APIASO: A Novel API Call Obfuscation Technique Based on Address Space Obscurity

API calls are programming interfaces used by applications. When it is difficult for an analyst to perform a direct reverse analysis of program, the provides important basis analyzing behavior and functionality program. address spaces essential analysts identify call information, therefore obfuscation as protection strategy prevent from obtaining information spaces. avoids aims create more complex calling process. Unfortunately, current methods not effective in preventing usable space. To solve this issue, paper, we propose model based on space obscurity. The key functions within encrypted moved user code execution. This breaks relationship between its space, making impossible obtain about known In our experiments, developed archetypical compiler-level system automate input source into obfuscated file. results show that approach can thwart existing deobfuscation techniques highly resistant various open-source dynamic platforms. Compared other techniques, scheme improves obscurity than two times, detection rate such Scylla, etc. zero, increase overhead 20%. above APIASO has better effect practicability.