Automatic Inference of Malware Protocol Specifications
Lorenzo De Carli, Assistant Professor of Computer Science at Colorado State University, will hold a seminar entitled “Automatic Inference of Malware Protocol Specifications (and Other Adventures in Network Traffic Analysis)”. Detailed info follow below.
Date: Wednesday June 13, 2018
Time: 15:00
Duration: 1 hour
Venue: Aula Alfa, Ground Floor, Dipartimento di Informatica, Via Salaria 113, 00198
Speaker: Prof. Lorenzo De Carli
Title: Automatic Inference of Malware Protocol Specifications (and Other Adventures in Network Traffic Analysis)
Abstract:
Network-based malware detection is a complex and difficult task. Devising a successful detector for a given malware family oftentimes requires painstaking reverse-engineering of malware binaries and communications. The rate at which new malware families are released makes it unfeasible to perform this analysis manually for every new family; furthermore, modern malware actively attempts to thwart the process by using custom communication protocols which are oftentimes encrypted. In this presentation, I will outline a novel protocol inference algorithm which automatically generates (i) a formal specification of the application-level protocol used by a malware family, and (ii) detection procedures which can identify the protocol within network traffic. This approach has the potential to significantly alleviate the burden of malware analysis for human experts. The algorithm works in an automated fashion, requiring only the malware's binary and samples of the malware network communication, and can circumvent malware's use of encryption.
In the talk, I will also touch upon the complementary problem of efficiently deploying complex detection algorithms on high-bandwidth network traffic. My contribution here focuses on automatic parallelization of such algorithms - which is necessary to enable their rapid deployment at scale - via static program analysis.
* Bio: Lorenzo De Carli is an Assistant Professor of Computer Science at Colorado State University. His research interests focus on networking and security, including deep packet inspection and packet processing. His contributions include analysis of malware communications, parallelization strategies for network traffic analysis, and hardware accelerators for packet inspection and forwarding. He has also worked on optimized signature matching and instruction scheduling for novel processor architectures. Lorenzo received a B.Sc. (2004) and a M.Sc. (2007) in Computer Engineering from Politecnico di Torino, Italy, and a M.Sc. (2010) and Ph.D. (2016) in Computer Science from the University of Wisconsin-Madison.