//Events - 25 March 2020 1:00PM
Hybrid Analysis and Control of Malware hosted by UQ Cyber
UPDATE: THIS EVENT HAS BEEN CANCELLED DUE TO A COVID-19 TRAVEL RESTRICTION
Malware attacks necessitate extensive forensic analysis efforts that are manual-labour intensive because of the analysis-resistance techniques that malware authors employ. The most prevalent of these techniques are code unpacking, code overwriting, and control transfer obfuscations. We simplify the analyst's task by analyzing the code prior to its execution and by providing the ability to selectively monitor its execution. The key invariant is that we guarantee that new code discovered or creating during execution will be analyzed and (at the option of the analyst) instrumented before it has a chance to execute.
We achieve pre-execution analysis by combining static and dynamic techniques to construct control and data-flow analyses. These analyses form the interface by which the analyst instruments the code. This interface simplifies the instrumentation task, allowing us to reduce the number of instrumented program locations by a hundred-fold relative to existing instrumentation-based methods of identifying unpacked code.
We also address the defensive mechanisms used in malware to detect that they are being monitored and show how we neutralize them.
We implemented our techniques in SD-Dyninst and applied them to a large corpus of malware, preforming analysis tasks such as code coverage tests and call-stack traversals that are greatly simplified by hybrid analysis.
Barton Miller is the Vilas Distinguished Achievement Professor, and Amar and Velinder Professor of Computer Sciences at the University of Wisconsin-Madison. He is also Chief Scientist for the DHS Software Assurance Marketplace (SWAMP) research facility, leads the software assurance effort for the NSF Cybersecurity Centre of Excellence (TrustedCI), and co-directs the MIST software vulnerability assessment project in collaboration with his colleagues at the Autonomous University of Barcelona.
In 1988, Miller founded the field of Fuzz random software testing, which is the foundation of many security and software engineering disciplines.
25 March 2020 1:00pm
Room S603 Social Sciences Building (24)
Monday, 23 March, 2020 - 17:00