Define-Use Guided Path Exploration for Better Forced Execution

The evolution of recent malware, characterized by the escalating use of cloaking techniques, poses a signi cant challenge in the analysis of malware behaviors. Researchers proposed forced execution to penetrate malware's self-protection mechanisms and expose hidden behaviors, by forcefully setting certain branch outcomes. Existing studies focus on enhancing the forced executor to provide light-weight crash-free execution models. However, insu cient attention has been directed toward the path exploration strategy, an aspect equally crucial to the e ectiveness. Linear search employed in state-of-the-art forced execution tools exhibits inherent limitations that lead to unnecessary path exploration and incomplete behavior exposure. In this paper, we propose a novel and practical path exploration strategy that focuses on the coverage of de neuse relations in the subject binary. We develop a fuzzing approach for exploring these de ne-use relations in a progressive and selfsupervised way. Our experimental results show that the proposed solution outperforms the existing forced execution tools in both memory dependence coverage and malware behavior exposure. CCS CONCEPTS • Security and privacy → Malware and its mitigation; • Software and its engineering;