Binary code analyzer BE-PUM with statistical methods
报告题目:Binary code analyzer BE-PUM with statistical methods
报告人:Mizuhito Ogawa(小川瑞史)教授 日本JAIST大学
主持人:李鑫
报告时间:12月2日 周五 9:30—10:30
报告地点:中北校区理科大楼B1002
报告摘要:
BE-PUM is a model generator for binaries based on concolic testing on heterogeneous environments.
We show our recent work on an implementation extension and an application on packer identification,combined with statistical methods.The first implementation extension is, automatic API stub generation based on light-weight NLP, which generates 1400 API stubs among 2300 API descriptions collected from MSDN. The second application targets on characteristic of used packers by the frequency vector of obfuscation techniques in unpacking code, which corrects 327 inconsistency among commercial packer identification PEiD,CFFexplorer, and VirusTotal over more than 5000 malware examples taken from VXheaven.