Fast automated unpacking and classification of malware
thesisposted on 06.12.2017, 00:00 by Silvio CesareSilvio Cesare
"Malware is a pervasive problem in distributed computer and network systems. Identification of malware variants provides great benefit in early detection. Control flow has been proposed as a characteristic that can be identified across variants, resulting in classificaiton empoying flowgraph based signatures. Static analysis is widely used to construct the signatures but can be ineffective if malware undergoes a code packing transforrmation to hide its real content. This thesis proposes a novel system, names Malwise, for malware classification using a fast application level emulator to reverse the code packing transformation, and two flowgraph matching algorithms to perform classification: exact flowgraph matching and approximate flowgraph matching"--Abstract.