recovering clear natural identifiers from obfuscated
play

Recovering Clear, Natural Identifiers from Obfuscated (JavaScript) - PowerPoint PPT Presentation

Nov 25, 2022 •484 likes •1.11k views

Bogdan Vasilescu Casey Casalnuovo Prem Devanbu (CMU, ISR) (UCDavis) (UCDavis) @b_vasilescu @devanbu Recovering Clear, Natural Identifiers from Obfuscated (JavaScript) Names @b_vasilescu Today var geom2d = function() { var t =

  1. Bogdan Vasilescu Casey Casalnuovo Prem Devanbu (CMU, ISR) (UCDavis) (UCDavis) @b_vasilescu @devanbu Recovering Clear, Natural Identifiers from Obfuscated (JavaScript) Names

  2. @b_vasilescu Today var geom2d = function() { var t = numeric.sum; function r(n, r) { this.x = n; this.y = r; } u(r, { P: function e(n) { return t([ this.x * n.x, this.y * n.y ]); } }); function u(n, r) { for (var t in r) n[t] = r[t]; return n; } return { V: r }; }();

  3. @b_vasilescu Today var geom2d = function() { var t = numeric.sum; function r(n, r) { this.x = n; this.y = r; } u(r, { P: function e(n) { return t([ this.x * n.x, this.y * n.y ]); } }); function u(n, r) { for (var t in r) n[t] = r[t]; return n; } return { V: r }; }();

  4. @b_vasilescu Today Data-driven method + tool var geom2d = function() { var geom2d = function() { var t = numeric.sum; var sum = numeric.sum; function r(n, r) { function Vector2d(x, y) { this.x = n; this.x = x; this.y = r; this.y = y; } } u(r, { mix(Vector2d, { P: function e(n) { P: function dotProduct(vector) { return t([ this.x * n.x, return sum([ this.x * vector.x, this.y * n.y ]); this.y * vector.y ]); } } }); }); function u(n, r) { function mix(dest, src) { for (var t in r) n[t] = r[t]; for (var k in src) dest[k] = src[k]; return n; return dest; } } return { return { V: r V: Vector2d }; }; }(); }();

  5. @b_vasilescu Why? • Programs are (also) written to be read “ Instead of imagining that our main task is to instruct a computer what to do, let us concentrate rather on explaining to human beings what we want a computer to do .” [Don Knuth]

  6. @b_vasilescu Why? • Programs are (also) written to be read • Well-chosen variable names are critical to source code readability , reusability , maintainability • Example tasks: reverse engineering binaries • reverse engineering obfuscated JavaScript • consistent styling in large, distributed teams •

  7. @b_vasilescu Why? • Programs are (also) written to be read • Well-chosen variable names are critical to source code readability , reusability , maintainability • Example tasks: reverse engineering binaries • reverse engineering obfuscated JavaScript • consistent styling in large, distributed teams •

  8. @b_vasilescu Why? • Programs are (also) written to be read • Well-chosen variable names are critical to source � � � code readability , reusability , maintainability [many] • Example tasks: reverse engineering binaries • reverse engineering obfuscated JavaScript • consistent styling in large, distributed teams • Martin Vechev, “Probabilistic Learning From Big Code”. Keynote at ISSTA 2016

  9. Key ingredient • The “ naturalness ” of software [Hindle et al, 2011]

  10. Natural languages are complex Hmmmm….

  11. Natural languages are complex Tiger, Tiger 
 burning bright In the forests of the night What immortal hand or eye, Could frame thy fearful symmetry?

  12. ..but most utterances are simple & repetitive TIGER!! 
 RUN!!!

