Table of contents

  • This session has been presented February 25, 2022.

Description

  • Speaker

    Grégoire Menguy (CEA LIST)

Code obfuscation aims at protecting Intellectual Property and other secrets embedded into software from being retrieved. Recent works leverage advances in artificial intelligence (AI) with the hope of getting blackbox deobfuscators completely immune to standard (whitebox) protection mechanisms. While promising, this new field of AI-based, and more specifically search-based blackbox deobfuscation, is still in its infancy. We deepen the state of search-based blackbox deobfuscation in three key directions: understand the current state-of-the-art, improve over it and design dedicated protection mechanisms. In particular, we define a novel generic framework for search-based blackbox deobfuscation encompassing prior work and highlighting key components; we are the first to point out that the search space underlying code deobfuscation is too unstable for simulation-based methods (e.g., Monte Carlo Tree Search used in prior work) and advocate the use of robust methods such as S-metaheuristics; we propose the new optimized search-based blackbox deobfuscator Xyntia which significantly outperforms prior work in terms of success rate (especially with small time budget) while being completely immune to the most recent anti-analysis code obfuscation methods; and finally we propose two novel protections against search-based blackbox deobfuscation, allowing to counter Xyntia powerful attacks. This work has been published at ACM CCS 2021.

Practical infos

  • Presentation documents

Next sessions

  • The Battle Against Bots: Current Threats and New Directions to Counter Automated Attacks

    • November 22, 2024 (11:00 - 12:00)

    • Inria Center of the University of Rennes - -Petri/Turing room

    Speaker : Elisa Chiapponi - Amadeus IT Group

    In today's digital landscape, the battle between industry and automated bots is an ever-evolving challenge. Attackers are leveraging advanced techniques such as residential proxies, CAPTCHA farms, and AI-enhanced fingerprint rotations to evade detection and execute functional abuse attacks, including web scraping, denial of inventory, and SMS pumping.  This talk will explore ongoing efforts[…]
    • SoSysec

    • Intrusion detection

  • Safety-Security Convergence of Industrial Control Systems

    • December 13, 2024 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Aurigny

    Speaker : Maxime Puys - Université Clermont Auvergne - IUT de Clermont-Ferrand

    Industrial Control Systems (ICS) are designed to provide a service, such as power generation or water treatment, while protecting people, assets, and the environment against hazards. However, ICS now integrate Information Technology (IT) and are interconnected with the outside world such as the Internet, thereby exposing their infrastructures to cyberattacks. Cyberattacks have thus become new[…]
    • SoSysec

    • Intrusion detection

Show previous sessions