This item is only available for download by members of the University of Illinois community. Students, faculty, and staff at the U of I may log in with your NetID and password to view the item. If you are trying to access an Illinois-restricted dissertation or thesis, you can request a copy through your library's Inter-Library Loan office or purchase a copy directly from ProQuest.
Permalink
https://hdl.handle.net/2142/97865
Description
Title
Towards automated reverse engineering of malware
Author(s)
Kosciarz, Bartosz
Contributor(s)
Baily, Michael
Issue Date
2017-05
Keyword(s)
malware
automated reverse engineering of malware
reverse engineering
Abstract
"Malware is becoming both more complex and pervasive, infecting a seemingly
endless supply of new device types. Defenses need to respond to these outbreaks immediately,
and yet still we learn most of what we know about malware
from by-hand analysis. For every new vulnerable target, we still must
develop new analysis tools for each instruction set and architecture. In this
paper, we introduce a new technique for automatically reverse-engineering
malware using symbolic execution. We employ lifters to ""lift"" (in effect,
translate) binaries from machine code to a more easily analyzed intermediate
representation (IR) language, LLVM IR, and automate analysis of the
lifted version. We believe our approach is more effective, efficient, and often
faster than prior work. Our primary goal, though, is to demonstrate the utility of creating a set of powerful analysis tools for an IR and ""lifting"" software
into that IR to perform analysis."
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.
