Study of Code Obfuscation Techniques for the Security of Software Components

Authors

  • Miguel Rodríguez-Veliz Facultad de Ciencias Informáticas, Universidad Técnica de Manabí, Portoviejo, Ecuador.
  • Yulier Nuñez-Musa
  • Roberto Sepúlveda-Lima Facultad de Ingeniería Informática, Universidad Tecnológica de la Habana ‘José Antonio Echeverría’, La Habana, Cuba

Keywords:

source code, obfuscation, software, techniques

Abstract

The objective of the study is based on analyzing documentary information referring to code obfuscation techniques for the security of software components, from the perspective of the State of the Art. The research design is developed under a qualitative approach, of a documentary nature, in which referential information on the methods and techniques to carry out the processes of data assurance in computer systems is analyzed, based on the aforementioned theoretical and the analysis of the information collected without the manipulation of variables. The population under study is based on documents such as scientific articles, research papers and bibliographic reference material. To collect the data, content sheets are used, which represent the basis for the content analysis of the sources consulted. With the analysis of the results of these studies, it is intended to carry out an investigation of the theoretical aspects that support the obfuscation of security codes from its origins and how it has gradually advanced in its implementation in software.

Downloads

Download data is not yet available.

References

Acosta-Correa, B.S., & Yanza-Hurtado, A.V. (2013). Guidelines for the development of Web GIS applications. FOLLOW. University of Girona. VII Free Software Conference.

Alrabaee, S., Wang, L., & Debbabi, M. (2016). BinGold: Towards robust binary analysis by extracting the semantics of binary code as semantic flow graphs (SFGs). Digital Investigation 18 (2016) S11-S22

Anjali, V., Swapna, T.R., & Jayaraman, B. (2015). Plagiarism Detection for Java Programs without Source Codes. Procedia Computer Science 46 (2015) 749 – 758

Aucsmith (1996). Tamper resistant software: An implementation. In Proceedings of the First International Workshop on Information Hiding. Pages 317-333. London, UK.

Bernardis, E., Bernardis, H., Beron, M., & Montejano, G. (2017). Security in Web Services. National University of San Luis. Department of Computer Science. Faculty of Physical, Mathematical and Natural Sciences, San Luis, Argentina

Bernardis, H., Bernardis, E., Berón, M., Riesco, D., & Pereira, M. (2018). Techniques and Tools to Regulate Security in Web Services Based on WSDL. National University of San Luis. Department of Computer Science. Faculty of Physical, Mathematical and Natural Sciences, San Luis, Argentina

Berón, M., Henriques, P., Varanda, M., & Uzal, R. (2006). Tools for understanding programs, June 2006.

Cabrera Laguapillo, M. S., & Larco Andrade, Y. C. (2018). Analysis of malicious code concealment techniques for evasion of end-user protection systems and NIDS. 124 sheets. Quito: EPN.

Camargo-Ruiz, D., Tovar-Zambrano, E., & Niño- González, J. (2015). Different Obfuscation Techniques for Code Protection. Procedia Computer Science 70 (2015) 757 – 763

Camargo-Ruiz, D., Tovar-Zambrano, E., & Niño- González, J. (2022). Encryption process with idea algorithm and code obfuscation in web services. Magazine Links: Science, Technology and Society. Bogotá D.C., Colombia.

Cappaert, J. (2012). Code obfuscation techniques for software protection. Katholieke Universiteit Leuven.

Cerutti, F., Barattieri, D., Gringoli, F., & Lamperti, G. (2022). Looking for Criminal Intents in JavaScript Obfuscated Code. Procedia Computer Science 207 (2022) 867–876

Chen, Z., Jia, C., & Xu, D. (2017). Hidden path: dynamic software watermarking based on control flow obfuscation. International Conference on Computational Science and Engineering and International Conference on Embedded and Ubiquitous Computing. Ed. IEEE, vol. 2, pp. 443-450, ISBN: 1-5386-3221-7

Chilowicz, M., Duris, E., & Roussel, G. (2013). Viewing functions as token sequences to highlight similarities in source code. Science of Computer Programming 78 (2013) 1871–1891

Collberg, C., Carter, E., Debray, S., Huntwork, A., Kececioglu, J., & Linn, C. (2004). Dynamic path-based software watermarking. Conference on programming language design and implementation. Ed. ACM, vol. 39, pp. 107-118, DOI: 10.1145/996841.996856, ISBN: 1-58113-807-5

Fagoaga Sancho, J. (2020).Techniques of injection and obfuscation of PE files in the memory of a process and the analysis of this in Windows systems. Final Project / Final Degree Project,E.T.S. of Computer Engineers (UPM), Madrid, Spain.

Ferrari, A., Bernardis, E., Beron, M., Bernardis, H., Tinoco, M., Bustos, M., & Riesco, D. (2018). ATENOS: A Program to Improve Security in WSDL. National University of San Luis. Department of Computer Science. Faculty of Physical, Mathematical and Natural Sciences, San Luis, Argentina

Hernández, F., et al (2001). Research methodology. McGraw-Hill Publishing. Mexico. https://www.uca.ac.cr/wp-content/uploads/2017/10/Investigacion.pdf

Hernández, R., Fernández, C., Baptista, M. (2006). Definitions of quantitative and qualitative approaches, their similarities and differences. Research Methodology, 2–23. https://investigar1.files.wordpress.com/2010/05/1033525612-mtis_sampieri_unidad_1-1.pdf

Horcas, J., Cortiñas, A., Fuentes, L., & Luaces, M. (2022). Combining multiple granularity variability in a software product line approach for web engineering. Information and Software Technology 148 (2022) 106910

Hosseinzadeh, S., Rauti, S., Laurén, S., Makela, J., Holvitie, J., Hyrynsalmi, S., & Leppanen, V. (2018). Diversification and obfuscation techniques for software security: A systematic literature review. Information and Software Technology 104 (2018) 72–93

Ponemon Institute (2016). Report on the cost of Data Gaps 2016. IBM Security.

