[Colloq] Fwd: Talk - Change of Date- Monday, Sept. 15 - Engin Kirda
Rachel Kalweit
rachelb at ccs.neu.edu
Fri Sep 5 11:46:40 EDT 2008
The date was changed. Sorry for the duplicate email.
Engin Kirda, from EURECOM, will be joining us on Monday, September 15 at 10:30am in room 366 WVH to do a talk.
Title: Dynamic Malware Analysis
Abstract:
Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or
Trojan horse). This process is a necessary step to be able to develop effective detection techniques for malicious code. In addition, it is an important prerequisite for the development of removal tools that can thoroughly delete malware from an infected machine. Traditionally, malware analysis has been a manual process that is tedious and time-intensive. Unfortunately, the number of samples that need to be analyzed by security vendors on a daily basis is constantly increasing. This clearly reveals the need for tools that automate and simplify parts of the analysis process.
In this talk, I present Anubis, a service for dynamically analyzing the behavior of Windows executables. To this end, the binary is run in an emulated operating system environment and its (security-relevant) actions are monitored. In particular, we record the
Windows native system calls and Windows API functions that the program invokes. One important feature of our system is that it does
not modify the program that it executes (e.g., through API call hooking or breakpoints), making it more difficult to detect by
malicious code. These factors make Anubis a useful tool for quickly getting an understanding of the behavior of an unknown malware.
Bio:
Engin Kirda has recently joined the Networking and Security Department at EURECOM in France as faculty. Before that, he was
associate professor at the Technical University of Vienna and one of the co-founders of the Secure Systems Lab there. He received his Ph.D. with honors in computer science from the Technical University Vienna. His research interests include most aspects of computer security, with an emphasis on web security, binary analysis, and malware detection. In 2009, he will be the RAID (Recent Advanced in Intrusion Detection) conference programme chair. He is a member of IEEE and USENIX.
Host: Guevara Noubir
_______________________________________________
Colloq mailing list
Colloq at lists.ccs.neu.edu
https://lists.ccs.neu.edu/bin/listinfo/colloq
More information about the Colloq
mailing list