Hitzaldia / Conferencia: Extracting WinAPI Call Graphs for Inferring Malicious Behaviours (R. Rodriguez, 2016-04-24)

Ingeniaritza Informatikoko Doktorego-Programak eta Ingeniaritza Informatikoko Masterrak hitzaldi bat antolatu dute
Charla organizada por el Programa de Doctorado en Ingeniería Informática y el Master en Ingeniería Informática.

Hizlaria /Ponente: Ricardo Rodríguez (Universidad de Zaragoza)(Centro Universitario de la Defensa, Academia General Militar, Zaragoza)
Izenburua/Título: Extracting WinAPI Call Graphs for Inferring Malicious Behaviours

Hizkuntza/idioma: Gaztelania/Castellano
Data/Fecha:           2017/04/24
Ordua/ Hora:        10:30
Tokia/Lugar:         Ada Lovelace aretoa, Informatika fakultatea UPV/EHU
                            Master en Ingeniería Informática.

Laburpena / Resumen:

The number of incidents related to cyberattacks is increasing rapidly, according to numerous software security vendors during last years. In this regard, malicious software specially crafted to proliferate in PC platforms are exponentially growing not only in quantity but also in complexity. For instance, Kaspersky reported a daily analysis of 350000 malware samples in 2013. Many software security vendors offer products to fight against these threats (mainly denoted as anti-virus software) based on signature-based analysis rather than behavioural-based analysis. Thus, a small modification on the malware might provoke a false negative detection and hence, the infection of devices and the benefit for the cybercriminals.

In this talk, we present an approach to dynamically extract the malicious behaviour of a program binary, based on extracting the call graphs. In particular, we focus on malware that target Windows platforms. The call graph is useful for clustering samples with similar behaviour and to detect malicious behavioural patterns which may be used to build new defence tools. We will also show the advantages and disadvantages of this approach, as well as the possibilities for collaboration. To illustrate the approach,  as case study during the talk we will use the specially crafted malware that target Point-of-Sale systems.

Ricardo Rodríguez (CV):
Ricardo J. Rodríguez received the M.S. and Ph.D. degrees in computer science from the University of Zaragoza, Zaragoza, Spain, in 2010 and 2013, respectively, where his Ph.D. dissertation was focused on performance analysis and resource optimization in critical systems, with special interest in Petri net modeling techniques. He was a Visiting Researcher with the School of Computer Science and Informatics, Cardiff University, Cardiff, U.K., in 2011 and 2012, and the School of Innovation, Design and Engineering, Mälardalen University, Västerås, Sweden, in 2014. He was also a Visiting Professor in the Second University of Naples, Caserta, Italy, during a three-month period in 2016. He is currently an Assistant Professor at Centro Universitario de la Defensa, General Military Academy, Zaragoza, Spain. His professional experience includes the participation in several research projects from national and international fundings (H2020, Spanish Ministry of Science and Innovation, Spanish Ministry of Industry) as well as private collaborations (such as Spanish National Cybersecurity Institute and National Intelligence Centre in Spain). He is an author (or co-author) of more than 20 publications in international journals and/or conferences in the area. His research interests include performability and dependability analysis, program binary analysis, and contactless cards security.

Erantzuna idatzi




HTML etiketa hauek erabil ditzakezu

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>