Sebastian Schrittwieser: Guest talk at Reykjavik University
On December 5, 2022 Sebastian Schrittwieser held a guest talk at the Reykjavik University.
Title of the talk
Quantifying obfuscation stealth und resilience for malware research and analysis
Code obfuscation, i.e. the artificial complication of program code, is used by almost every malware with the aim of preventing detection and analysis of its internal workings. While there are many program analysis methodologies and tools available, their ability to deal with particular code obfuscation techniques varies widely. Therefore, it is essential for both manual and automated malware analysis to be able to reliably identify which obfuscation technique a previously unknown malware uses and which analysis technique or tool is best suited for further analysis.
In this talk, research work was presented towards an expert system for deciding on the most suitable analysis methods and tools. Based on a large-scale evaluation of stealth und resilience properties of obfuscations and combinations thereof against different code analysis methods and existing tools as well as an in-depth analysis of past literature, we aim at building a detailed knowlege base on malware obfuscation for more targeted analysis and de-obfuscation.