Code Obfuscation Classification Using Singular Value Decomposition on Grayscale Image Representations

Sebastian Raubitzek; Sebastian Schrittwieser; Caroline Lawitschka; Kevin Mallinger; Andreas Ekelhart; Edgar Weippl

doi:10.5220/0012856600003767

Code Obfuscation Classification Using Singular Value Decomposition on Grayscale Image Representations

Sebastian Raubitzek, Sebastian Schrittwieser, Caroline Lawitschka, Kevin Mallinger, Andreas Ekelhart, Edgar Weippl

2024

Abstract

In the ever-evolving world of cybersecurity, malware code hidden through code obfuscation is a key challenge for detection systems. This research explores how to identify and analyze these obfuscations by turning binary code into grayscale images, avoiding traditional code analysis methods that obfuscations might disrupt. We convert the bytes of binary code to grayscale values and use singular value decomposition (SVD) to uncover patterns that different obfuscation techniques create in the images. This method helps us see if specific obfuscation approaches cause unique patterns in the binary data, allowing us to classify them accurately. We apply this technique to improve malware obfuscation detection and help software developers choose obfuscation methods that are harder to spot. The main achievements of this study include developing a dependable system for classifying obfuscated code, a detailed evaluation of how obfuscations affect binary structure and visual representations thereof, and insights into using visual analysis for structural code analysis.

Download

Paper Citation

in Harvard Style

Raubitzek S., Schrittwieser S., Lawitschka C., Mallinger K., Ekelhart A. and Weippl E. (2024). Code Obfuscation Classification Using Singular Value Decomposition on Grayscale Image Representations. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 323-333. DOI: 10.5220/0012856600003767

in Bibtex Style

@conference{secrypt24,
author={Sebastian Raubitzek and Sebastian Schrittwieser and Caroline Lawitschka and Kevin Mallinger and Andreas Ekelhart and Edgar Weippl},
title={Code Obfuscation Classification Using Singular Value Decomposition on Grayscale Image Representations},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={323-333},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012856600003767},
isbn={978-989-758-709-2},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Code Obfuscation Classification Using Singular Value Decomposition on Grayscale Image Representations
SN - 978-989-758-709-2
AU - Raubitzek S.
AU - Schrittwieser S.
AU - Lawitschka C.
AU - Mallinger K.
AU - Ekelhart A.
AU - Weippl E.
PY - 2024
SP - 323
EP - 333
DO - 10.5220/0012856600003767
PB - SciTePress