论文标题
SSLEM:基于半线性MBA表达式和程序合成的MBA表达式简化器
SSLEM: A Simplifier for MBA Expressions based on Semi-linear MBA Expressions and Program Synthesis
论文作者
论文摘要
MBA(混合布尔和算术)表达式很难简化,因此用于恶意软件混淆以阻止分析师的诊断。已经开发了一些具有高性能的MBA简化方法,但是它们将目标缩小到“线性” MBA表达式,该方法允许基于逻辑/术语练习的有效解决方案。但是,此类限制不适合通常出现在恶意软件中的MBA表达式的一般形式。为了克服这一限制,我们引入了“半线性” MBA表达式,这是一种从线性MBA表达式扩展的新的MBA表达式,并提出了一种新的MBA简化器,称为“ SSLEM”,基于半线性MBA表达和程序合成的简化概念
MBA (mixed boolean and arithmetic) expressions are hard to simplify, so used for malware obfuscation to hinder analysts' diagnosis. Some MBA simplification methods with high performance have been developed, but they narrowed the target to "linear" MBA expressions, which allows efficient solutions based on logic/term-rewriting. However such restrictions are not appropriate for general forms of MBA expressions usually appearing in malware. To overcome this limitation, we introduce a "semi-linear" MBA expression, a new class of MBA expression extended from a linear MBA expression, and propose a new MBA simplifier called "SSLEM", based on a simplification idea of semi-linear MBA expressions and program synthesis
