International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
Survey on classification techniques for intrusion detectioncsandit
Intrusion detection is the most essential component
in network security. Traditional Intrusion
Detection methods are based on extensive knowledge
of signatures of known attacks. Signature-
based methods require manual encoding of attacks by
human experts. Data mining is one of the
techniques applied to Intrusion Detection that prov
ides higher automation capabilities than
signature-based methods. Data mining techniques suc
h as classification, clustering and
association rules are used in intrusion detection.
In this paper, we present an overview of
intrusion detection, KDD Cup 1999 dataset and detai
led analysis of different classification
techniques namely Support vector Machine, Decision
tree, Naïve Bayes and Neural Networks
used in intrusion detection.
A Smart Fuzzing Approach for Integer Overflow DetectionITIIIndustries
Fuzzing is one of the most commonly used methods to detect software vulnerabilities, a major cause of information security incidents. Although it has advantages of simple design and low error report, its efficiency is usually poor. In this paper we present a smart fuzzing approach for integer overflow detection and a tool, SwordFuzzer, which implements this approach. Unlike standard fuzzing techniques, which randomly change parts of the input file with no information about the underlying syntactic structure of the file, SwordFuzzer uses online dynamic taint analysis to identify which bytes in the input file are used in security sensitive operations and then focuses on mutating such bytes. Thus, the generated inputs are more likely to trigger potential vulnerabilities. We evaluated SwordFuzzer with an example program and a number of real-world applications. The experimental results show that SwordFuzzer can accurately locate the key bytes of the input file and dramatically improve the effectiveness of fuzzing in detecting real-world vulnerabilities
Taint analysis is the trending approach of analysing software for security purposes. By using the taint analysis technique, tainted tags are added to the data entering from the sensitive sources into the applications, then the propagations of the tainted data are monitored carefully. Taint analysis can be done in two ways including static taint analysis where analysis is conducted without executing the program, and dynamic taint analysis where the tainted data is monitored during the program execution. This paper reviews the taint analysis technique, with a focus on dynamic taint analysis. In addition, some of the existing taint analysis tools and their application areas are reviewed. In the end, the paper summarises the defects associated with each of the tools and presents some of them.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A source code security audit is a powerful methodology for locating and removing security vulnerabilities.
An audit can be used to (1) pass potentially prioritized list of vulnerabilities to developers (2) exploit
vulnerabilities or (3) provide proof-of-concepts for potential vulnerabilities. The security audit research
currently remains disjoint with minor discussion of methodologies utilized in the field. This paper
assembles a broad array of literature to promote standardizing source code security audits techniques. It,
then, explores a case study using the aforementioned techniques.
The case study analyzes the security for a stable version of the Apache Traffic Server (ATS). The study
takes a white to gray hat point of view as it reports vulnerabilities located by two popular proprietary tools,
examines and connects potential vulnerabilities with a standard community-driven taxonomy, and
describes consequences for exploiting the vulnerabilities. A review of other security-driven case studies
concludes this research.
Survey on classification techniques for intrusion detectioncsandit
Intrusion detection is the most essential component
in network security. Traditional Intrusion
Detection methods are based on extensive knowledge
of signatures of known attacks. Signature-
based methods require manual encoding of attacks by
human experts. Data mining is one of the
techniques applied to Intrusion Detection that prov
ides higher automation capabilities than
signature-based methods. Data mining techniques suc
h as classification, clustering and
association rules are used in intrusion detection.
In this paper, we present an overview of
intrusion detection, KDD Cup 1999 dataset and detai
led analysis of different classification
techniques namely Support vector Machine, Decision
tree, Naïve Bayes and Neural Networks
used in intrusion detection.
A Smart Fuzzing Approach for Integer Overflow DetectionITIIIndustries
Fuzzing is one of the most commonly used methods to detect software vulnerabilities, a major cause of information security incidents. Although it has advantages of simple design and low error report, its efficiency is usually poor. In this paper we present a smart fuzzing approach for integer overflow detection and a tool, SwordFuzzer, which implements this approach. Unlike standard fuzzing techniques, which randomly change parts of the input file with no information about the underlying syntactic structure of the file, SwordFuzzer uses online dynamic taint analysis to identify which bytes in the input file are used in security sensitive operations and then focuses on mutating such bytes. Thus, the generated inputs are more likely to trigger potential vulnerabilities. We evaluated SwordFuzzer with an example program and a number of real-world applications. The experimental results show that SwordFuzzer can accurately locate the key bytes of the input file and dramatically improve the effectiveness of fuzzing in detecting real-world vulnerabilities
Taint analysis is the trending approach of analysing software for security purposes. By using the taint analysis technique, tainted tags are added to the data entering from the sensitive sources into the applications, then the propagations of the tainted data are monitored carefully. Taint analysis can be done in two ways including static taint analysis where analysis is conducted without executing the program, and dynamic taint analysis where the tainted data is monitored during the program execution. This paper reviews the taint analysis technique, with a focus on dynamic taint analysis. In addition, some of the existing taint analysis tools and their application areas are reviewed. In the end, the paper summarises the defects associated with each of the tools and presents some of them.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A source code security audit is a powerful methodology for locating and removing security vulnerabilities.
