Description
Date depot: 1 janvier 1900
Titre: Advanced Malware Analysis
Directeur de thèse:
Davide BALZAROTTI (Eurecom)
Domaine scientifique: Sciences et technologies de l'information et de la communication
Thématique CNRS : Non defini
Resumé:
Objective
Security companies collect million of malware samples every day. This big-data aspect is a
new concept in malware analysis but it is certainly here to stay. On top of traditional samples,
the upcoming Internet of Things (IoT) revolution will inevitably increase both the amount and
the diversity of the collected artifacts.
However, despite its promises, big data collection has so far brought to our field more
challenges than advantages – mainly resulting in a burden for researchers and malware analysts.
In fact, on the one hand more samples mean less time to analyze them and larger infrastructures
required to store the files and execute them in dynamic analysis sandboxes. On the other hand,
security companies are clearly struggling to sift through this increasing amount of data in the
attempt to extract some actionable intelligence to better protect their customers and improve
their services. As a result, while there is a clear global trend towards collecting more and more
data, most of this data is just sitting unused on some server, taking terabytes of storage space
without actually being used, exploited, and often even properly understood by the company
that collect it.
On top of this poor understanding of big malware dataset, new advanced techniques are
making the analysis of individual samples more complex and more time-consuming. For instance,
ROP-only malware, disk-less samples, and advanced obfuscations are reducing our
ability to automatically process and understand new malicious files.
The goal of this thesis is to harness the information stored in large malware datasets to
improve the samples analysis, provide intelligence information, detect correlation, or simply
study trends and evolution of different techniques used by malware writers. In this challenging
context, this dissertation will also explore new techniques to extend current static and dynamic
analysis approaches to the analysis of novel and sophisticated malware samples. This can
involve heavily obfuscated and packed binaries or new form of malicious code and will rely
on existing large-scale malware collection systems to provide the required data to conduct
experiments.
Doctorant.e: Cozzi Emanuele