People/Web Search Calendar Emergency Info A-Z Index UVA Email University of Virginia

Computer Science Colloquia

May 1, 2012
Xiaoyuan Wang
Advisor: John Knight
Attending Faculty: Jack Davidson

10:00 AM, Rice Hall, Rm. 242

Master's Project Presentation
Defeating Malware Obfuscation by Application Level Virtualization

ABSTRACT

Malware authors have recently begun using emulation technology to obfuscate their code. Some converts native malware binaries into bytecode programs written in a randomly generated instruction set and paired with a native binary emulator that interprets the bytecode. Traditional static analysis obviously fails to detect malware signatures because the true malware logic is encoded as bytecode contained in some memory buffer that is treated as data by the analysis. In this project, We introduce a new malware obfuscation technique which is evaluated against various anti-malware tools. The result together with surveys reflects the fact that existing malware analysis can hardly reverse this obfuscation technique. We present an application level virtualization framework implemented based on Software Dynamic Translation (SDT) which not only defeats the prior obfuscation technique, but also works on all existing obfuscated malwares.