Projects and grants

System for Support of Platform Independent Malware Analysis in Executable Files

Reseach leader:

Krčma Pavel, Obluk Karel

Team leaders:

Kolář Dušan

Team members:

Ďurfina Lukáš, Křoustek Jakub, Zemek Petr

Agency:

TAČR

Code:

TA01010667

Start:

2011

End:

2013

Keywords:

malware, anti-virus, reverse engineering, security, code analysis, code transformation, compiler, decompiler, disassembler

Annotation:

The primary objective of this project is creation of compact system for support of malware analysis. This system will be able to analyze binary executable code, no matter which format or platform was the file created for. Compact, functionally equivalent form of representation will be the output of analysis process. Special computer language will designed for this purpose. Usage of such system will lead to expansion of the anti-virus industry to new markets like mobile phones, multimedia players, etc.

Publications

2013	Křoustek, J., Kolář, D.: Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis, In: Acta Informatica Pragensia, Vol. 2013, No. 2, Praha, CZ, p. 1-12, ISSN 1805-4951
	Křoustek, J., Kolář, D.: Preprocessing of Binary Executable Files Towards Retargetable Decompilation, In: 8th International Multi-Conference on Computing in the Global Information Technology (ICCGI'13), Nice, FR, IARIA, 2013, p. 1-6, ISBN 978-1-61208-283-7
2012	Ďurfina, L., Kolář, D.: C Source Code Obfuscator, In: Kybernetika, Vol. 48, No. 3, 2012, CZ, p. 8, ISSN 0023-5954
	Ďurfina, L., Křoustek, J., Zemek, P., Kábele, B., Kolář, D.: On Complex Reconstruction of Functions from Binary Executable Files, In: 8th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science, Brno, CZ, MUNI, 2012, p. 100-101, ISBN 978-80-87342-15-2
	Ďurfina, L., Křoustek, J., Zemek, P., Kábele, B.: Accurate Recovery of Functions in a Retargetable Decompiler, In: The 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2012), Amsterdam, NL, Springer, 2012, p. 390-392, ISBN 978-3-642-33337-8
	Ďurfina, L., Křoustek, J., Zemek, P., Kábele, B.: Detection and Recovery of Functions and their Arguments in a Retargetable Decompiler, In: 19th Working Conference on Reverse Engineering (WCRE 2012), Kingston, Ontario, CA, IEEE CS, 2012, p. 51-60, ISBN 978-0-7695-4891-3
	Ďurfina, L., Křoustek, J., Zemek, P.: Generic Source Code Migration Using Decompilation, In: 10th Annual Industrial Simulation Conference (ISC'2012), Brno, CZ, EUROSIS, 2012, p. 38-42, ISBN 978-90-77381-71-7
	Křoustek, J., Kolář, D.: Object-File-Format Description Language and Its Usage in Retargetable Decompilation, In: AIP Conference Proceedings, Kos, GR, AIP, 2012, p. 466-469, ISBN 978-0-7354-1091-6, ISSN 1551-7616
	Křoustek, J., Matula, P., Končický, J., Kolář, D.: Accurate Retargetable Decompilation Using Debug Information, In: Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE'12), Rome, IT, IARIA, 2012, p. 79-84, ISBN 978-1-61208-209-7
2011	Ďurfina, L., Kolář, D.: C Source Code Obfuscator, In: Book of Abstracts ISCAMI 2011, Malenovice, CZ, OU, 2011, p. 1
	Ďurfina, L., Kolář, D.: Generic detection of register realignment, In: AIP Conference Proceedings, Kassandra, Halkidiki, GR, AIP, 2011, p. 806-809, ISBN 978-0-7354-0956-9, ISSN 1551-7616
	Ďurfina, L., Křoustek, J., Zemek, P., Kolář, D., Hruška, T., Masařík, K., Meduna, A.: Advanced Static Analysis for Decompilation Using Scattered Context Grammars, In: Proceedings of the Applied Computing Conference 2011 (ACC'11), Angers, FR, WSEAS, 2011, p. 164-169, ISBN 978-1-61804-051-0
	Ďurfina, L., Křoustek, J., Zemek, P., Kolář, D., Hruška, T., Masařík, K., Meduna, A.: Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis, In: The 5th International Conference on Information Security and Assurance, Brno, CZ, Springer, 2011, p. 72-86, ISBN 978-3-642-23140-7
	Ďurfina, L., Křoustek, J., Zemek, P., Kolář, D., Hruška, T., Masařík, K., Meduna, A.: Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis, In: 7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science, Brno, CZ, MUNI, 2011, p. 114-114, ISBN 978-80-214-4305-1
	Ďurfina, L., Křoustek, J., Zemek, P., Kolář, D., Hruška, T., Masařík, K., Meduna, A.: Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis, In: International Journal of Security and Its Applications, Vol. 5, No. 4, 2011, Daejeon, KR, p. 91-106, ISSN 1738-9976
	Ďurfina, L., Křoustek, J., Zemek, P., Kolář, D., Hruška, T., Masařík, K., Meduna, A.: Design of an Automatically Generated Retargetable Decompiler, In: 2nd European Conference of COMPUTER SCIENCE (ECCS'11), Puerto De La Cruz, Tenerife, ES, NAUN, 2011, p. 199-204, ISBN 978-1-61804-056-5
	Ďurfina, L.: Recognition of Register Realignment by Scattered Context Grammars, In: Proceedings of the 17th Conference and Competition STUDENT EEICT 2011 Volume 3, Brno, CZ, FIT VUT, 2011, p. 470-474, ISBN 978-80-214-4273-3
	Jirák, O., Kolář, D.: Comparison of Classical and Lazy Approach in SCG Compiler, In: NUMERICAL ANALYSIS AND APPLIED MATHEMATICS ICNAAM 2011: International Conference on Numerical Analysis and Applied Mathematics, Halkidiki, GR, AIP, 2011, p. 873-876, ISBN 978-0-7354-0956-9, ISSN 1551-7616
	Křoustek, J., Matula, P., Ďurfina, L.: Generic Plugin-Based Converter of Object File Formats and Its Usage in Retargetable Decompilation, In: Proceedings of the 6th International Scientific and Technical Conference (CSIT'2011), Lviv, UA, LPNU, 2011, p. 127-130, ISBN 978-966-2191-04-2
	Křoustek, J., Přikryl, Z., Kolář, D., Hruška, T.: Retargetable Multi-level Debugging in HW/SW Codesign, In: The 23rd International Conference on Microelectronics (ICM 2011), Hammamet, TN, IEEE, 2011, p. 1-6, ISBN 978-1-4577-2209-7
	Křoustek, J., Židek, S., Kolář, D., Meduna, A.: Scattered Context Grammars with Priority, In: International Journal of Advanced Research in Computer Science, Vol. 2, No. 4, 2011, Udaipur, IN, p. 1-6, ISSN 0976-5697
	Přikryl, Z., Křoustek, J., Hruška, T., Kolář, D.: Fast Just-In-Time Translated Simulator for ASIP Design, In: 14th IEEE International Symposium on Design and Diagnostics of Electronic Circuits and Systems, Cottbus, DE, IEEE CS, 2011, p. 279-282, ISBN 978-1-4244-9753-9

Nacházíte se v sekcích

Main menu

System for Support of Platform Independent Malware Analysis in Executable Files

Publications