Bilkent University
Department of Computer Engineering


Large-Scale Dynamic Malware Analysis Problems, Solutions, and Challenges


Dr. Engin Kırda
Northeastern University

Malicious software (or malware) is one of the most pressing and major security threats facing the Internet today. Anti-virus companies typically have to deal with tens of thousands of new malware samples every day. To cope with these large quantities, researchers and practitioners alike have developed a number of automated, dynamic malware analysis systems. These systems automatically execute a program in a controlled environment, and produce a report describing the program's behavior. An example of such an analysis system is Anubis, a public dynamic malware analysis system that that we have developed, and have been maintaining for more than three years

In this talk, I will discuss the problems and challenges in dynamic malware analysis. I will then present several solutions that we have proposed to automatically cluster, detect, and understand malware. Finally, I will elaborate on the remaining challenges and open research topics in the area.

Bio: Bio: Engin Kirda is associate professor at the College of Computer and Information Science at Northeastern University in Boston. He has previously been an associate professor in the Networking and Security Department at Institute Eurecom in France (2008-2010) and has also served on the computer science faculty at the Technical University of Vienna (2003-2007).

Professor Kirda's research focuses on security issues with the potential to affect a large number of people. He is the co-founder and co-director of the International Secure Systems Lab, a collaborative effort of European and U.S. researchers focused on Web security, malware and vulnerability analysis, intrusion detection, and other computer security issues. The lab is well known in industry and academia for developing tools such as Anubis, which analyzes malware; FIRE (FInding RoguE Networks), which determines whether an Internet service provider has been compromised; and Pixy, which conducts vulnerability assessments for Web pages. No virus found in this incoming message.


DATE: 30 December, 2010, Thursday @ 10:40