the potential of MACNETO to help
developers understand executables, where MACNETO infers
keywords (which are from relevant un-obfuscated programs)
for obfuscated executables.

link

@inproceedings{Su:2018:ORS:3211346.3211352,
 author = {Su, Fang-Hsiang and Bell, Jonathan and Kaiser, Gail and Ray, Baishakhi},
 title = {{Obfuscation Resilient Search Through Executable Classification}},
 booktitle = {{Proceedings of the 2nd ACM SIGPLAN International Workshop on Machine Learning and Programming Languages (MAPL)}},
 series = {MAPL 2018},
 year = {2018},
 isbn = {978-1-4503-5834-7},
 location = {Philadelphia, PA, USA},
 pages = {20--30},
 numpages = {11},
 url = {http://doi.acm.org/10.1145/3211346.3211352},
 doi = {10.1145/3211346.3211352},
 acmid = {3211352},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {bytecode analysis, bytecode search, deep learning, executable search, obfuscation resilience},
} 

Code Relatives: Detecting Similarly Behaving Software


@inproceedings{Su:2016:CRD:2950290.2950321,
author = {Su, Fang-Hsiang and Bell, Jonathan and Harvey, Kenneth and Sethumadhavan, Simha and Kaiser, Gail and Jebara, Tony},
title = “{Code Relatives: Detecting Similarly Behaving Software}”,
booktitle = “{24th ACM SIGSOFT International Symposium on Foundations of Software Engineering}”,
series = {FSE 2016},
year = {2016},
isbn = {978-1-4503-4218-6},
location = {Seattle, WA, USA},
pages = {702–714},
numpages = {13},
url = {http://doi.acm.org/10.1145/2950290.2950321},
doi = {10.1145/2950290.2950321},
acmid = {2950321},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {Code relatives, code clones, link analysis, runtime behavior, subgraph matching},
note = “Artifact accepted as platinum.”
}

Identifying Functionally Similar Code in Complex Codebases

@inproceedings{hitoshiio,
author = “Fang-Hsiang Su and Jonathan Bell and Gail Kaiser and Simha Sethumadhavan”,
title = “(Identifying Functionally Similar Code in Complex Codebases}”,
booktitle = “{24th IEEE International Conference on Program Comprehension (ICPC)}”,
month = “May”,
year = “2016”,
pages = “1–10”,
url = “http://dx.doi.org/10.1109/ICPC.2016.7503720”,
note = “ACM SIGSOFT Distinguished Paper Award”
}

Challenges in Behavioral Code Clone Detection

@inproceedings{CodeRelatives.position,
author = “Fang-Hsiang Su and Jonathan Bell and Gail Kaiser”,
title = “{Challenges in Behavioral Code Clone Detection (Position Paper)}”,
booktitle = “{10th International Workshop on Software Clones (IWSC), affiliated with IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER)}”,
month = “March”,
year = “2016”,
volume = “3”,
pages = “21–22”,
url = “http://dx.doi.org/10.1109/SANER.2016.75”,
note = “People’s Choice Award for Best Position Paper.”
}

Efficient Dependency Detection for Safe Java Test Acceleration

@inproceedings{Bell:2015:EDD:2786805.2786823,
author = {Bell, Jonathan and Kaiser, Gail and Melski, Eric and Dattatreya, Mohan},
title = “{Efficient Dependency Detection for Safe Java Test Acceleration}”,
booktitle = “{2015 10th Joint Meeting on Foundations of Software Engineering}”,
series = {ESEC/FSE 2015},
year = {2015},
isbn = {978-1-4503-3675-8},
location = {Bergamo, Italy},
pages = {770–781},
numpages = {12},
url = {http://doi.acm.org/10.1145/2786805.2786823},
doi = {10.1145/2786805.2786823},
acmid = {2786823},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {Test dependence, detection algorithms, empirical studies},
}

Dynamic Taint Tracking for Java with Phosphor

@inproceedings{Bell:2015:DTT:2771783.2784768,
author = {Bell, Jonathan and Kaiser, Gail},
title = {Dynamic Taint Tracking for Java with Phosphor (Demo)},
booktitle = {Proceedings of the 2015 International Symposium on Software Testing and Analysis},
series = {ISSTA 2015},
year = {2015},
isbn = {978-1-4503-3620-8},
location = {Baltimore, MD, USA},
pages = {409–413},
numpages = {5},
url = {http://doi.acm.org/10.1145/2771783.2784768},
doi = {10.1145/2771783.2784768},
acmid = {2784768},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {Dataflow Analysis, Taint Tracking},
}

Dynamic Inference of Likely Metamorphic Properties to Support Differential Testing

@inproceedings{Su:2015:DIL:2819261.2819279,
author = {Su, Fang-Hsiang and Bell, Jonathan and Murphy, Christian and Kaiser, Gail},
title = {Dynamic Inference of Likely Metamorphic Properties to Support Differential Testing},
booktitle = {Proceedings of the 10th International Workshop on Automation of Software Test},
series = {AST ’15},
year = {2015},
month = {May},
location = {Florence, Italy},
pages = {55–59},
numpages = {5},
url = {http://dl.acm.org/citation.cfm?id=2819261.2819279},
acmid = {2819279},
publisher = {IEEE Press},
address = {Piscataway, NJ, USA},
}

A Gameful Approach to Teaching Software Design and Software Testing

@incollection{GamefulSoftwareTesting,
author = “Swapneel Sheth and Jonathan Bell and Gail Kaiser”,
title = “{A Gameful Approach to Teaching Software Design and Software Testing}”,
editor = “Kendra M.L. Cooper and Walt Scacchi”,
booktitle = “{Computer Games and Software Engineering}”,
publisher = “Chapman and Hall/CRC”,
isbn = “978-1-48-222668-3”,
year = “2015”, chapter = “4”, pages = “91–112”,
url = “https://books.google.com/books?id=Oy6IoAEACAAJ”}

Vroom: Faster Build Processes for Java

@article{7006344,
author={Jonathan Bell and Eric Melski and Mohan Dattatreya and Gail E. Kaiser},
journal={IEEE Software},
title=”{Vroom: Faster Build Processes for Java}”,
year={2015},
volume={32},
number={2},
pages={97-104},
doi={10.1109/MS.2015.32},
ISSN={0740-7459},
month={March/April},
url = {http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7006344}
}

Metamorphic Runtime Checking of Applications Without Test Oracles

@article{crosstalk,
author = {Jonathan Bell and Christian Murphy and Gail Kaiser},
title = “{Metamorphic Runtime Checking of Applications Without Test Oracles}”,
journal = “{Crosstalk the Journal of Defense Software Engineering}”,
volume = “28”, number = “2”,
pages = “9–13”,
month = “Mar/Apr”, year = “2015”,
url = “http://static1.1.sqspcdn.com/static/f/702523/25999119/1425257561223/201503-Bell.pdf”}