Hira Agrawal
Senior Scientist
Applied Communication Sciences
Basking Ridge, NJ

Detection of Metamorphic Malware Variants using Control and Data Flow Analysis

Abstract:  Current malware detection and classification tools fail to adequately address variants that are generated automatically using new polymorphic and metamorphic transformation engines that can produce variants that bear no resemblance to one another.  Existing solutions address this problem by employing syntactic signatures that mimic the underlying control structures such as call- and flow-graphs.  These techniques, however, are easily defeated using new program diversification techniques.  This hampers our ability to defend against zero day attacks perpetrated by such auto "replicating", rapidly spreading malware variants.  In this talk, we present a new form of abstract malware signature generation that is based on extracting semantic summaries of malware code that is immune to most polymorphic and metamorphic transformations.  We also present results of our initial, experimental evaluation of the proposed approach.

Biography:  Hira Agrawal is a Senior Scientist in the Systems & Security Research Department at Applied Communication Sciences. He has over twenty years of R&D experience in the software engineering and automation field.  He has worked extensively in the area of combining static and dynamic program analysis techniques to help expedite many tasks software engineers perform when they test, debug, understand, and maintain their programs.  He has lead two U.S. Army projects on detecting malicious code in C/C++ programs and on malware abstraction analysis. He is currently leading another program on automatically extracting reusable components form binary executables.