政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/124196
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113822/144841 (79%)
Visitors : 51769777      Online Users : 563
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/124196


    Title: 以虛擬化混淆轉換來落實 Python 程式的安全式機器學習
    Secure machine learning through virtualization obfuscation of Python code
    Authors: 邱怡翔
    CHIU, YI-HSIANG
    Contributors: 胡毓忠
    Hu, Yuh-Jong
    邱怡翔
    CHIU, YI-HSIANG
    Keywords: 程式碼混淆
    虛擬化混淆轉換
    安全式機器學習
    Code obfuscation
    Virtualization obfuscation
    Secure machine learning
    Date: 2019
    Issue Date: 2019-07-01 10:59:22 (UTC+8)
    Abstract: 借助機器學習的能力人們可以從資料裡得到許多有用的資訊。當有巨量分析需求的資料時經常以向公有雲平台提供者租用運算資源來進行叢集運算作為處理方式。然而在公有雲進行運算意味著不可信任性,程式資訊有洩漏的可能性。本研究以保護 Python 程式語言撰寫的程式為目的設計程式碼混淆轉換工具,其利用虛擬化混淆演算法作為主要轉換方式來修改程式,轉換後的程式達成程序抽象化,確保模型在訓練及預測階段的運算方式無法被輕易得知。此外,本研究應用簡單化混淆來改寫虛擬化混淆轉換中,直譯器的運作方式來阻饒攻擊者進行靜態及動態的程式分析。在轉換效果評估上,本研究以 Kaggle 預測鐵達尼號事件存亡的競賽資料集準備機器學習程式。機器學習程式在虛擬化轉換後,控制流程被全面地改寫並且使軟體複雜度大幅提高,而這也將使程式執行時間增加 43 到 70 倍。
    With the power of machine learning, people can get a lot of useful information from the data. When there is a huge amount of data for analyzing, the cluster computing operation is often carried out by renting computing resources, which is offered by the public cloud platform provider. However, computing in the public cloud means untrustworthiness, and program information has the possibility of leakage. This paper designs a code obfuscation conversion tool for the purpose of protecting programs written in the Python programming language. It uses the Virtualization Obfuscation algorithm as the main conversion method to modify the program, and the converted program achieves program abstraction to ensure that the model is secure in the training and prediction stage. In addition, this study also applies simplicity obfuscation to rewrite the interpreter in the Virtualization Obfuscation transformation, so that the attacker is harder to perform static and dynamic program analysis. In the evaluation of the conversion effect, this study prepares a machine learning program based on the Kaggle competition data set in which predicts the survival of the Titanic event. After the Virtualization Obfuscation transform is performed on the machine learning program, the control flow is completely rewritten and the complexity of the software is greatly improved, but this will also increase the program execution time by 43 to 70 times.
    Reference: [1] B. Anckaert, M. H. Jakubowski, R. Venkatesan. "Virtualization for diversified
    tamper resistance." U.S. Patent No. 8,584,109. 12 Nov. 2013.
    [2] D. Apon, et al. "Implementing Cryptographic Program Obfuscation." IACR
    Cryptology ePrint Archive 2014 (2014): 779.
    [3] M. R.Asghar, S.D. Galbraith, G. Russello. "Obfuscation through simplicity."
    (2016).
    [4] S. Banescu, et al. "Code obfuscation against symbolic execution attacks."
    Proceedings of the 32nd Annual Conference on Computer Security Applications.
    ACM, 2016.
    [5] S. Banescu, et al. "Vot4cs: A virtualization obfuscation tool for C#" Proceedings
    of the 2016 ACM Workshop on Software PROtection.ACM, 2016.
    [6] C. Cadar, D. Dunbar, D. R. Engler. "KLEE: Unassisted andAutomatic
    Generation of High-Coverage Tests for Complex Systems Programs." OSDI. Vol.
    8. 2008.
    [7] J. Cazalas, et al. "Probing the limits of virtualized software protection."
    Proceedings of the 4th Program Protection and Reverse Engineering Workshop.
    ACM, 2014.
    [8] C. Collberg, C. Thomborson, D. Low.A taxonomy of obfuscating
    transformations. Department of Computer Science, The University ofAuckland,
    New Zealand, 1997.
    [9] C. Collberg, et al. "Distributed application tamper detection via continuous
    software updates." Proceedings of the 28th Annual Computer Security
    Applications Conference.ACM, 2012.
    [10] K. Coogan, G. Lu, S. Debray. "Deobfuscation of virtualization-obfuscated
    software: a semantics-based approach." Proceedings of the 18th ACM conference
    on Computer and communications security.ACM, 2011.
    [11] S. Garg, et al. "Candidate indistinguishability obfuscation and functional
    encryption for all circuits." SIAM Journal on Computing 45.3 (2016): 882-929.
    25
    [12] M. H. Halstead. Elements of software science. Vol. 7. New York: Elsevier, 1977.
    [13] J. Kinder. "Towards static analysis of virtualization-obfuscated binaries."
    Reverse Engineering (WCRE), 2012 19th Working Conference on. IEEE, 2012.
    [14] J. C. King. "Symbolic execution and program testing." Communications of the
    ACM 19.7 (1976): 385-394.
    [15] T. J. McCabe. "A complexity measure." IEEE Transactions on software
    Engineering 4 (1976): 308-320.
    [16] J. Nagra, C. Collberg. Surreptitious Software: Obfuscation, Watermarking, and
    Tamperproofing for Software Protection. Pearson Education, 2009.
    [17] T.A. Proebsting. "Optimizing an ANSI C interpreter with superoperators."
    Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of
    programming languages. ACM, 1995.
    [18] R. Rolles. "Unpacking virtualization obfuscators." 3rd USENIX Workshop on
    Offensive Technologies.(WOOT). 2009.
    [19] S.A. Sebastian, S. Malgaonkar, P. Shah, M. Kapoor and T. Parekhji, "A study &
    review on code obfuscation," 2016 World Conference on Futuristic Trends in
    Research and Innovation for Social Welfare (Startup Conclave), Coimbatore,
    2016, pp. 1-6.
    [20] M. Sharif, et al. "Automatic reverse engineering of malware emulators." 2009
    30th IEEE Symposium on Security and Privacy. IEEE, 2009.
    [21] B. Yadegari, et al. "A generic approach to automatic deobfuscation of executable
    code." 2015 IEEE Symposium on Security and Privacy. IEEE, 2015.
    Description: 碩士
    國立政治大學
    資訊科學系
    105753027
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0105753027
    Data Type: thesis
    DOI: 10.6814/NCCU201900153
    Appears in Collections:[Department of Computer Science ] Theses

    Files in This Item:

    File SizeFormat
    302701.pdf2677KbAdobe PDF2282View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback