Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Helping Johnny to analyze malware: A usability-optimized decompiler and malware analysis user study

 
: Yakdan, K.; Dechand, S.; Gerhards-Padilla, E.; Smith, M.

:

Locasto, M. ; Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society, Technical Committee on Security and Privacy:
IEEE Symposium on Security and Privacy, SP 2016. Proceedings : 23-25 May 2016, San Jose, California, USA
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2016
ISBN: 978-1-5090-0824-7
ISBN: 978-1-5090-0825-4
ISBN: 978-1-5090-0823-0
S.158-177
Symposium on Security and Privacy (SP) <37, 2016, San Jose/Calif.>
Englisch
Konferenzbeitrag
Fraunhofer FKIE ()

Abstract
Analysis of malicious software is an essential task in computer security, it provides the necessary understanding to devise effective countermeasures and mitigation strategies. The level of sophistication and complexity of current malware continues to evolve significantly, as the recently discovered "Regin" malware family strikingly illustrates. This complexity makes the already tedious and time-consuming task of manual malware reverse engineering even more difficult and challenging. Decompilation can accelerate this process by enabling analysts to reason about a high-level, more abstract from of binary code. While significant advances have been made, state-of-the-art decompilers still produce very complex and unreadable code and malware analysts still frequently go back to analyzing the assembly code. In this paper, we present several semantics-preserving code transformations to make the decompiled code more readable, thus helping malware analysts understand and combat malware.

: http://publica.fraunhofer.de/dokumente/N-422139.html