Title: An attempt toward Authorship Analysis of Obfuscated .NET Binaries
Issue Number: | Vol. 6, No. 3 |
Year of Publication: | Sep - 2017 |
Page Numbers: | 139-154 |
Authors: | Kamran Morovati |
Journal Name: | International Journal of Cyber-Security and Digital Forensics (IJCSDF) - Hong Kong |
DOI: http://dx.doi.org/10.17781/P002299
Abstract:
This research aims at identifying obfuscation resistant features of .NET binaries. This study is an attempt toward facilitating the authorship attribution of an unknown .NET executable. The primary goal of this study is to examine the effectiveness of obfuscation techniques for hiding the author’s programming style. In this research, I have tested features such as op-code frequencies, op-code n-grams, API function calls and some features obtained from program Control Flow Graph.