An audit can be used to (1) pass potentially prioritized list of vulnerabilities to developers (2) exploit
vulnerabilities or (3) provide proof-of-concepts for potential vulnerabilities. The security audit research
currently remains disjoint with minor discussion of methodologies utilized in the field. This paper
assembles a broad array of literature to promote standardizing source code security audits techniques. It,
then, explores a case study using the aforementioned techniques.
The case study analyzes the security for a stable version of the Apache Traffic Server (ATS). The study
takes a white to gray hat point of view as it reports vulnerabilities located by two popular proprietary tools,
examines and connects potential vulnerabilities with a standard community-driven taxonomy, and
describes consequences for exploiting the vulnerabilities. A review of other security-driven case studies
concludes this research.
Information Systems and Networks are subjected to electronic attacks. When
network attacks hit, organizations are thrown into crisis mode. From the IT department to
call centers, to the board room and beyond, all are fraught with danger until the situation is
under control. Traditional methods which are used to overcome these threats (e.g. firewall,
antivirus software, password protection etc.) do not provide complete security to the system.
This encourages the researchers to develop an Intrusion Detection System which is capable
of detecting and responding to such events. This review paper presents a comprehensive
study of Genetic Algorithm (GA) based Intrusion Detection System (IDS). It provides a
brief overview of rule-based IDS, elaborates the implementation issues of Genetic Algorithm
and also presents a comparative analysis of existing studies.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Obfuscated computer virus detection using machine learning algorithmjournalBEEI
Nowadays, computer virus attacks are getting very advanced. New obfuscated computer virus created by computer virus writers will generate a new shape of computer virus automatically for every single iteration and download. This constantly evolving computer virus has caused significant threat to information security of computer users, organizations and even government. However, signature based detection technique which is used by the conventional anti-computer virus software in the market fails to identify it as signatures are unavailable. This research proposed an alternative approach to the traditional signature based detection method and investigated the use of machine learning technique for obfuscated computer virus detection. In this work, text strings are used and have been extracted from virus program codes as the features to generate a suitable classifier model that can correctly classify obfuscated virus files. Text string feature is used as it is informative and potentially only use small amount of memory space. Results show that unknown files can be correctly classified with 99.5% accuracy using SMO classifier model. Thus, it is believed that current computer virus defense can be strengthening through machine learning approach.
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationCSCJournals
Internet attacks are continuously increasing in the last years, in terms of scale and complexity, challenging the existing defense solutions with new complications and making them almost ineffective against multi-stage attacks, in particular the intrusion detection systems which fail to identify such complex attacks. Attack graph is a modeling technique used to visualize the different steps an attacker might select to achieve his end game, based on existing vulnerabilities and weaknesses in the system. This paper studies the application of attack graphs in intrusion detection and prevention systems (IDS/IPS) in order to better identify complex attacks based on predefined models, configurations, and alerts. As a “proof of concept”, a tool is developed which interfaces with the well-known SNORT [1] intrusion detection system and matches the alerts with an attack graph generated using the NESSUS [2] vulnerability scanner (maintained up-to-date using the National Vulnerability Database (NVD) [3]) and the MULVAL [4] attack graph generation library. The tool allows to keep track with the attacker activities along the different stages of the attack graph.
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFAIJNSA Journal
Intrusion Detection & Prevention Systems generally aims at detecting / preventing attacks against Information systems and networks. The basic task of IDPS is to monitor network & system traffic for any malicious packets/patterns and hence to prevent any unwarranted incidents which leads the systems to insecure state. The monitoring is done by checking each packet for its validity against the signatures formulated for identified vulnerabilities. Since, signatures are the heart & soul of an Intrusion Detection and Prevention System (IDPS), we, in this paper, discuss two methodologies we adapted in our research effort to improve the current Intrusion Detection and Prevention (IDP) systems. The first methodology RUDRAA is for formulating, verifying & validating the potential signatures to be used with IDPS. The second methodology DSP-FED is aimed at processing the signatures in less time with our proposed fast elimination method using DFA. The research objectives of this project are 1) To formulate & process potential IPS signatures to be used with Intrusion prevention system. 2) To propose a DFA based approach for signature processing which, upon a pattern match, could process the signatures faster else could eliminate it efficiently if not matched
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...ijcsit
Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
Information Systems and Networks are subjected to electronic attacks. When
network attacks hit, organizations are thrown into crisis mode. From the IT department to
call centers, to the board room and beyond, all are fraught with danger until the situation is
under control. Traditional methods which are used to overcome these threats (e.g. firewall,
antivirus software, password protection etc.) do not provide complete security to the system.
This encourages the researchers to develop an Intrusion Detection System which is capable
of detecting and responding to such events. This review paper presents a comprehensive
study of Genetic Algorithm (GA) based Intrusion Detection System (IDS). It provides a
brief overview of rule-based IDS, elaborates the implementation issues of Genetic Algorithm
and also presents a comparative analysis of existing studies.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Obfuscated computer virus detection using machine learning algorithmjournalBEEI
Nowadays, computer virus attacks are getting very advanced. New obfuscated computer virus created by computer virus writers will generate a new shape of computer virus automatically for every single iteration and download. This constantly evolving computer virus has caused significant threat to information security of computer users, organizations and even government. However, signature based detection technique which is used by the conventional anti-computer virus software in the market fails to identify it as signatures are unavailable. This research proposed an alternative approach to the traditional signature based detection method and investigated the use of machine learning technique for obfuscated computer virus detection. In this work, text strings are used and have been extracted from virus program codes as the features to generate a suitable classifier model that can correctly classify obfuscated virus files. Text string feature is used as it is informative and potentially only use small amount of memory space. Results show that unknown files can be correctly classified with 99.5% accuracy using SMO classifier model. Thus, it is believed that current computer virus defense can be strengthening through machine learning approach.
