Title: Discovering Novel Malware Through Software Analysis
Speaker: Tom Deering, ECpE Graduate Student
Abstract: With software size, complexity, and authorship at all-time highs, can we really trust our applications? In Google’s Android Marketplace, if an app runs for 30 seconds without observed suspicious behavior, it is assumed to be “safe” until users make complaints. In a Department of Defense scenario, this reactionary approach is unacceptable. The DoD must detect sophisticated, novel, triggerable malware introduced by adversaries before ever running an app in a real situation.
In this talk, I will describe our work in DARPA’s APAC program to do exactly this. I will discuss our philosophy, approach, some real-world case studies, and our success to date in the program. Emphasis will be on the current challenges we are working to solve. Demos will be provided. I will frame our work within the context of the field of software analysis, providing the listener with background knowledge of well-known techniques, and intuitions for which problems each may be best suited to solve. I will discuss the inherently “fuzzy” definition of malware, and why detection is difficult to fully automate.