Bilkent University
Department of Computer Engineering
S E M I N A R

 

Analysis Methods for Analysis-Resistant Malware

 

Utku Ozan Yılmaz
MSc. Student
Computer Engineering Department
Bilkent University

Malware is the general name of harmful software such as viruses, worms, trojan horses, spywares, dishonest adwares, crimewares, rootkits, and other malicious and unwanted software. They are often used to infect computers by exploiting software vulnerabilities or tricking users into running them. As spam, phishing, denial of service attacks, botnets and data stealing depend on some kind of malware, they are serious threats to computer users. New malware are released at overwhelming rates and the increasing amount and diversity of malware render classic security techniques ineffective. Especially a subgroup called analysis-resistant malware are employing techniques such as binary packers, public key program obfuscation, encryption, self-modifying code, polymorphism, emulators, split personalities and emulator checks to obstruct analysis. This survey will discuss the shortcomings of static analysis against analysis-resistant malware and methods utilized to overcome the obstruction techniques, such as dynamic analysis, sandboxes, multipath exploration, dynamic tainting, information flow analysis and comparison-based state modification.

 

DATE: 19 April, 2010, Monday @ 15:30
PLACE: EA 409