In this paper, we analyse the effectiveness of combining obfuscation and metamorphism techniques to evade antivirus detection and protect intellectual property. We do so by introducing a new framework called VMORPH, which utilises jointly emulation and metamorphic techniques to thwart attempts at reconstructing the application’s behaviour and accessing internal details or secrets. We assess the performance of VMORPH to determine its suitability for safeguarding the intellectual property of the application. The findings indicate a decrease in performance, which is still acceptable for securing applications. Additionally, we investigate the stealth capabilities of the proposed technique, which enhances its ability to bypass common static analysis techniques. Based on the results, we also suggest detection techniques that can be employed to mitigate the risk that this technique is used to evade antivirus detection.
Caliandro, P., Ciccaglione, M., Pepe, A., Bianchi, G., Pellegrini, A. (2025). VMorph: A Virtualization/Metamorphic Framework for Binary Obfuscation and Intellectual Property Protection. In ITASEC & SERICS 2025: Joint National Conference on Cybersecurity 2025. Aachen : CEUR-WS.
VMorph: A Virtualization/Metamorphic Framework for Binary Obfuscation and Intellectual Property Protection
Caliandro, P;Ciccaglione, M;Bianchi, G.;Pellegrini, A
2025-01-01
Abstract
In this paper, we analyse the effectiveness of combining obfuscation and metamorphism techniques to evade antivirus detection and protect intellectual property. We do so by introducing a new framework called VMORPH, which utilises jointly emulation and metamorphic techniques to thwart attempts at reconstructing the application’s behaviour and accessing internal details or secrets. We assess the performance of VMORPH to determine its suitability for safeguarding the intellectual property of the application. The findings indicate a decrease in performance, which is still acceptable for securing applications. Additionally, we investigate the stealth capabilities of the proposed technique, which enhances its ability to bypass common static analysis techniques. Based on the results, we also suggest detection techniques that can be employed to mitigate the risk that this technique is used to evade antivirus detection.| File | Dimensione | Formato | |
|---|---|---|---|
|
Cal25.pdf
accesso aperto
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
756.69 kB
Formato
Adobe PDF
|
756.69 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