Irimia, C., Irimia, R., Milea, R., Ilas, S., Vasiliu, A., & Iftene, A. (2022). Obfuscation of Documents using Randomly Generated Steps. Procedia Computer Science 207 (2022) 1581–1590

Ishida, M., Kaneko, N. & Sumi, K. (2023). MOJI: Character-level convolutional neural networks for Malicious Obfuscated JavaScript Inspection. Applied Soft Computing 137 (2023) 110138

Jia, L., Yang, Y., Tang, B., & Jiang, Z. (2023). ERMDS: A obfuscation dataset for evaluating robustness of learning-based malware detection system. BenchCouncil Transactions on Benchmarks, Standards and Evaluations

Kuang, K., Tang, Z., Gong, X., Fang, D., Chen, X., & Wang, Z. (2018). Enhance virtual-machine-based code obfuscation security through dynamic bytecode scheduling. ScienceDirect, computers & security 74 (2018) 202–220

Kumar, R., & Essar, A. (2016). Detection of obfuscation in java malware. Procedia Computer Science 78 (2016) 521 – 529

Lu, H., Wang, X., Zhao, B., Wang, F., & Su, J. (2013). ENDMal: An anti-obfuscation and collaborative malware detection system using syscall sequences. Mathematical and Computer Modelling 58 (2013) 1140–1154

Menéndez, H., & Suárez-Tangil, G. (2022). ObfSec: Measuring the security of obfuscations from a testing perspective. Expert Systems With Applications 210 (2022) 118298

Ndichu, S., Kim, S., Ozawa, S., Misu, T., & Makishima, K. (2019). A machine learning approach to detection of JavaScript-based attacks using AST features and paragraph vectors. Applied Soft Computing Journal 84 (2019) 105721

Palella, S. & Martins, F. (2018). Methodology of quantitative research. Third Edition. FEDUPEL. http://gc.scalahed.com/recursos/files/r161r/w23578w/w23578w.pdf

Royal Spanish Academy (2018). http://www.rae.es/

Roy, A., Singh Jas, D., Jaggi, G., & Sharma, K. (2020). Android Malware Detection based on Vulnerable Feature Aggregation. Procedia Computer Science 173 (2020) 345–353

Rust-Nguyen, N., Sharma, S., & Stamp, M. (2023). Darknet traffic classification and adversarial attacks using machine learning. Computers & Security 127 (2023) 103098

Sánchez-Paniagua, M., Fidalgo, E., Alegre, E., & Alaíz, R. (2022). Phishing websites detection using a novel multipurpose dataset and web technologies features. Expert Systems With Applications 207 (2022) 118010

Seshagiri, P., Vazhayil, A., & Sriram, P. (2016). AMA: Static Code Analysis of Web Page For The Detection of Malicious Scripts. Procedia Computer Science 93 (2016) 768 – 773

Zabardast, E., González-Huerta, J., Gorschek, T., Smite, D., Alegroth, E., & Faberholm, F. (2023). A taxonomy of assets for the development of software-intensive products and services. The Journal of Systems & Software 202 (2023) 111701

Zhang, X., Breitinger, F., Luechinger, E., & O´Shaughnessy, S. (2021). Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations. Forensic Science International: Digital Investigation 39 (2021) 301285

Zhen, Y., Li, Z., Xu, X, & Zhao, Q. (2022). Dynamic defenses in cyber security: Techniques, methods and challenges. Digital Communications and Networks 8 (2022) 422–435

Mr. B. Naga Rajesh. (2019). Effective Morphological Transformation and Sub-pixel Classification of Clustered Images. International Journal of New Practices in Management and Engineering, 8(01), 08 - 14. https://doi.org/10.17762/ijnpme.v8i01.74

Kulkarni, A. P. ., & T. N., M. . (2023). Hybrid Cloud-Based Privacy Preserving Clustering as Service for Enterprise Big Data. International Journal on Recent and Innovation Trends in Computing and Communication, 11(2s), 146–156. https://doi.org/10.17762/ijritcc.v11i2s.6037

Dhabliya, D., Soundararajan, R., Selvarasu, P., Balasubramaniam, M. S., Rajawat, A. S., Goyal, S. B., . . . Suciu, G. (2022). Energy-efficient network protocols and resilient data transmission schemes for wireless sensor Networks—An experimental survey. Energies, 15(23) doi:10.3390/en15238883

Downloads

Published

16.08.2023

How to Cite

Rodríguez-Veliz, M. ., Nuñez-Musa, Y. ., & Sepúlveda-Lima, R. . (2023). Study of Code Obfuscation Techniques for the Security of Software Components. International Journal of Intelligent Systems and Applications in Engineering, 11(10s), 913–922. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/3385

Issue

Vol. 11 No. 10s (2023)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.