Automated Malware Similarity Analysis

Presented at DEF CON 17 (2009), July 31, 2009, 5 p.m. (20 minutes)

While it is fairly straightforward for a malware analyst to compare two pieces of malware for code reuse, it is not a simple task to scale to thousands of pieces of code. Many existing automated approaches focus on runtime analysis and critical trait extraction through signatures, but they don't focus on code reuse. Automated code reuse detection can help malware analysts quickly identify previously analyzed code, develop links between malware and its authors, and triage large volumes of incoming data.


Presenters:

  • Daniel Raygoza - DC3 / General Dynamics
    Daniel Raygoza is employed with General Dynamics at the Department of Defense Cyber Crime Center (DC3) Computer Forensics Laboratory (DCFL) as a Forensic Examiner, where he has worked for six years. He performs system forensics, incident response, malware analysis and reverse engineering, and R&D in support of his fellow analysts. He has presented several times at the DC3 Cyber Crime Conference, and has released several small tools for use by the forensics community.

Links:

Tags:

Similar Presentations: