Tools for Rapid Understanding of Malware Code
Abstract
A significant shortcoming of existing malware analysis tools is their lack of general-purpose automated support for dealing with advanced code obfuscation techniques. Computer malware are developing increasingly sophisticated techniques to thwart analysis, and the lack of such automated tool support significantly increases the extent of manual intervention necessary for extracting and understanding what the malware is doing. Such intervention is tedious and time-consuming, and has the effect of reducing the speed with which new malware threats can be addressed. This is a serious problem because swift and precise response is essential in order to combat cyber-attacks in a timely and effective manner. This project aims to address the lack of automated tool support for malware analysis by developing a general framework and techniques to automate much of the task of deobfuscating malware binaries and thereby dramatically speed up the process of understanding malware code. This is done through two main objectives: the development of semantics-based techniques for identifying and removing obfuscation code; and the synthesis of simplification techniques to transform the resulting low-level machine code to program representations that are easier to reason about and understand.
Document Details
- Document Type
- Technical Report
- Publication Date
- May 07, 2015
- Accession Number
- ADA619874
Entities
People
- Saumya K. Debray
Organizations
- University of Arizona