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Application of Attack Graphs in Intrusion Detection Systems: An ImplementationCSCJournals
Internet attacks are continuously increasing in the last years, in terms of scale and complexity, challenging the existing defense solutions with new complications and making them almost ineffective against multi-stage attacks, in particular the intrusion detection systems which fail to identify such complex attacks. Attack graph is a modeling technique used to visualize the different steps an attacker might select to achieve his end game, based on existing vulnerabilities and weaknesses in the system. This paper studies the application of attack graphs in intrusion detection and prevention systems (IDS/IPS) in order to better identify complex attacks based on predefined models, configurations, and alerts. As a “proof of concept”, a tool is developed which interfaces with the well-known SNORT [1] intrusion detection system and matches the alerts with an attack graph generated using the NESSUS [2] vulnerability scanner (maintained up-to-date using the National Vulnerability Database (NVD) [3]) and the MULVAL [4] attack graph generation library. The tool allows to keep track with the attacker activities along the different stages of the attack graph.
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFAIJNSA Journal
Intrusion Detection & Prevention Systems generally aims at detecting / preventing attacks against Information systems and networks. The basic task of IDPS is to monitor network & system traffic for any malicious packets/patterns and hence to prevent any unwarranted incidents which leads the systems to insecure state. The monitoring is done by checking each packet for its validity against the signatures formulated for identified vulnerabilities. Since, signatures are the heart & soul of an Intrusion Detection and Prevention System (IDPS), we, in this paper, discuss two methodologies we adapted in our research effort to improve the current Intrusion Detection and Prevention (IDP) systems. The first methodology RUDRAA is for formulating, verifying & validating the potential signatures to be used with IDPS. The second methodology DSP-FED is aimed at processing the signatures in less time with our proposed fast elimination method using DFA. The research objectives of this project are 1) To formulate & process potential IPS signatures to be used with Intrusion prevention system. 2) To propose a DFA based approach for signature processing which, upon a pattern match, could process the signatures faster else could eliminate it efficiently if not matched
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...ijcsit
Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
NOTE: The dates and rules in this session are specific to Funding Year 2012.
What is E-rate? How can my library benefit from E-rate? How do I apply for E-rate? E-rate is a federal program that provides discounts to assist schools and libraries in the United States to obtain affordable telecommunications and Internet access. Christa Burns, State E-rate Coordinator for Libraries, will cover the basics of E-rate and any changes that have been made to the program this year. This session will be useful to libraries who have never applied for E-rate, libraries who are new to E-rate and current E-rate libraries who just want a refresher on what E-rate is all about.
Number 8 in our Top 10 DB2 Support Nightmares series. This month we take a look at what happens when organisations are not able to keep up to date with the latest DB2 technology.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
Combating Software Piracy Using Code Encryption Techniquetheijes
Computer security is of great concern to users and corporate bodies now ever than before due to activities of criminals and hackers on the Internet. Software piracy and the breach of the copyright laws, intentionally or unintentionally is very common these days. Software piracy is a menace to software developers and computer users all over the world. Software hackers have become nuisance to many organizations, corporate bodies and government alike. Pirating software has caused lost of several billions US Dollars and the problem continued unabated. There have been a lot of security threats in recent past due to the activities of hackers. Several financial organizations and national securities have been threatened and even some have been compromised. In this paper, we proposed the code encryption technique for combating software piracy. Using C++ programming language to develop the code, the technique converts plain code to an encrypted form that cannot be understood by the hacker or intended hacker unless he has the key to encrypt or decode the encrypted data. Our result shows that using this technique, it will be difficult to pirate software after it has been released to intended user(s)..
Visualizing Object-oriented Software for Understanding and Documentation Ra'Fat Al-Msie'deen
Understanding or comprehending source code is one of
the core activities of software engineering. Understanding object-oriented source code is essential and required when a programmer maintains, migrates, reuses, documents or enhances source code. The source code that is not comprehended cannot be changed. The comprehension of object-oriented source code is a difficult problem solving process. In order to document object-oriented software system there are needs to understand its source code. To do so, it is necessary to mine source code dependencies in addition to quantitative information in source code such as the
number of classes. This paper proposes an automatic approach, which aims to document object-oriented software by visualizing its source code. The design of the object-oriented source code and its main characteristics are represented in the visualization. Package content, class information, relationships between classes, dependencies between methods and software metrics is displayed. The extracted views are very helpful to understand and document the object-oriented software. The novelty of this approach is the exploiting of code dependencies and quantitative information in source code to document object-oriented software efficiently by means of a set of graphs. To validate the approach, it has been applied to several case studies. The results of this evaluation showed that most of the object-oriented software systems have been documented correctly.
