ebook img

Analysis of Adversarial Code PDF

82 Pages·2006·1.58 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Analysis of Adversarial Code

Analysis of Adversarial Code: Problem, Challenges, Results Arun Lakhotia Center for Advanced Computer Studies University of Louisiana at Lafayette www.cacs.louisiana.edu/labs/SRL Black Hat Federal 2006 Sheraton Crystal City, Washington DC January 23-26, 2006 Adversarial Code Analysis • ACA at UL Lafayette – Ongoing research for over 3 years – Evolved from analyzing and writing virus detectors – Impacted by failures in using traditional analysis – Aim: fundamental advances in hardening analysis • focus: key (real) problems in malware analysis • develop and adapt theoretical approaches • build and test prototypes 2 Our ACA Approach • Short term – Harden individual steps – Use solid theory • Long term – Holistic infrastructure improvement 3 Malware Detection Process ANALYSIS IN LAB Sample Extract Signature + Filter Analyze Removal Instructions Verify ON DESKTOP Removal Instructions Signature Clean Disinfect Match File/Message Scanner System System 4 Talk Contents Motivation Analysis Tools Overall ACA Approach Results VILO: malware phylogeny generation DOC: detecting obfuscated calls UMPH: reversing metamorphic transforms Future and Conclusions 5 Program Analysis: The Old Frontier • Half a century of program analysis – Compilers, optimizers, checkers, refactoring tools – Analyze, visualize, transform • Problem Space – Program optimization – Profiling, testing, debugging – Understanding, Comprehension – Reengineering • Purpose – Help programmers help themselves 6 Typical Analysis Pipeline PROGRAM DATABASE extract extract control verify disassemble procedures & data flow property certify / reject 7 Program Analysis: The New Frontier • Analysis of malicious programs – Viruses, worms, Trojans, spyware, adware • Problems – What does the malware do? – What attack tools and methods are employed? – How did it arrive on this computer? – Which other computers did it go to? – Who wrote the malware? • Purpose – Help security analysts defend computing resources 8 Malware Analysis Pipeline VIRUS DATABASE extract extract control verify disassemble procedures & data flow property certify / reject 9 Implications of Undecidability Analysis problems are undecidable Precise solution Precise solutions cannot be computed ‘Safe’ solution Solutions are approximated Play ‘safe’: over approximate or under approximate Catch: ‘Safe’ solutions leave hideouts for malware Hideout for malware 10

Description:
Arun Lakhotia. Center for Advanced Computer Studies. University of Louisiana at Lafayette www.cacs.louisiana.edu/labs/SRL. Black Hat Federal 2006.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.