MBA (mixed boolean and arithmetic) expressions are hard to simplify, so used for malware obfuscation to hinder analysts' diagnosis. Some MBA simplification methods with high performance have been developed, but they narrowed the target to "linear" MBA expressions, which allows efficient solutions based on logic/term-rewriting. However such restrictions are not appropriate for general forms of MBA expressions usually appearing in malware. To overcome this limitation, we introduce a "semi-linear" MBA expression, a new class of MBA expression extended from a linear MBA expression, and propose a new MBA simplifier called "SSLEM", based on a simplification idea of semi-linear MBA expressions and program synthesis
翻译:MBA(混合布丁和算术) 表达方式难以简化,因此用于恶意模糊模糊,妨碍分析师诊断。已经开发了一些高性能的 MBA 简化方法,但将目标缩小到“线性” MBA 表达方式,允许基于逻辑/定期改写的有效解决方案。然而,这种限制不适用于通常在恶意软件中出现的 MBA 表达形式的一般形式。为了克服这一限制,我们引入了“半线性” MBA 表达方式,这是从线性 MBA 表达方式延伸的一个新的 MBA 表达方式,并基于半线性 MBA 表达方式和程序合成的简化想法,提出了一个新的 MBA 简化词“SSLEM ” 。