[Colloq] FWD: [kaeli at ece.neu.edu: PhD Proposal for Jennifer Mankin]

Gene Cooperman gene at ccs.neu.edu
Sun Oct 14 16:35:34 EDT 2012


David Kaeli asked me to announce this thesis proposal from ECE, since the
topic is close to the interests of many people in CCIS.
The topic is:
  MALWARE ANALYSIS AND CLASSIFICATION THROUGH LOW-ARTIFACT DISK INSTRUMENTATION
  (Thesis Proposal by Jennifer Mankin)

- Gene Cooperman

----- Forwarded message from "Prof. David Kaeli" <kaeli at ece.neu.edu> -----

Date: Sat, 13 Oct 2012 15:12:14 -0400 (EDT)
From: "Prof. David Kaeli" <kaeli at ece.neu.edu>
To: gene at ccs.neu.edu
Subject: PhD Proposal for Jennifer Mankin

Could you send his to the CCIS email reflector?
<snip>

---------- Forwarded message ----------
Date: Sat, 13 Oct 2012 14:59:37 -0400 (EDT)
From: Prof. David Kaeli <kaeli at ECE.NEU.EDU>
To: all at ECE.NEU.EDU
Cc: nucar at ECE.NEU.EDU
Subject: [ECE Faculty] PhD Proposal for Jennifer Mankin


PhD Proposal Presentation by Jennifer Mankin
Tuesday October 17, 2012 1:00-3:00PM
Room 378, 140 The Fenway

MALWARE ANALYSIS AND CLASSIFICATION
THROUGH LOW-ARTIFACT DISK INSTRUMENTATION

Abstract:
The proliferation of malware in recent years has motivated the need
for tools to analyze, classify, and understand intrusions.  Because it
is in a malware sample's best interest to propagate in the wild as
long as possible, malware writers will use whatever techniques are at
their disposal in order to deceive or evade analyzers.  As a result,
it is critical that a malware analyzer operate at a higher privilege
level, or on a lower semantic level, than the malware it is analyzing.

In this dissertation proposal, we present Dione, a flexible rule-based
disk I/O monitoring and analysis infrastructure that does both.
Dione interposes between a system-under-analysis and its hard disk,
intercepting disk accesses and reconstructing a high-level semantic
view of the disk and all operations on it.  By performing on-the-fly
reconstruction of every operation, Dione maintains a ground truth of
the state of the file system which is always up-to-date---even as new
files are created, deleted, moved, or altered.

Since Dione does not rely on any kernel APIs or structures, and
instead maintains the state of the system through raw metadata
processing, it cannot be misdirected or bypassed by even the most
sophisticated malware. Furthermore, it flexibly integrates with many
kinds of systems, including virtualized, emulated, and physical
systems.  In this work, we propose using Dione to analyze and detect
environment-sensitive malware---malware that attempts to detect that
it is being analyzed so that it can modify its execution to avoid
analysis.  Given the rich, multi-level semantics that Dione can use as
features to describe a malicious program's execution, we also propose
using the Dione execution trace to identify and cluster unknown
malware samples.

Thesis Committe:

Jennifer Dy
Yunsi Fei
David Kaeli (advisor)
Charles Wright (Portland St. University)
===================================================================
=   Prof. David Kaeli email: d.kaeli at neu.edu phone: 617-373-5413  =
=   Director of the NU Computer Architecture Research Laboratory  =
=Associate Dean of Undergraduate Programs, College of Engineering =
=          220 Snell Engineering,  NEU, Boston, MA 02115          =
=             URL:  www.ece.neu.edu/faculty/kaeli.html            =
===================================================================

----- End forwarded message -----



More information about the Colloq mailing list