Toward Automated Forensic Analysis of Obfuscated Malware

Date

2015

Authors

Farley, Ryan Joseph

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Malware analysis, forensics, and reverse engineering reveal a deeper understanding of the inner workings of malware and the mechanics behind attack detection, which enables us to develop better defenses against increasingly sophisticated malware. Despite its inherent value, the current state of forensic analysis requires notable manual effort due to various obfuscation techniques used by malware. In this work, we investigate how to automate forensic analysis of obfuscated malware and develop novel tools that can automatically pinpoint and recover hidden, obfuscated malicious code within memory dumps and network traffic captures. Our tool also helps to identify the vulnerable data structure within the exploited binary executable.

Description

Keywords

Computer science, Computer engineering, Code Extraction, Data-flow Analysis, Dynamic Analysis, Malware Forensics, Obfuscated Shellcode, Selective Symbolic Execution

Citation