The Indo-American Journal of Agricultural and Veterinary Sciences is an online international journal published quarterly. It is a peer-reviewed journal that focuses on disseminating high-quality original research work, reviews, and short communications of the publishable paper.
Software Reverse Engineering in a Security ContextLokendra Rawat
Software Reverse Engineering in a Security Context (ncrisc 2018) this research paper was proposed in university event and it's targeted audience was junior students and anyone who doesn't have a clue on reverse engineering , also useful for developers because this will help them to understand execution of their developed applications on low level and malicious person able to exploit their applications
CS266 Software Reverse Engineering (SRE)
Introduction to Software Reverse Engineering
Teodoro (Ted) Cipresso, teodoro.cipresso@sjsu.edu
Department of Computer Science
San José State University
Spring 2015
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...IJNSA Journal
This paper presents the source code analysis of a file reader server socket program (connection-oriented sockets) developed in Java, to illustrate the identification, impact analysis and solutions to remove five important software security vulnerabilities, which if left unattended could severely impact the server running the software and also the network hosting the server. The five vulnerabilities we study in this paper are: (1) Resource Injection, (2) Path Manipulation, (3) System Information Leak, (4) Denial of Service and (5) Unreleased Resource vulnerabilities. We analyze the reason why each of these vulnerabilities occur in the file reader server socket program, discuss the impact of leaving them unattended in the program, and propose solutions to remove each of these vulnerabilities from the program. We also analyze any potential performance tradeoffs (such as increase in code size and loss of features) that could arise while incorporating the proposed solutions on the server program. The proposed solutions are very generic in nature, and can be suitably modified to correct any suchvulnerabilities in software developed in any other programming language. We use the Fortify Source Code Analyzer to conduct the source code analysis of the file reader server program, implemented on a Windows XP virtual machine with the standard J2SE v.7 development kit.
Abstract: The exponential growth of the internet and new technology lead today's world in a hectic situation both positive as well as the negative module. Cybercriminals gamble in the dark net using numerous techniques. This leads to cybercrime. Cyber threats like Malware attempt to infiltrate the computer or mobile device offline or internet, chat(online), and anyone can be a potential target. Malware is also known as malicious software is often used by cybercriminals to achieve their goal by tracking internet activity, capturing sensitive information, or blocking computer access. Reverse engineering is one of the best ways to prevent and is a powerful tool to keep the fight against cyber attacks. Most people in the cyber world see it as a black hat—It is said as being used to steal data and intellectual property. But when it is in the hands of cybersecurity experts, reverse engineering dons the white hat of the hero. Looking at the program from the outside in –often by a third party that had no hand in writing the code. It allows those who practice it to understand how a given program or system works when no source code is available. Reverse engineering accomplishing several tasks related to cybersecurity: finding system vulnerabilities, researching malware &analyzing the complexity of restoring core software algorithms that can further protect against theft. It is hard to hack certain software.
Keywords: Malware, threat, vulnerablity, detection, reverse engineering, analysis.
Title: Malware analysis and detection using reverse Engineering
Author: B.Rashmitha, J. Alwina Beauty Angelin, E.R. Ramesh
International Journal of Computer Science and Information Technology Research
ISSN 2348-1196 (print), ISSN 2348-120X (online)
Vol. 10, Issue 2, Month: April 2022 - June 2022
Page: (1-4)
Published Date: 01-April-2022
Research Publish Journals
Available at: www.researchpublish.com
You can Direct download full research paper at given below link:
https://www.researchpublish.com/papers/malware-analysis-and-detection-using-reverse-engineering
Academia Link: https://www.academia.edu/76069664/Malware_analysis_and_detection_using_reverse_Engineering_Available_at_www_researchpublish_com_journal_name_International_Journal_of_Computer_Science_and_Information_Technology_Research
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
A035401010
1. International Journal of Engineering Science Invention
ISSN (Online): 2319 – 6734, ISSN (Print): 2319 – 6726
www.ijesi.org Volume 3 Issue 5ǁ May 2014 ǁ PP.01-10
www.ijesi.org 1 | Page
Source Code Obfuscation: A Technique for Checkmating
Software Reverse Engineering
1
Edward E. Ogheneovo and 2
Chidi K. Oputeh,
1,2,
Department of Computer Science, University of Port Harcourt, Port Harcourt, Nigeria
ABSTRACT : With the widespread use of personal computers and advent of the Internet technology, computer
security has suffered a lot of setbacks. Computer users especially hackers these days are finding ways to get
access to certain information on the Internet which ordinarily they suppose to have use passwords to get access
to. The result is that these scrupulous users bypass username and passwords to access information that are not
well protected. One such problem is software cracking. Attackers and hackers bypass protection copyright,
download software and use them without permission. Software cracking is the process of bypassing the
registration and payments options on a software product to remove copyright protection safeguards or to turn a
demo version of software into a fully function version without paying for it. In this paper, we used source code
obfuscation technique to checkmate software reverse engineering which is one of the techniques hackers often
used to crack software. In this technique, the original code is mangled such that the resultant code, the
obfuscated code, is difficult to analyze by the hackers, although; the code retains its originality. Our result
shows that the obfuscated code cannot be easily decoded. Hence, it prevents hackers from cracking the code.
