Jean-Yves Marion
Last known affiliation: LORIA
Bio: Jean-Yves Marion is a senior researcher in the field of mwalre detection and director of LORIA research institute.
Ludovic Robin 🗣 | Corentin Jannier 🗣 | Jean-Yves Marion 🗣
Abstract (click to view)
Packer detection is an important topic because most malware is packed and this allows it to avoid detection based on static analysis. Identifying classes of packers is the key to effective detection because it makes it easier to determine from a static analysis whether further analysis is needed or whether a decision is already possible. Thus in this work we propose new features to cluster packers from their unpacking function. This method makes it possible to effectively cluster packers, and is able, by clustering, to identify packer classes used by malware. It is a step towards a larger data clustering allowing to identify custom packers.
Thanh Dinh Ta 🗣 | Jean-Yves Marion 🗣 | Guillaume Bonfante 🗣
Abstract (click to view)
One of the issues of a malware detection service is to update its database. For that, an analysis of new samples must be performed. Usually, one tries to replay the behavior of malware in a safe environment. But, a bot sample may activate a malicious function only if it receives some particular input from its command and control server. The game is to find inputs which activate all relevant branches in a bot binary in order to retrieve its malicious behaviors. From a larger viewpoint, this problem is an aggregation of the program exploration and the message format extraction problem, both of them captures many active researches. This is a work in progress in which we try a new approach to code coverage relying on input tainting.