[Colloq] Fwd: Talk - Change of Date- Monday, Sept. 15 - Engin Kirda

Rachel Kalweit rachelb at ccs.neu.edu
Fri Sep 5 11:46:40 EDT 2008


The date was changed.  Sorry for the duplicate email. 




Engin Kirda, from EURECOM, will be joining us on Monday, September 15 at 10:30am in room 366 WVH to do a talk. 

Title: Dynamic Malware Analysis

Abstract:
Malware analysis is the process of determining the purpose and functionality of a given malware sample  (such as a virus, worm, or
Trojan horse). This process is a necessary step to be able to develop effective  detection techniques for malicious code. In addition, it is an important prerequisite for the development of  removal tools that can thoroughly delete malware from an infected machine. Traditionally, malware analysis  has been a manual process that is tedious and time-intensive. Unfortunately, the number of samples that  need to be analyzed by security vendors on a daily basis is constantly increasing. This clearly reveals the need for tools that automate and simplify parts of the analysis process.

In this talk, I present Anubis, a service for dynamically analyzing the behavior of Windows executables. To this end, the binary is run in an emulated operating system environment and its (security-relevant)  actions are monitored. In particular, we record the
Windows native system calls and Windows API functions  that the program invokes. One important feature of our system is that it does
not modify the program that  it executes (e.g., through API call hooking or breakpoints), making it more difficult to detect by
malicious  code.  These factors make Anubis a useful tool for quickly getting an understanding of the  behavior of an unknown malware.

Bio:
Engin Kirda has recently joined the Networking and Security Department at EURECOM in France as faculty. Before that, he was  
associate professor at the Technical University of Vienna and one of the co-founders of the Secure Systems Lab there.  He received his Ph.D. with honors in computer science from the Technical University Vienna. His research interests include most aspects of computer security, with an emphasis on web security, binary analysis, and malware detection. In 2009, he will be the RAID (Recent Advanced in Intrusion Detection) conference programme chair. He is a member of IEEE and USENIX.

Host: Guevara Noubir

_______________________________________________
Colloq mailing list
Colloq at lists.ccs.neu.edu
https://lists.ccs.neu.edu/bin/listinfo/colloq




More information about the Colloq mailing list