ITEM METADATA RECORD
Title: Poster: Identifying dynamic data structures in malware
Authors: Rupprecht, Thomas ×
Chen, Xi
White, David H.
Mühlberg, Tobias
Bos, Herbert
Lüttgen, Gerald #
Issue Date: 28-Oct-2016
Publisher: ACM
Host Document: CCS'16: PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY pages:1772-1774
Conference: ACM CCS edition:23 location:Vienna, Austria date:24-28 October 2016
Abstract: As the complexity of malware grows, so does the necessity of
employing program structuring mechanisms during development. While control flow structuring is often obfuscated, the
dynamic data structures employed by the program are typically untouched. We report on work in progress that exploits
this weakness to identify dynamic data structures present in
malware samples for the purposes of aiding reverse engineering and constructing malware signatures, which may be
employed for malware classification.

Using a prototype implementation, which combines the
type recovery tool Howard and the identification tool Data
Structure Investigator (DSI), we analyze data structures in
Carberp and AgoBot malware. Identifying their data structures illustrates a challenging problem. To tackle this, we
propose a new type recovery for binaries based on machine
learning, which uses Howard's types to guide the search and
DSI's memory abstraction for hypothesis evaluation.
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section
× corresponding author
# (joint) last author

Files in This Item:
File Description Status SizeFormat
paper.pdfPoster paper. Published 151KbAdobe PDFView/Open

 


All items in Lirias are protected by copyright, with all rights reserved.

© Web of science