  13. English, த�� , German Can be Rich, Powerful, Expressive

  14. English, த�� , German Can be Rich, Powerful, Expressive ..but “in nature” is mostly Simple, Repetitive, Boring

  15. English, த�� , German Can be Rich, Powerful, Expressive ..but “in nature” is mostly Simple, Repetitive, Boring Statistical Models

  16. English, த�� , German Can be Rich, Powerful, Expressive ..but “in nature” is mostly Simple, Repetitive, Boring Statistical Models

  17. The “naturalness of software” thesis Programming Languages are complex... ...but Natural Programs are simple & repetitive. and this, too, CAN BE EXPLOITED!! [Hindle et al, 2011]

  19. .org Variable Name Autonym Guesser (AUTONYM)

  20. .org Variable Name Autonym Guesser (AUTONYM) Minified 
 Source Code function u(n, r) { for (var t in r) n[t] = r[t]; return n; }

  21. .org Variable Name Autonym Guesser (AUTONYM) Un-Minified 
 Minified 
 Source Code Source Code function u(n, r) { function mix(dest, src) { for (var t in r) n[t] = r[t]; for (var k in src) dest[k] = src[k]; return n; return dest; } }

  22. .org Autonym Pre- Post- Moses SMT processing processing Un-Minified 
 Minified 
 Source Code Source Code

  23. .org Autonym Pre- Post- Moses SMT processing processing What’s the relevance of Machine Translation?

  24. Noisy channel translation model

  25. Noisy channel translation model

  26. Noisy channel translation model distorted message

  27. Noisy channel translation model channel model distorted message

  28. Noisy channel translation model channel model language model distorted message

  29. Noisy channel translation model channel model language model distorted message Goal: recover p ( e )

  30. Noisy channel translation model channel model language model distorted message Goal: recover p ( e )

  31. Noisy channel translation model channel model language model distorted message Goal: recover p ( e ) s e y a m B e r o e h t (for a given )

  32. Noisy channel translation model channel model language model distorted message Goal: recover p ( e ) Translation Language (channel distortion) model model

  33. Translating French ( ) to English ( ) Translation model Language model

  34. Translating French ( ) to English ( ) Translation model Aligned French-English Corpus Language model

  35. Translating French ( ) to English ( ) Translation model Aligned French-English Corpus Language model English Corpus

  36. Translating French ( ) to English ( ) Translation model Aligned French-English Corpus Language model English Corpus

  37. Translating minified ( ) to clear JS ( ) Translation model Aligned Clear-Minified 
 Code Corpus Language model Clear Code Corpus

  38. Translating minified ( ) to clear JS ( ) GitHub + minifier Translation model Aligned Clear-Minified 
 Code Corpus Language model Clear Code Corpus

  39. Alignment EN: I know what you named your identifiers! Natural language: non-trivial alignment Reordering • NL: Ik weet wat je je ID's genoemd! Different length • Dropped words •

  40. Alignment EN: I know what you named your identifiers! Natural language: non-trivial alignment Reordering • NL: Ik weet wat je je ID's genoemd! Different length • Dropped words •

  41. Alignment EN: I know what you named your identifiers! Natural language: non-trivial alignment Reordering • NL: Ik weet wat je je ID's genoemd! Different length • Dropped words • function u(n, r) { function mix(dest, src){

  42. Alignment EN: I know what you named your identifiers! Natural language: non-trivial alignment Reordering • NL: Ik weet wat je je ID's genoemd! Different length • Dropped words • function u(n, r) { Minification: straightforward alignment function mix(dest, src){

  43. Complications ? function r (n, r ) { for (var t in r ) n[t] = r [t]; return n; }

  44. Complications function r (n, r ) { for (var t in r ) n[t] = r [t]; return n; }

  45. Complications function r (n, r ) { for (var t in r ) n[t] = r [t]; return n; }

  46. Complications Autonym function r (n, r ) { for (var t in r ) n[t] = r [t]; return n; }

  47. Complications (1) Overloading Autonym function r (n, r ) { function mix (dest, src ) { for (var t in r ) n[t] = r [t]; return n; } }

  48. Complications (1) Overloading Scope Autonym analysis function r (n, r ) { function mix (dest, src ) { for (var t in r ) n[t] = r [t]; return n; } }

  49. Complications (Sentence-by-sentence translation) (2) Consistency Autonym function r (n, r ) { function mix (dest, src ) { for (var t in r ) n[t] = r [t]; for (var k in list ) dest[k] = list [k]; return n; return dest; } }

  50. Complications (Sentence-by-sentence translation) (2) Consistency Language model Autonym scoring function r (n, r ) { function mix (dest, src ) { for (var t in r ) n[t] = r [t]; for (var k in list ) dest[k] = list [k]; return n; return dest; } } Translation Idea : try all, let language model model decide which is more natural, on average, across ALL lines Language model

  51. Evaluation • Held-out test set: 2,149 files • Comparison to JSNice [Raychev et al, 2015] • Metric: % names recovered

  52. Evaluation • Held-out test set: 2,149 files • Comparison to JSNice [Raychev et al, 2015] • Metric: % names recovered • Global vs. local names (globals don’t change) var geom2d = function() { var geom2d = function() { var t = numeric.sum; var sum = numeric.sum; function r(n, r) { function Vector2d(x, y) { this.x = n; this.x = x; this.y = r; this.y = y; } } ... ...

  53. % names recovered (2,149 test files) Global Local 1.00 % names recovered − 2149 files 0.75 0.50 0.25 0.00 ym (Local) ym (All) JSNice (Local) JSNice (All) JSNaughty (Local) JSNice Autonym

  54. Joining forces 1.00 0.75 JSNice File Accuracy Frequency 60 0.50 40 20 0.25 0.00 0.00 0.25 0.50 0.75 1.00 Autonym File Accuracy

  55. Becoming JSNaughty Autonym Pre- Post- Moses SMT processing processing

  56. Becoming JSNaughty Autonym Pre- Post- Moses SMT processing processing JSNice

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Recovering natural history designata in the Northeast: interdisciplinary efforts in ecological

Recovering natural history designata in the Northeast: interdisciplinary efforts in ecological

Recovering natural history designata in the Northeast: interdisciplinary efforts in ecological linguistics Conor McDonough Quinn* and Arthur Haines** University of Maine-Orono*, Delta Institute of Natural History**

483 views • 47 slides
Using DNS for Mapping Using DNS for Mapping Host Identifiers to Locators Host Identifiers to

Using DNS for Mapping Using DNS for Mapping Host Identifiers to Locators Host Identifiers to

Using DNS for Mapping Using DNS for Mapping Host Identifiers to Locators Host Identifiers to Locators Oleg Ponomarev 24 March 2009 IETF74, San Francisco OUTLINE OUTLINE Current situation Storage conventions Usage HOST IDENTITY

225 views • 18 slides
Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on

Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on

SMT Attack : Next Generation Attack on Obfuscated Circuits with Capabilities and Performance Beyond the SAT Attacks Conference on Cryptographic Hardware and Embedded Systems 2019 ( CHES 2019 ) Kimia Zamiri Azar , Hadi Mardani Kamali, Houman

701 views • 69 slides
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Anish Athalye* 1 , Nicholas Carlini * 2 , and David Wagner 3 1 Massachusetts Institute of Technology 2 University of California, Berkeley (now

540 views • 50 slides
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Anish Athalye* 1 , Nicholas Carlini * 2 , and David Wagner 3 1 Massachusetts Institute of Technology 2 University of California, Berkeley (now

1.13k views • 67 slides
The Internet and Identifiers Paul V. Mockapetris Sigcomm 2005 8/23/2005 What are Todays

The Internet and Identifiers Paul V. Mockapetris Sigcomm 2005 8/23/2005 What are Todays

The Internet and Identifiers Paul V. Mockapetris Sigcomm 2005 8/23/2005 What are Todays Digital Identifiers? Conventions associating one piece of data to another www.nominum.com to see web page Anna Kournikova into