KEYWORDS: Software obfuscation, reverse engineering, software cracking, obfuscated code
I. INTRODUCTION
Security is a very crucial aspect of computer science and it plays a major role in the advancement of
Information Technology especially with the growing use of computer software for e – commerce, e – banking
and for governance in all areas of life where national security is a very critical issue [10]. It is therefore relevant
to study this area with increased efforts so that software produced and made - available for the general public
can be more secured and reduce the possibilities of being attacked by crackers or hackers [7] [8]. This will give
more confidence to the software developers and manufacturers to continue to create and develop software
knowing that their software are saved and cannot be hacked or cracked. However, if hackers decide to hack the
software, they can be sure that their software can stand the test of time.Code obfuscation [3] [11] focuses on the
protection of a software program and the content that the program protects. There have been billions of dollars
spent each year by the industries especially for software piracy and digital media piracy. The achievement of the
content/software security in a huge segment is based on the ability of protecting software code against
tampering and identifying the attackers who issue the pirate copies [6] [9]. Linn and Debray [12] concentrates
on the attacker identification and forensic examination. The author discussed about a proactive detection
approach for defeating an on-going attack before the cooperation has occurred. The author also describes
another detection approach for post compromise attacker identification. Especially, the author takes into account
the real world scenarios where the application programs connect with their vendors so often, and a discovery of
attack can bar a hacker from further business.Code obfuscation focuses to protect code against both static and
dynamic study and there exists another approach to protect against code analysis, namely self-modifying code
[4]. This approach provides the opportunity to create code at runtime, rather than changing it statically.
Practically, self-modifying code is highly restricted to the monarchy of viruses and malware. Yet, some
publications regard self-modifying code as an approach to protect against static and dynamic analysis. Madou et
al. [13] [14] for instance regard dynamic code generation. The author proposed an approach where functions are
generated earlier to their first call at runtime. Moreover, clustering is presented in such a way that a general
template can be utilized to generate each function in a cluster, carrying out a least amount of alterations. The
decryption at runtime technique is equal with code generation, apart from the fact that the decryption key can
depend on other code. Moreover, it lessens re-encrypting the viability of code during execution [15] [16].
However, the technique does not clearly protect a function template after the function executed.
II. REVERSE ENGINEERING PROCESS
The reverse engineering process [2] begins by extracting detailed design information, and from that
extracting a high-level design abstraction. Detailed (low-level) design information is extracted from the source
code and existing design documents. This information includes structure charts and data descriptions to describe
processing details. The high-level design representation is extracted from the recovered detailed design and
2. Source Code Obfuscation: A Technique For…
www.ijesi.org 2 | Page
expressed using data-flow and control-flow diagrams. The recovered design is the same as the extracted design.
The procedure steps are discussed below. Figure 1 summarizes the procedure.
Collect information: Collect all possible information about the program. Sources of information include
source code, design documents and documentation for system calls and external routines. Personnel
experienced with the software should also be identified.
Examine information: Review the collected information. This step allows the person(s) doing the
recovery to become familiar with the system and its components. A plan for dissecting the program and
recording the recovered information can be formulated during this stage.
Extract the structure: Identify the structure of the program and use this to create a set of structure
charts. Each node in the structure chart corresponds to a routine called in the program. Thus the chart
records the calling hierarchy of the program. For each edge in the chart, the data passed to a node and
returned by that node must be recorded.
Record functionality: For each node in the structure chart, record the processing done in the program
routine corresponding to that node. A Program Design Language (PDL) can be used to express the
functionality of program routines. For system and library routines the functionality can be described in
English or in a more formal notation.
Record data-flow: The recovered program structure and PDL can be analyzed to identify data
transformations in the software. These transformation steps show the data processing done in the
program. This information is used to develop a set of hierarchical data flow diagrams that model the
software.
Record control-flow: Identify the high-level control structure of the program and record it using control-
flow diagrams. This refers to high-level control that affects the overall operation of the software, not to
low-level processing control.
Review recovered design: Review the recovered design for consistency with available information and
correctness. Identify any missing items of information and attempt to locate them. Review the design to
verify that it correctly represents the program.
Generate documentation: The final step is to generate design documentation. Information explaining
the purpose of the program, program-overview, history, etc, will need to be recorded. This information
will most probably not be contained in the source code and must be recovered from other sources [2].
Fig. 1: Reverse engineering procedure
Source: Chikofsky and Cross [2]
Software reverse-engineering, or simply software analysis, mainly consists of investigating software. Depending
on the intent of the attacker, one can extract hidden algorithms, secret keys, and other information embedded in
the software. While analysis can be the actual goal of the attacker, it often is a precursor to tampering. Hence,
hindering analysis also hinders tampering. Being able to have access to all the features of cracked software
3. Source Code Obfuscation: A Technique For…
www.ijesi.org 3 | Page
implies that an attacker has full control over the host system and can therefore perform static and/or dynamic
analysis techniques at will.
