[Colloq] FWD: [kaeli at ece.neu.edu: PhD Proposal for Jennifer Mankin]
Prof. David Kaeli
kaeli at ece.neu.edu
Sun Oct 14 16:41:06 EDT 2012
All,
The talk is actually Wed. 10/17.
Thanks Gene,
Dave
===================================================================
= Prof. David Kaeli email: d.kaeli at neu.edu phone: 617-373-5413 =
= Director of the NU Computer Architecture Research Laboratory =
=Associate Dean of Undergraduate Programs, College of Engineering =
= 220 Snell Engineering, NEU, Boston, MA 02115 =
= URL: www.ece.neu.edu/faculty/kaeli.html =
===================================================================
On Sun, 14 Oct 2012, Gene Cooperman wrote:
> David Kaeli asked me to announce this thesis proposal from ECE, since the
> topic is close to the interests of many people in CCIS.
> The topic is:
> MALWARE ANALYSIS AND CLASSIFICATION THROUGH LOW-ARTIFACT DISK INSTRUMENTATION
> (Thesis Proposal by Jennifer Mankin)
>
> - Gene Cooperman
>
> ----- Forwarded message from "Prof. David Kaeli" <kaeli at ece.neu.edu> -----
>
> ---------- Forwarded message ----------
> Date: Sat, 13 Oct 2012 14:59:37 -0400 (EDT)
> From: Prof. David Kaeli <kaeli at ECE.NEU.EDU>
> To: all at ECE.NEU.EDU
> Cc: nucar at ECE.NEU.EDU
> Subject: [ECE Faculty] PhD Proposal for Jennifer Mankin
>
>
> PhD Proposal Presentation by Jennifer Mankin
> Wednesday October 17, 2012 1:00-3:00PM
> Room 378, 140 The Fenway
>
> MALWARE ANALYSIS AND CLASSIFICATION
> THROUGH LOW-ARTIFACT DISK INSTRUMENTATION
>
> Abstract:
> The proliferation of malware in recent years has motivated the need
> for tools to analyze, classify, and understand intrusions. Because it
> is in a malware sample's best interest to propagate in the wild as
> long as possible, malware writers will use whatever techniques are at
> their disposal in order to deceive or evade analyzers. As a result,
> it is critical that a malware analyzer operate at a higher privilege
> level, or on a lower semantic level, than the malware it is analyzing.
>
> In this dissertation proposal, we present Dione, a flexible rule-based
> disk I/O monitoring and analysis infrastructure that does both.
> Dione interposes between a system-under-analysis and its hard disk,
> intercepting disk accesses and reconstructing a high-level semantic
> view of the disk and all operations on it. By performing on-the-fly
> reconstruction of every operation, Dione maintains a ground truth of
> the state of the file system which is always up-to-date---even as new
> files are created, deleted, moved, or altered.
>
> Since Dione does not rely on any kernel APIs or structures, and
> instead maintains the state of the system through raw metadata
> processing, it cannot be misdirected or bypassed by even the most
> sophisticated malware. Furthermore, it flexibly integrates with many
> kinds of systems, including virtualized, emulated, and physical
> systems. In this work, we propose using Dione to analyze and detect
> environment-sensitive malware---malware that attempts to detect that
> it is being analyzed so that it can modify its execution to avoid
> analysis. Given the rich, multi-level semantics that Dione can use as
> features to describe a malicious program's execution, we also propose
> using the Dione execution trace to identify and cluster unknown
> malware samples.
>
> Thesis Committe:
>
> Jennifer Dy
> Yunsi Fei
> David Kaeli (advisor)
> Charles Wright (Portland St. University)
> ===================================================================
> = Prof. David Kaeli email: d.kaeli at neu.edu phone: 617-373-5413 =
> = Director of the NU Computer Architecture Research Laboratory =
> =Associate Dean of Undergraduate Programs, College of Engineering =
> = 220 Snell Engineering, NEU, Boston, MA 02115 =
> = URL: www.ece.neu.edu/faculty/kaeli.html =
> ===================================================================
>
> ----- End forwarded message -----
>
More information about the Colloq
mailing list