Generally, security systems are utilized for analyzing code in order to determine whether the code is unwanted (e.g. malicious, etc.). However, such security systems have traditionally been ineffective in analyzing compiled code originally written in a high-level language (e.g. such as source code). For example, analyzing the code in a compiled, low-level form (e.g. object code) has oftentimes involved a signature-based analysis. Unfortunately, such signature-based analysis has required the code to be analyzed against numerous signatures, while still allowing false positive detections. Such false positive detections often result, at least in part, from difficulties in describing the intent of unwanted code at a low-level, utilizing such signatures, etc.
Further, decompiling low-level code originally written as high-level code (for analysis of such code in its high-level form) has customarily been a large and complex process. Thus, security systems have been incapable of employing decompilation techniques, while still providing an effective analysis of the code in a reasonable time. Even so, decompilers customarily are unable to identify the original structure of the code in its high-level form, due to obfuscation of the code during compilation, therefore preventing detection of known unwanted patterns within the code.
There is thus a need for addressing these and/or other issues associated with the prior art.