"Enhancing Usability Of Malware Analysis Pipelines With Reverse Enginee" by Jeffrey Ching

submited by
Style Pass
2021-08-18 04:00:05

Lots of work has been done on analyzing software distributed in binary form. This is a challenging problem because of the relatively unstructured nature of binaries. To recover high-level structure, various attempts have included static and dynamic analysis. However, human inspection is often required, as high-level structure is compiled away. Recent success in this area includes work on variable-name recovery, vulnerability discovery, class recovery for object-oriented languages. We are interested in building a pipeline for user to analyze malware. In this thesis we tackle two problems central to malware analysis pipelines. The first is D3RE, an interactive querying tool that allows users to analyze binaries interactively by writing declarative rules and visualizing their results projected onto a binary. The second is Assmeblage, a tool which automatically scrapes GitHub for C and C++ repositories and builds these repositories automatically using different compilation settings to produce a variety of configurations. These two tools will enable users to get enough data to do analysis as well for them to do interactive analysis. Finally, we present future work demonstrating a possible visualization combining d3re and Ghidra along with some specific questions for future user studies.

Ching, Jeffrey, "Enhancing Usability Of Malware Analysis Pipelines With Reverse Engineering" (2021). Theses - ALL. 476. https://surface.syr.edu/thesis/476

Leave a Comment
Related Posts