Topics in Low-Level Reverse Engineering, with Applications to Software Security

Abstract

The goal of the project was to investigate automated techniques for analyzing computer malware codes, so as to simplify and accelerate the process of penetrating the defenses mounted by such malware to prevent analysis and extracting the internal logic of the malware. The investigators focused on analysis techniques that did not require the execution of the malware code. The project resulted in the development of a number of techniques for the analysis of executable files, including: a theoretical model for reasoning about malware code that modifies itself as it runs; an approach to automatically identify anti-analysis defenses in malware codes; an approach to automatically identify and emulate the code that performs the actual decryption of the malware code, and thereby extract the malware code; and an approach to detect possible errors in the instruction sequence obtained from examining a malware executable file. These results formed substantial components of one PhD dissertation and one MS thesis in Computer Science.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 27, 2010
Accession Number
ADA567214

Entities

People

  • Saumya Debray

Organizations

  • University of Arizona

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Algorithms
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Engineering
  • Instructions
  • Machine Learning
  • Network Science
  • Reverse Engineering
  • Semantic Models
  • Sequences
  • Software Development
  • Test And Evaluation
  • Theses
  • Training
  • Transient Response Analysis

Fields of Study

  • Computer science
  • Engineering

Readers

  • Artificial Intelligence
  • Cybersecurity.
  • ballistics.

Technology Areas

  • Cyber