Monday 8th November 2004; 13:30-17:30
Virus Analysis - Techniques, Tools, and Research Issues
Arun Lakhotia and Michael P. Venable
University of Louisiana at Lafayette, USA
The tutorial will cover techniques, tools, and research issues in analyzing computer viruses. It will provide participants the background needed to initiate research in reverse engineering computer viruses.
Anti-virus companies receive over 100,000 suspect documents and programs every month. The time it takes to determine whether a suspect is malicious, crafting antidote, and distributing the anti-dote is crucial to the success of an anti-virus technology. Reverse engineering plays a crucial role in determining whether a program is malicious. It is also used to determine what a malicious program does in order to undo its effect. In spite of its significance, there has not been any significant research in developing tools and techniques to aid in analysis of malicious programs. Most research on the subject has taken place in the laboratories of anti-virus companies.
The objective of this tutorial is to:
- provide background needed for a participant to initiate research in analysis of malicious programs, and
- initiate discussions on a distributed, collaborative, university-based virus reverse-engineering team.
The tutorial will provide the following:
- An overview of methods and procedures for setting up a clean-room (isolated) environment for studying malicious programs.
- Hands-on experience in analyzing a sample virus, Beagle.J.
- A survey of research in virus analysis.
- A framework for distributed, collaborative reverse engineering of contagious code.
More information is available at www.cacs.louisiana.edu/cybersecurity/malware-tutorial/.
NOTE: To perform hands-on exercises, participants are expected to bring their own laptop which needs to be pre-configured with the software to create a safe experimentation environment. There will be no time for installing this software during the tutorial. Further details about setting up the experimentation environment can be found at www.cacs.louisiana.edu/cybersecurity/malware-tutorial/prereq.html.