718 views • 49 slides
Non-Obfuscated Yet Unprovable Programs John Case Michael Ralston Computer and Information

Non-Obfuscated Yet Unprovable Programs John Case Michael Ralston Computer and Information

Non-Obfuscated Yet Unprovable Programs John Case Michael Ralston Computer and Information Sciences Department University of Delaware Newark, DE 19716 USA Email: { case , mralston } @udel.edu Revision of Talk at Asian Logic Conference 2011

682 views • 41 slides
Normalizing Resource Identifiers using Lexicons in the Global Change Information System Linking

Normalizing Resource Identifiers using Lexicons in the Global Change Information System Linking

Normalizing Resource Identifiers using Lexicons in the Global Change Information System Linking Earth Science Identifiers, Concepts, and Communities Brian Duggan 13 , Curt Tilmes 2 , Steven Aulenbach 13 , Robert E. Wolfe 12 , Justin C. Goldstein

480 views • 28 slides
Toward Automated Forensic Analysis of Obfuscated Malware Ryan J. Farley George Mason University

Toward Automated Forensic Analysis of Obfuscated Malware Ryan J. Farley George Mason University

Toward Automated Forensic Analysis of Obfuscated Malware Ryan J. Farley George Mason University Department of Computer Science Committee: Xinyuan Wang, Hakan Aydin, Songqing Chen, Brian Mark Where Innovation Is Tradition April 24, 2015

611 views • 59 slides
Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2),

Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2),

Context-Sensitive Analysis of Obfuscated x86 Executables Arun Lakhotia(1), Davidson Boccardo(2), Anshuman Singh(1), and Aleardo Manacero Jr.(2) (1)University of Louisiana at Lafayette, USA (2)Paulista State University (UNESP), Brazil PEPM 2010

309 views • 29 slides
Natural Gas in High Horsepower Engine Applications Westport Innovations Dale Goudie, PEng

Natural Gas in High Horsepower Engine Applications Westport Innovations Dale Goudie, PEng

The global leader in natural gas engines. Our products Our products to keep to keep work here work here this clear. this clear. Natural Gas in High Horsepower Engine Applications Westport Innovations Dale Goudie, PEng

566 views • 23 slides
Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique

Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique

Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique Identifiers Who cares? What are we talking about? Where are they? Laptops & Desktops Peripherals Smartphones Why

358 views • 19 slides
Is the ozone layer Is the ozone layer recovering ? recovering ? Johannes Staehelin Institute

Is the ozone layer Is the ozone layer recovering ? recovering ? Johannes Staehelin Institute

Is the ozone layer Is the ozone layer recovering ? recovering ? Johannes Staehelin Institute for Atmospheric and Climate Institute for Atmospheric and Climate Science (IACETH), Swiss Federal Institute of Technology Zrich (ETHZ) gy ( )

509 views • 27 slides
Correlating GSM and 802.11 Hardware Identifiers LCDR Jeremy Martin, LT Danny Rhame, Dr. Robert

Correlating GSM and 802.11 Hardware Identifiers LCDR Jeremy Martin, LT Danny Rhame, Dr. Robert

Correlating GSM and 802.11 Hardware Identifiers LCDR Jeremy Martin, LT Danny Rhame, Dr. Robert Beverly, and Dr. John McEachen Naval Postgraduate School 2 Correlating GSM and 802.11 Hardware Identifiers Determine the feasibility of

741 views • 25 slides
Unintended Conseqences Obfuscated Attacks on TLDs Eberhard W Lisse & Alejandra Reynoso

Unintended Conseqences Obfuscated Attacks on TLDs Eberhard W Lisse & Alejandra Reynoso

Unintended Conseqences Obfuscated Attacks on TLDs Eberhard W Lisse & Alejandra Reynoso Namibian Network Information Center & Universidad del Valle de Guatemala 2017-06-26 Lisse & Reynoso (Johannesburg) Unintended Conseqences

202 views • 19 slides
Toward Mining Concept Keywords from Identifiers in Large Software Projects Masaru Ohba

Toward Mining Concept Keywords from Identifiers in Large Software Projects Masaru Ohba

Toward Mining Concept Keywords from Identifiers in Large Software Projects Masaru Ohba and Katsuhiko Gondow Tokyo Institute of Technology What are concept keywords? Most programmers try to name identifiers meaningfully.

