Explore a novel approach to malware analysis through a conference talk on cost-effective forced execution using Probabilistic Memory Pre-planning (PMP). Delve into the challenges of exposing hidden malware behavior and learn how PMP overcomes limitations of existing techniques like X-Force. Discover the innovative memory pre-planning phase that pre-allocates and initializes a large buffer with carefully crafted random values. Understand how this method significantly improves execution speed, reduces false positives and negatives in program dependence detection, and exposes more malicious behaviors in recent malware samples. Examine the architecture, implementation, and probability analysis of PMP, along with its evaluation on SPEC 2000 and a case study on a C&C Bot malware sample.
PMP - Cost-Effective Forced Execution with Probabilistic Memory Pre-planning
Overview
Syllabus
Intro
Background
X-Force v.. PMP
Architecture of PMP
Memory Pre-planning
PAMA Preparation
Variable Initialization
SCMB and SDMB Properties
Example
Implementation
Probability Analysis
Probabilities of Errors in a Typical Setting
Evaluation Settings
Evaluation on SPEC 2000
Case Study: C&C Bot Malware Sample
Availability
Taught by
IEEE Symposium on Security and Privacy
