Experiences and Challenges in Automated Malware Analysis: Quo Vadis Sandboxes?

Speaker: Prof. Engin Kirda , Northeastern University

Date: Thursday, November 14, 2013

Time: 4:00 PM to 5:30 PM Note: all times are in the Eastern Time Zone

Public: Yes

Location: G575

Event Type:

Room Description:

Host: CSAIL Security Seminar

Contact: Raluca Ada Popa, raluca@csail.mit.edu

Relevant URL:

Speaker URL: None

Speaker Photo:

Reminders to: seminars@csail.mit.edu

Reminder Subject: TALK: Experiences and Challenges in Automated Malware Analysis: Quo Vadis Sandboxes?

Abstract: Malicious software (or malware) is one of the most pressing and major security threats facing the Internet today. Anti-malware companies typically have to deal with tens of thousands of new malware samples every day. To cope with these large quantities, researchers and practitioners alike have developed a number of automated, dynamic malware analysis systems. These systems automatically execute a program in a controlled environment, and produce a report describing the program's behavior. Such dynamic malware analysis sandboxes are the latest rage, and a popular example of such a is Anubis, a freely-accessible, large-scale public malware analysis system that that we have developed, and have been maintaining for more than six years. In this talk, I will discuss the problems and challenges in dynamic malware analysis, and will report on our experiences in maintaining a large-scale malware analysis system. I will also talk about some of our research that aims to address the problem of evasive malware. Finally, I will elaborate on some of the remaining challenges and open research topics in the area.

Bio: Engin Kirda is the Sy and Laurie Sternberg Associate Professor of Information Assurance at the Northeastern University in Boston and the director of the Northeastern Information Assurance Institute. He is also a co-founder and Chief Architect at Lastline, Inc. Before moving to the US, he has held faculty positions at Institute Eurecom in the French Riviera and the Technical University of Vienna where he co-founded the International Secure Systems Lab (iSecLab) that is now distributed over five institutions in Europe and US. Engin's recent research has focused on malware analysis (e.g., Anubis, Exposure, Fire) and detection, web application security, and practical aspects of social networking security. His recent work on the deanonymization of social network users received wide media coverage. He co- authored more than 100 peer-reviewed scholarly publications and served on program committees of numerous well-known international conferences and workshops. In 2009, Engin was the Program Chair of the International Symposium on Recent Advances in Intrusion Detection (RAID), in 2010/11, Program Chair of the European Workshop on Systems Security (Eurosec), and in 2012 the Program Chair of the USENIX Workshop on Large Scale Exploits and Emergent Threats. He is currently the program co-chair of NDSS, and will be chairing it in 2015. In the past, Engin has consulted the European Commission on emerging threats, and gave a Congressional Briefing in Washington D.C. on advanced malware attacks and cyber-security in 2012.

Research Areas:

Impact Areas:

See other events that are part of the CSAIL Security Seminar 2013/2014.

Created by Raluca Ada Popa Email at Wednesday, November 13, 2013 at 12:11 PM.