Potency measures how difficult it is for a human to understand the obfuscated code when compared to the original code. To calculate Potency, we resorted to Software Complexity Metrics, such as Halstead's Metrics and Cyclomatic Complexity, which were designed to aid in the development of readable and maintainable programs. These metrics allow us to determine the impact of the transformations in the code.
Resilience measures the difficulty to revert the transformed code into its original form. Resilience goes hand-in-hand with Potency since some transformations may fool a Human reading the code but can be easily reversed by a deobfuscator. An example would be adding an if statement which introduces a dummy variable. A Human might not be able to identify the code as dummy code where a deobfuscator would easily be able to remove the statement.
Resilience is calculated by combining the following metrics:
Programmer Effort - the amount of time required to develop a deobfuscator capable of reverting a transformation's result
Deobfuscator Effort - the required execution time and space by a deobfuscator to effectively revert the transformation
Cost represents the impact of a given transformation in the execution time of a transformed application as well as the impact on the application's file size.