160 views • 4 slides
Wiimote Interfaces for Lifelong Robotic Learning Micah Lapping Carr Chad Jenkins, Daniel

Wiimote Interfaces for Lifelong Robotic Learning Micah Lapping Carr Chad Jenkins, Daniel

Wiimote Interfaces for Lifelong Robotic Learning Micah Lapping Carr Chad Jenkins, Daniel Grollman, Jonas Schwertfeger, Theodora Hinkle Robotics, Learning, and Autonomy at Brown (RLAB) Micah Lapping Carr Wiimote Interfaces 1 5/4/08

619 views • 17 slides
Time Domain Lapped Transforms for Video Coding draft-egge-netvc-tdlt-00 Nathan Egge IETF 93

Time Domain Lapped Transforms for Video Coding draft-egge-netvc-tdlt-00 Nathan Egge IETF 93

Time Domain Lapped Transforms for Video Coding draft-egge-netvc-tdlt-00 Nathan Egge IETF 93 Prague 2015 July 22 Lapped Transforms Originally proposed for video in 1989 by Malvar [1]. n -point prefilter applied along block

251 views • 11 slides
SFU NatLangLab Bootstrapping via Graph Propagation Max Whitney Anoop Sarkar Simon Fraser

SFU NatLangLab Bootstrapping via Graph Propagation Max Whitney Anoop Sarkar Simon Fraser

SFU NatLangLab Bootstrapping via Graph Propagation Max Whitney Anoop Sarkar Simon Fraser University Natural Language Laboratory http://natlang.cs.sfu.ca Bootstrapping Semi-supervised (vs supervised) Single domain (vs domain

1.58k views • 155 slides
SECOND - HALF 10 18 8

SECOND - HALF 10 18 8

8 P RE - CLASS PRACTICE OF COURSE -5 T HE SECOND - HALF 10 18 8

169 views • 5 slides
On the Correctness of Bubbling Sergio Antoy Portland State University RTA06, Seattle, WA,

On the Correctness of Bubbling Sergio Antoy Portland State University RTA06, Seattle, WA,

On the Correctness of Bubbling Sergio Antoy Portland State University RTA06, Seattle, WA, August 11, 2006 Joint work with Daniel Brown and Su-Hui Chiang Partially supported by the NSF grant CCR-0218224 Introduction Non-determinism

545 views • 19 slides
Distributed Shared Memory 1 Distributed Shared Memory Making the main memory of a cluster of

Distributed Shared Memory 1 Distributed Shared Memory Making the main memory of a cluster of

Chapter 9 Distributed Shared Memory 1 Distributed Shared Memory Making the main memory of a cluster of computers look as though it is a single memory with a single address space. Then can use shared memory programming techniques. 2 DSM

754 views • 51 slides
120 Wafer lapping, in addition to removing the bow and taper, the first process would also do a

120 Wafer lapping, in addition to removing the bow and taper, the first process would also do a

The cross section of the ingot perpendicular to the axis is not perfectly circular. But we need circular wafers. So the ingot is ground to get a circular cross section. Subsequently wafers are sliced from the ingot using a wire saw. All the wafers

431 views • 8 slides
Software Development: Tools and Processes Lecture -2: Basic concepts 1 The Software Engineering

Software Development: Tools and Processes Lecture -2: Basic concepts 1 The Software Engineering

Software Development: Tools and Processes Lecture -2: Basic concepts 1 The Software Engineering Crisis Nearly 1/3 of information technology (computer and software) projects were cancelled before completion Average overrun of project

376 views • 26 slides

More recommend