Accession Number : ADA619874


Title :   Tools for Rapid Understanding of Malware Code


Descriptive Note : Final rept. 15 Jul 2011-14 Mar 2015


Corporate Author : ARIZONA UNIV TUCSON DEPT OF COMPUTER SCIENCE


Personal Author(s) : Debray, Saumya K


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a619874.pdf


Report Date : 07 May 2015


Pagination or Media Count : 14


Abstract : A significant shortcoming of existing malware analysis tools is their lack of general-purpose automated support for dealing with advanced code obfuscation techniques. Computer malware are developing increasingly sophisticated techniques to thwart analysis, and the lack of such automated tool support significantly increases the extent of manual intervention necessary for extracting and understanding what the malware is doing. Such intervention is tedious and time-consuming, and has the effect of reducing the speed with which new malware threats can be addressed. This is a serious problem because swift and precise response is essential in order to combat cyber-attacks in a timely and effective manner. This project aims to address the lack of automated tool support for malware analysis by developing a general framework and techniques to automate much of the task of deobfuscating malware binaries and thereby dramatically speed up the process of understanding malware code. This is done through two main objectives: the development of semantics-based techniques for identifying and removing obfuscation code; and the synthesis of simplification techniques to transform the resulting low-level machine code to program representations that are easier to reason about and understand.


Descriptors :   *COMPUTER VIRUSES , *INFORMATION SECURITY , *SOFTWARE TOOLS , ATTACK , REVERSE ENGINEERING , SEMANTICS


Subject Categories : Computer Programming and Software
      Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE