SSLEM: A Simplifier for MBA Expressions based on Semi-linear MBA Expressions and Program Synthesis
Seong-Kyun Mok, Seoyeon Kang, Jeongwoo Kim, Eun-Sun Cho, Seokwoo Choi
TL;DR
This paper introduces SSLEM, a new simplifier for semi-linear MBA expressions, extending previous linear methods to handle more complex malware obfuscation expressions through program synthesis techniques.
Contribution
The paper proposes a novel semi-linear MBA expression class and develops SSLEM, a simplifier capable of handling more general MBA expressions beyond linear forms.
Findings
SSLEM effectively simplifies semi-linear MBA expressions.
SSLEM outperforms existing linear-based methods in handling complex expressions.
The approach enhances malware analysis by reducing obfuscation complexity.
Abstract
MBA (mixed boolean and arithmetic) expressions are hard to simplify, so used for malware obfuscation to hinder analysts' diagnosis. Some MBA simplification methods with high performance have been developed, but they narrowed the target to "linear" MBA expressions, which allows efficient solutions based on logic/term-rewriting. However such restrictions are not appropriate for general forms of MBA expressions usually appearing in malware. To overcome this limitation, we introduce a "semi-linear" MBA expression, a new class of MBA expression extended from a linear MBA expression, and propose a new MBA simplifier called "SSLEM", based on a simplification idea of semi-linear MBA expressions and program synthesis
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Digital and Cyber Forensics · Network Security and Intrusion Detection