Title: An attempt toward Authorship Analysis of Obfuscated .NET Binaries

Issue Number: Vol. 6, No. 3
Year of Publication: Sep - 2017
Page Numbers: 139-154
Authors: Kamran Morovati
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002299

Abstract:


This research aims at identifying obfuscation resistant features of .NET binaries. This study is an attempt toward facilitating the authorship attribution of an unknown .NET executable. The primary goal of this study is to examine the effectiveness of obfuscation techniques for hiding the author’s programming style. In this research, I have tested features such as op-code frequencies, op-code n-grams, API function calls and some features obtained from program Control Flow Graph.