Binary And Alternate Representation Transforming

Question

In this publication about Metamorphic viruses i have found this classification:

Metamorphic malware may be either a binary-transformer or an alternate-representation-transformer. The former class transforms the binary image that is executed, whereas the latter class carries its code in a higher level representation, which is used for transformation.

I did not found a precise definition of these two terms. I would like to know if is there a generic definition for each one, or a generic context to introduce the classification in my dissertation.

Thanks all.

Answer 1

More common term for Binary-Transformer is Binary Code Obfuscation or simple Binary Obfuscation (plays an essential role in evading malware static analysis and detection). Some anthers also use term Post-compilation obfuscation[*]. Term Binary Obfuscation also used in reverse engineering for innocent purpose (to recover source file).[1][2][3]

Whereas, for Alternate-Representation-Transformer term Assembly Level Obfuscation, Source Code Obfuscation( or Source Obfuscation) you can use Mnemonic Level Obfuscation, Code Obfuscation.

Read this sort article to find useful common terms.

(but I am not sure for Post-compilation obfuscation)

---

Paper Writing is not exact science. Different authors use different(rare) words to prevent probability of match. Many time my papers/journal rejected only due to presentation, but not because of technical flaw.