Computer Science Colloquia
May 1, 2012
Advisor: John Knight
Attending Faculty: Jack Davidson
10:00 AM, Rice Hall, Rm. 242
Master's Project Presentation
Defeating Malware Obfuscation by Application Level Virtualization
Malware authors have recently begun using emulation technology to obfuscate their code. Some converts native malware binaries into bytecode programs written in a randomly generated instruction set and paired with a native binary emulator that interprets the bytecode. Traditional static analysis obviously fails to detect malware signatures because the true malware logic is encoded as bytecode contained in some memory buffer that is treated as data by the analysis. In this project, We introduce a new malware obfuscation technique which is evaluated against various anti-malware tools. The result together with surveys reflects the fact that existing malware analysis can hardly reverse this obfuscation technique. We present an application level virtualization framework implemented based on Software Dynamic Translation (SDT) which not only defeats the prior obfuscation technique, but also works on all existing obfuscated malwares.