Files in this item



application/pdfECE499-Sp2017-kosciarz.pdf (154kB)Restricted to U of Illinois
(no description provided)PDF


Title:Towards automated reverse engineering of malware
Author(s):Kosciarz, Bartosz
Contributor(s):Baily, Michael
automated reverse engineering of malware
reverse engineering
Abstract:Malware is becoming both more complex and pervasive, infecting a seemingly endless supply of new device types. Defenses need to respond to these outbreaks immediately, and yet still we learn most of what we know about malware from by-hand analysis. For every new vulnerable target, we still must develop new analysis tools for each instruction set and architecture. In this paper, we introduce a new technique for automatically reverse-engineering malware using symbolic execution. We employ lifters to "lift" (in effect, translate) binaries from machine code to a more easily analyzed intermediate representation (IR) language, LLVM IR, and automate analysis of the lifted version. We believe our approach is more effective, efficient, and often faster than prior work. Our primary goal, though, is to demonstrate the utility of creating a set of powerful analysis tools for an IR and "lifting" software into that IR to perform analysis.
Issue Date:2017-05
Date Available in IDEALS:2017-08-22

This item appears in the following Collection(s)

Item Statistics