Description: String pattern matching is the most widely used method for anti-virus software to detect malware. However, this technique proves to be ineffective against metamorphism, which use a lot of transformation technique to evade pattern-based signature.
This research attempts to solve the essential part of the problem by introducing semantic signature for metamorphic malware. Unlike traditional signature, semantic signature is able to detect metamorphic code even if they have gone through multiple transformations. Our talk starts with the overview of popular mutation techniques used by metamorphism, then defines the semantic signature, and explains how to create and match them against the suspected code. Some cool demos will help the audience to understand the challenges, advantages and drawback of this solution.
We have implemented a toolset named OptiSig to realize our idea. OptiSig is able to produce the semantic signature for the metamorphic code, evaluate a sequence of machine code against the generated signature, then gives out the verdict of the equivalence (or not) of the code against the signature. OptiSig supports both 32-bit and 64-bit Intel platforms.
For More Information please visit : - http://www.blackhat.com/eu-13/briefings.html
Tags: securitytube , hacking , hackers , information security , convention , computer security , blackhat-eu-2013 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.