A New Bioinformatics-Inspired and Binary Analysis: Coding Style/Motif Identification

Presented at DEF CON 14 (2006), Aug. 4, 2006, 6 p.m. (50 minutes).

Security analysis is severely complicated by the size and abundance of executable code. Existing concepts and code can be combined, obfuscated, packed, and hidden toward the ends of evading detection and frustrating analysis. Is that patch fixing the problem it claims to fix? Have you seen that malicious code before? Have you seen these particular motifs/style before? All very interesting questions, some of which can be addressed using existing tools/techniques. This talk looks at a new tool, inspired by a scored string match used for genetic analysis: the Basic Local Alignment Search Tool (BLAST). Can this tool identify motifs common to UPX? Can this tool identify code generated by different versions of GCC? Does this tool provide similar Malware classifications to other tools? The talk will include an overview of the technique, demonstration of the use of the new tool set (binBLAST), and its performance.

Presenters:

  • Scott Miller
    Scott Miller has recently graduated from the New Mexico Institute of Mining and Technology, the technique of this presentation developed in his Master's Thesis "A Bioinformatics Approach to the Security Analysis of Binary Executables". While pursuing his master's degree, he also considered a number of topics including human infection/immunity, natural language steganography, self-sustaining high-availability intrusion prevention systems, and secure compiler construction.

Links:

Similar Presentations: