Introduction

The invention is able to identify with great accuracy the software binary areas that have been previously protected, along with the specific technique used to do so. Since software assets are tipically protected, the invention can be employed to evaluate the visibility of such assets to potential attackers and thus carry on self-evaluation activities on the reached level of protection for the target application.

Technical features

Various software protection techniques are typically applied to commercial applications, in order to safeguard the contained IP against reverse engineering attacks. Such protections have the side-effect of leaving noticeable patterns in the protected application binary code. Our invention can automatically detect such patterns, thus identifying the protected binary code areas, along with the employed protection technique. The invention automatically encodes the target binary code as a sequence of multi-dimensional arrays, suitable for analysis by a set of ad-hoc neural networks for sequence modelling (LSTMs and Transformers). By using our invention, cybersecurity practitioners can obtain a fast and reliable assessment of the effort needed by a potential attacker, analyzing the target binary, to recognize the protected areas, thus locating the valuable assets in the application.

Possible Applications

• Protection of existing applications;
• Development of secure software;
• Malware analysis;
• Development of new software protection techniques.

Advantages

• High detection accuracy;
• Detection of protected areas with instruction-level granularity;
• Fast execution;
• Hardware independent;
• Easily extensible to identify any kind of pattern in binary code.