Static Analysis: This technique is applied on non-executing code and comprises static disassembling and
subsequent static examination steps. Disassembling code is usually done using either linear sweep or recursive
traversal. Linear sweep simply scans over the code, disassembling instructions, assuming that every instruction
is followed by another instruction. GNU’s(UNIX – like Operating system) gdb(GNU debugger) [16] uses this
technique. Recursive traversal takes control flow into account. However, as some branches are input-dependent,
usually not all target addresses can be statically derived and disassembled. Linear sweep is easily fooled by
inserted data bytes [12], while recursive traversal often gives incomplete results. As a reaction, Schwarz et al.
[16] propose to use a combined approach. Additionally, Krügel et al. [11] treat every memory address as a
potential start of an instruction. Consequently, they filter out overlapping assembly results based on a control
flow graph based approach. Additionally to disassembly, a decompilation step could map low-level code to
more high-level constructions [3]. These high-level structures might facilitate human inspection more than
abstract assembly listings. For certain languages such as Java or .NET, it is easy to decompile bytecode into
source code [15]. Even if static analysis cannot derive all control flow, it is considered more complete than
dynamic analysis as it examines all possible paths while dynamic analysis only considers the executed path.
Figure 2 gives a schematic overview of the disassembly and decompilation phase for reverse engineering code.
Recovered high-level code aims to approximate the original source code.
Fig. 2: Different reverse engineering stages, represented as the inverse of a compilation process.
Source: http://www.cosic.esat.kuleuven.be/publications/thesis-199.pdf
Dynamic analysis: Dynamic techniques are performed on executing code. This involves tracing of executed
instructions, register contents, data values, etc. While this type of attack is more powerful than a static attack, it
may be more time consuming or more complex. First, it requires a platform similar to that of the target code.
Secondly, a program might be equipped with anti - debugging techniques hindering dynamic analysis.
Debugging and emulation belong to the dynamic analysis. Commercial debuggers include SoftICE [1] and IDA
Pro [5].
III. METHODOLOGY
Code obfuscation attempts to transform a program into an equivalent one that is more difficult to
manipulate and reverse engineer. Code obfuscation attempts to make the task of reverse engineering a program
daunting and time consuming. This is done by transforming the original program into an equivalent program,
which is much harder to understand, using static analysis.
Considering our obfuscation mechanism, we define obfuscation as follows:
4. Source Code Obfuscation: A Technique For…
www.ijesi.org 4 | Page
Let T(P) be program, transformation of program P. T is an obfuscating transformation, if T(P) has the same
observable behavior as P. In addition T must follow conditions:
if program P fails to terminate or terminates with an error condition, then T(P) may or may not terminate
otherwise P terminates and T(P) must terminate and produce the same output as P
Fig. 3: Obfuscation Mechanism Module
In this mechanism, the encrypted serial number generation code segment and the other code segments are, both,
subjected to obfuscation. This is done by writing an obfuscation routine within the source code that will be
responsible for applying the transformation on the source code itself. Since the entire source code will be
obfuscated, it is very difficult for any cracker or hacker to crack or have access to the internals of the program.
Any cracker will lose the interest to crack any program that our obfuscation mechanism is applied on. This is
because the sight of the program code after been obfuscated is mangled that it does not follow the normal
chronological order of writing a program neither does it look like any other program seen around.
The technique involves lexical, control and data transformations. Lexical transformations alter the actual source
code, such as C code. This transforms the original source code into a lexically equivalent form by mangling
names and scrambling identifiers. Such transformations make it a daunting task to reverse engineer a program.
Control transformations alter the control flow of the program by changing branch targets to an ambiguous state.
The code for the program is shuffled such that the original branch targets are no longer correct. During this
shuffling, the new targets are calculated, and code is inserted in place of the old branch instruction to acquire its
new target address. Data transformations rearrange data structures such that they are not contiguous. Data can be
transformed all the way down to the bit level.
Our obfuscation mechanism utilizes an algorithm for the obfuscation of the serial number generation code
segment and the other code segment. The pseudo code is written below:
Pseudo code 1: Obfuscation Mechanism
[1] Set string literals to array of numbers
[2] Extract integer address of the array
[3] Add index variable to the arguments list of a recursive function
[4] Extract 3 lower case l's out of the array and insert a Boolean statement
[5] IF the index variable is at the proper position of the array THEN
[6] print 'l'
[7] END IF
5. Source Code Obfuscation: A Technique For…
www.ijesi.org 5 | Page
[8] Add a second index to keep track of l's that is printed
[9] Subtract the number from the index variable to access the real array element
[10] Shift around the location of the conditional operators
[11] WHILE switching some of the integers for character literals
[12] RENAME a few of the variables
[13] END WHILE
[14] RENAME functions to something similar to variable names
[15] GET RID of all unnecessary argument type specifiers
[16] MANIPULATE the formatting to obscure the flow of conditional operators and mask distribution
between function name and main
Our obfuscation mechanism utilizes an algorithm for the obfuscation of the serial number generation code
segment and the other code segment. This is shown in algorithm 1.
