Indiana University Bloomington

School of Informatics and Computing

Colloquia

Back to Colloquia Archive

Automatic In-depth Malware Analysis

by Heng Yin

University of California, Berkeley/College of William and Mary

Date
Tuesday, March 31, 2009
Time
2:00 p.m. (special time) — 3:00 p.m.
Place
Lindley Hall 101

Abstract: Malicious software (i.e., malware) has become a severe threat to interconnected computer systems for decades and caused billions of dollars damages each year. Large volume of new malware samples are discovered daily. Even worse, malware is rapidly evolving to be more sophisticated and evasive to strike against current malware analysis and defense systems. My research tackles the problem of automatic in-depth malware analysis, which aims to automatically analyze a piece of malware, identify its malicious behavior, and provide valuable insights about its attack mechanism. My first step was to build a new dynamic binary analysis platform, TEMU, to address the common challenges for malware analysis, including code obfuscation, pervasive and transient code presence, and fine-grained malicious behaviors. TEMU not only enables my research on malware analysis, but also fosters research on other computer security problems. Then on the basis of TEMU, I proposed a series of novel techniques, such as Panorama, Renovo, and HookFinder, for detecting and analyzing various aspects of malware. These techniques capture intrinsic characteristics of malware, and thus are well suited for dealing with new malware samples and attack mechanisms.

Biography: Heng Yin is a Ph.D. candidate at College of William and Mary under the supervision of Prof. Haining Wang (at William & Mary) and Prof. Dawn Song (at UC Berkeley). His research interests span all aspects of security, including computer security, software security, and network security. His current focus is on binary analysis techniques and their applications to malware defense. Since October 2005, he is one of the initiators and major participants of the BitBlaze binary analysis project at UC Berkeley (previously at Carnegie Mellon University).

Colloquium Provided By:

the School of Informatics