Malware Analysis


SRL Home

Home

Description

Prerequisites

Topics

Material

References


Virus Analysis - Techniques, Tools and Research

Tutorial Objectives

Anti-virus companies receive over 100,000 suspect documents and programs every month. The time it takes to determine whether a suspect is malicious, crafting antidote, and distributing the anti-dote is crucial to the success of an anti-virus technology. Reverse engineering plays a crucial role in determining whether a program is malicious. It is also used to determine what a malicious program does in order to undo its effect. In spite of its significance, there has not been any significant research in developing tools and techniques to aid in analysis of malicious programs. Most research on the subject has taken place in the laboratories of anti-virus companies.

The objective of this tutorial is to:

  1. provide background needed for a participant to initiate research in analysis of malicious programs, and
  2. initiate discussions on a distributed, collaborative, university-based virus reverse-engineering team.

The tutorial will provide the following:

  1. An overview of methods and procedures for setting up a clean-room (isolated) environment for studying malicious programs.
  2. Hands-on experience in analyzing a sample virus, Beagle.J.
  3. A survey of research in virus analysis.
  4. A framework for distributed, collaborative reverse engineering of contagious code.


WCRE logo and graphics design - Copyright (C) 2004 Claire Knight, University of Delft. All Rights Reserved.
Web content - Copyright (C) 2004 University of Louisiana at Lafayette. All Rights Reserved.