FEEBO: Framework for Empirically Evaluating the impact of Behavioral Obfuscation on Malware Detection
FEEBO is a tool that can behaviorally obfuscate any portable executable (PE) binary. It offers 3 obfuscation transformations:
- Insertion of a random number of system calls between original system calls made by a program.
- Reordering of system calls in the original sequence of system calls of a program.
- Semantic substitution of sequences of system calls with functionally equivalent sequences of system calls.
For more details about the obfuscation transformations and how we used FEEBO to evaluate the resilience of several n-gram malware detection approaches, please read the following papers:
To avoid situations in which FEEBO is misused (e.g. to obfuscate malicious software), we are disclosing its source code only to members of academia and industry who will send an e-mail from an official e-mail address stating the purpose for which s/he will use FEEBO, to the member of our chair who is responsible for this software.