Algorithm 1: Obfuscation Mechanism
[1] Init sl = strings[ ]
[2] Init ia = address of sl
[3] Init al = argument list of recursive function
[4] FOR x = 1 to length of al
[5] al = al + sl[x]
[6] END FOR
[7] Insert 3 lower case l's into a Boolean statement
[8] FOR x = 1 to length of al
[9] IF x is at the proper position of sl, then
[10] print 'l'
[11] END IF
[12] Init al[x+1] = printed "l"
[13] SUBTRACT n from x to get element of sl
[14] SWAP conditional operators
[15] WHILE (Swapping between integers and characters)
[16] RENAME variables
[17] END WHILE
[18] END FOR
[19] RENAME functions to look like variable names
[20] ELIMINATE argument type specifiers
IV. RESULTS AND DISCUSSIONS
We cracked software (crackme.exe) that has a serial key authentication attribute. We want to attempt to
use the same cracking rules to crack the hybridized self - modifying mechanism. In doing this, we will have
some program generated outputs to show the results as we undergo the cracking processes. The hybridized self -
modifying code is compiled and the executable named ObfusSec.exe is generated at compilation time. We start
by running the source code to check the serial number parameters. Figure 4 shows the assembly language
representation of the source code used for implementing this work. The figure shows the offset location of the
jmp call. When the crackme.exe is run, it usually prompt the user to enter a serial number.
Fig. 4: Hiew displaying the Offset location of the jmp call
6. Source Code Obfuscation: A Technique For…
www.ijesi.org 6 | Page
In Figure 5, the C++ source code of our model is opened using the Code::Blocks 13.12 IDE. We run the code
and observed the behavior it displays. The resulting code is not readable and shows that the code has been
obfuscated and converted to the form that is difficult to understand by someone intending to crack the code.
Fig. 5: The source code of ObfusSec.exe
In Figure 6, the C++ source code of our model is built and compiled. Then, a screen display showing an
authentication scheme pops up. You are required to enter your key. If a wrong key is entered, it will display
“invalid” showing that the key is not the correct one. This way the software cannot be cracked. However, if a
key different from the correct key is entered and the word “invalid” is not displayed, it means that the code has
been cracked.
Fig. 6: Screen display to enter key
Fig. 7: Screen display showing the text string "Invalid Key, please try again"
7. Source Code Obfuscation: A Technique For…
www.ijesi.org 7 | Page
In Figure 7, we opened our executable file, created by running our C++ source code, in the Hacker's
Disassembler. We then searched for the text string "Invalid Key, please try again". We discovered that the text
string cannot be found in the executable file. The reason for this is because the serial number authentication
scheme has been encrypted and obfuscated. So the text string can never be seen by the cracking tool. This means
that the executable file cannot be cracked since every cracking process requires that you should search for the
displayed text strings after entering the wrong serials before cracking can take place. Without detecting the text
string generated by entering the wrong key, we cannot know the offset address of the jump call required for
modification of the executable to take place. This means our hybridized self - modifying mechanism cannot be
cracked. Thus the wrong key is typed and the text strings "Invalid key, you may need to try again" is shown on
the screen display. This text string is very important to us because we need it to commence our cracking
processes. We have to search for the text string " Invalid key, you may need to try again " using the search
button at the top of the dialogue box in the Hacker's Disassembler. If we can locate the text string in the hacker's
disassembler, then we can proceed with the cracking processes.
V. CONCLUSION
Security is a very crucial aspect of computer science and it plays a major role in the advancement of
Information Technology especially with the growing use of computer software for e – commerce, e – banking
and for governance in all areas of life where national security is a very critical issue. It is therefore relevant to
study this area with increased efforts so that software produced and made - available for the general public can
be more secured and reduce the possibilities of being attacked by crackers or hackers. In this paper, we used
source code obfuscation technique to checkmate software reverse engineering which is one of the techniques
hackers often used to crack software. Using this technique, the original code is mangled such that the resultant
code, the obfuscated code, is difficult to analyze by the hackers, although; the code retains its originality. We
discovered that the text string cannot be found in the executable file. The reason for this is because the serial
number authentication scheme has been encrypted and obfuscated. So the text string can never be seen by the
cracking tool. This means that the executable file cannot be cracked since every cracking process requires that
you should search for the displayed text strings after entering the wrong serials before cracking can take place.
Without detecting the text string generated by entering the wrong key, we cannot know the offset address of the
jump call required for modification of the executable to take place. This means our hybridized self - modifying
mechanism cannot be cracked.
REFERENCES
[1] Boldewin, F. (2012). The Big SoftICEHow-to.
http://www.reconstructer.org/papers/The%20big%20SoftICE% 20howto.pdf (consulted on February
10, 2012).
[2] Chikofsky, E. and Cross, J. (1990). Reverse Engineering and Design Recovery: A Taxonomy’, IEEE
Software, Vol. 7, pp. 13–17.
[3] Cifuentes, C., and Gough, K. (1995). Decompiling Of Binary Programs. Software – Practice &
Experience, Vol. 25, No 7, pp. 811–829.
[4] Collberg, C. and Thomborson, C. (2002). Watermarking, Tamper-Proofing, And Obfuscation - Tools
for Software Protection, IEEE Transactions on Software Engineering, Vol. 28, Issue: 8, pp. 735 – 746.
[5] Data Rescue. IDA Pro (2012), http://www.datarescue.com/idabase/ Accessed February 10, 2012.
[6] Gopal, R. and Snaders, G. (1998). International Software Piracy: Analysis of Key Issues and Impacts.
