Projet de recherche doctoral numero :4764


Date depot: 1 janvier 1900
Titre: Advanced Malware Analysis
Directeur de thèse: Davide BALZAROTTI (Eurecom)
Domaine scientifique: Sciences et technologies de l'information et de la communication
Thématique CNRS : Non defini

Resumé: Objective Security companies collect million of malware samples every day. This big-data aspect is a new concept in malware analysis but it is certainly here to stay. On top of traditional samples, the upcoming Internet of Things (IoT) revolution will inevitably increase both the amount and the diversity of the collected artifacts. However, despite its promises, big data collection has so far brought to our field more challenges than advantages – mainly resulting in a burden for researchers and malware analysts. In fact, on the one hand more samples mean less time to analyze them and larger infrastructures required to store the files and execute them in dynamic analysis sandboxes. On the other hand, security companies are clearly struggling to sift through this increasing amount of data in the attempt to extract some actionable intelligence to better protect their customers and improve their services. As a result, while there is a clear global trend towards collecting more and more data, most of this data is just sitting unused on some server, taking terabytes of storage space without actually being used, exploited, and often even properly understood by the company that collect it. On top of this poor understanding of big malware dataset, new advanced techniques are making the analysis of individual samples more complex and more time-consuming. For instance, ROP-only malware, disk-less samples, and advanced obfuscations are reducing our ability to automatically process and understand new malicious files. The goal of this thesis is to harness the information stored in large malware datasets to improve the samples analysis, provide intelligence information, detect correlation, or simply study trends and evolution of different techniques used by malware writers. In this challenging context, this dissertation will also explore new techniques to extend current static and dynamic analysis approaches to the analysis of novel and sophisticated malware samples. This can involve heavily obfuscated and packed binaries or new form of malicious code and will rely on existing large-scale malware collection systems to provide the required data to conduct experiments.

Doctorant.e: Cozzi Emanuele