five

Evaluating the Resilience of Obfuscated Code Against LLM-based Function Name Recovery in MATE Attacks

收藏
Zenodo2025-12-18 更新2026-05-26 收录
下载链接:
https://zenodo.org/doi/10.5281/zenodo.17037974
下载链接
链接失效反馈
官方服务:
资源简介:
This repository serves as the online appendix for the paper "Evaluating the Resilience of Obfuscated Code Against LLM-based Function Name Recovery in MATE Attacks".   Abstract In recent years, improvements in decompilers and large language models (LLMs) have made it possible to use powerful techniques for analyzing software binaries, including automated function name recovery.Such powerful binary analysis techniques can be exploited for Man-At-The-End (MATE) attacks, posing a serious threat to the software ecosystem.To protect software against MATE attacks, software obfuscation is widely used.However, it is not clear how effectively code obfuscation can prevent LLM-based MATE attacks, and thus a method for evaluating the resilience of obfuscated code against such attacks is required.This paper proposes a framework for evaluating the resilience of obfuscated code against LLM-based function name recovery MATE attacks.To construct the framework, resilience against the LLM-based function name recovery attack is characterized.The resilience is defined based on the morphological or semantic similarity between the original function name and the recovered function names.In the experiment, the resilience of five well-known obfuscation methods against LLM-based function name recovery attacks (i.e., how effectively these obfuscation methods prevent the prediction of appropriate function names) using the Gemma3-27B-IT, gpt-oss-20b, and llama-4-scout-17b-16e-instruct LLM general-purpose models is evaluated.The results reveal that the obfuscation method based on code virtualization has the highest resilience, while the method based on encoding arithmetic has the lowest resilience.In addition, the resilience of some obfuscation methods varies depending on the model.Furthermore, the analysis of high-resilience obfuscated code indicates that LLM-recovered function names for functions evaluated as high resilience are relatively less related to the implementation of the original functions.This paper makes two contributions: the development of a framework for evaluating the resilience of obfuscated code against LLM-based function name recovery MATE attacks, and an experimental evaluation of the resilience of existing obfuscation methods against such attacks.
提供机构:
Zenodo
创建时间:
2025-12-18
二维码
社区交流群
二维码
科研交流群
商业服务