Toward Automated Forensic Analysis of Obfuscated Malware
Date
2015
Authors
Farley, Ryan Joseph
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Malware analysis, forensics, and reverse engineering reveal a deeper understanding of the inner workings of malware and the mechanics behind attack detection, which enables us to develop better defenses against increasingly sophisticated malware. Despite its inherent value, the current state of forensic analysis requires notable manual effort due to various obfuscation techniques used by malware. In this work, we investigate how to automate forensic analysis of obfuscated malware and develop novel tools that can automatically pinpoint and recover hidden, obfuscated malicious code within memory dumps and network traffic captures. Our tool also helps to identify the vulnerable data structure within the exploited binary executable.
Description
Keywords
Computer science, Computer engineering, Code Extraction, Data-flow Analysis, Dynamic Analysis, Malware Forensics, Obfuscated Shellcode, Selective Symbolic Execution