Info. Sys. Research, Vol. 9, No. 4, pp. 380-397.
[7] Jain, A., Jason, K., Jordan, S. and Brian, T. (2007). Software Cracking,
http://courses.ece.ubc.ca/412/previous_years/2007_1_spring/modules/term_project/reports/2007/softwa
re_cracking.pdf, Accessed August 5, 2013.
[8] Jakobsson, M. and Reiter, M. (2002). Discouraging Software Piracy Using Software Aging, Proc. 1st
ACM Workshop on Digital Rights Management (DRM 2001), Springer LNCS 2320, pp.1–12.
[9] Kammerstetter, M., Platzer, C. and Wondracek, G. (2012). Vanity, Cracks and Malware: Insights into
the Anti-Copy Protection Ecosystem, Proceedings of The 2012 ACM Conference On Computer And
Communications Security, pp. 809-820.
[10] Kini, R., Rominger, A. and Vijayaraman, B. (2000). An Empirical Study of Software Piracy and Moral
Intensity Among University Students. The Journal of Computer Information Systems, Vol. 40, pp. 62-
72.
[11] Krügel, C., Robertson, W., Valeur, F. and Vigna, G. (2004). Static Disassembly of Obfuscated
Binaries. In USENIX Security Symposium, pp. 255–270.
8. Source Code Obfuscation: A Technique For…
www.ijesi.org 8 | Page
[12] Linn, C. and Debray, S. (2003). Obfuscation of Executable Code To Improve Resistance To Static
Disassembly. In S. Jajodia, V. Atluri, And T. Jaeger, Editors, ACM Conference on Computer and
Communications Security, pp. 290–299.
[13] Madou, M., Anckaert, B., Moseley, P., Debray, S., De Sutter, B. and De Bosschere, K. (2005).
Software Protection Through Dynamic Code Mutation, WISA '05 Proceedings of the 6th
international conference on Information Security Applications, pp. 194-206.
[14] Madou, M., Anckaert, B., De Sutter, B. and De Bosschere, K. (2005). Hybrid Static dynamic Attacks
Against Software Protection Mechanisms. In R. Safavi-Naini And M. Yung, Editors, Digital Rights
Management Workshop, pp. 75–82.
[15] Proebsting, T. and Watterson, S. (1997). Krakatoa: Decompilation In Java (Does Bytecode Reveal
Source?). In COOTS, pp. 185–198.USENIX.
[16] Schwarz, B., Debray, S. and Andrews, G. (2002). Disassembly Of Executable Code Revisited. In A.
Van Deursenand E. Burd, Editors, WCRE, IEEE Computer Society, pp. 45–54.
[17] Stallman, R., Pesch, R. and Shebs, S. (2010), Debugging With gdb: The GNU Source-Level Debugger.
Appendix: The Obfuscated version of the C++ code
// ObfusSec.cpp
#include <stdlib.h>
#include <stdio.h>
#include <iostream>
#include<iostream>
#include<fstream>
#include <iomanip>
#include <sstream>
#include <windows.h>
#define O int
#define __OxCXs return
#define O_Ox__ }
#define __O_ {
#define Ax0xBEGIN void
#define _O_ Ax0xBEGIN
#define _C_ char
#define OxcC_ _C_
#define OxK__0x654hu string
#define _010011101 bool
#define oxFEABD if
#define o0Oo while
#define o0 cout
typedef unsigned __int64 uint64_t;
using namespace std;OxK__0x654hu Ox11(ifstream&);
OxK__0x654hu _0010();
OxK__0x654hu _O__(OxK__0x654hu toEncrypt);
class HashInfo
__O_ OxcC_ hashval[100];OxcC_ configHash[100];O run_state;OxcC_ appkey[20];
public:Ax0xBEGIN setHashVal(OxK__0x654hu);OxcC_* getHashVal();Ax0xBEGIN setState(O);
O getState();Ax0xBEGIN setConfigHash(OxK__0x654hu);OxcC_* getConfigHash();
Ax0xBEGIN setAppKey(OxK__0x654hu);OxcC_* getAppKey();O_Ox__;
Ax0xBEGIN HashInfo :: setHashVal(OxK__0x654hu hashv)__O_ strncpy(hashval, hashv.c_str(),
sizeof(hashval));hashval[sizeof(hashval) - 1] = 0;}Ax0xBEGIN HashInfo :: setState(O state)
__O_ run_state = state;}O HashInfo :: getState()__O_ __OxCXs run_state;O_Ox__
OxcC_* HashInfo :: getHashVal()__O_ __OxCXs hashval;O_Ox__
Ax0xBEGIN HashInfo :: setConfigHash(OxK__0x654hu hashv)
__O_ strncpy(configHash, hashv.c_str(), sizeof(configHash));configHash[sizeof(configHash) - 1] = 0;O_Ox__
OxcC_* HashInfo :: getConfigHash()__O_ __OxCXs configHash;O_Ox__
Ax0xBEGIN HashInfo :: setAppKey(OxK__0x654hu key)__O_ strncpy(appkey, key.c_str(),
sizeof(appkey));appkey[sizeof(appkey) - 1] = 0;O_Ox__
OxcC_* HashInfo :: getAppKey()__O_ __OxCXs appkey;O_Ox__