Embedded Files
▶ Research on Analyses of VM-based obfuscation (Sept.2024~Aug.2027)
Attackers often deploy obfuscated malware to conceal malicious behavior. As a result, malware analysis is typically preceded by deobfuscation, which is often difficult to perform using traditional approaches such as static analysis and concrete execution due to their practical limitations. To detect handlers for virtualized code sections and virtual instruction pointers in obfuscated binaries, we employ program synthesis, machine learning, and both static and dynamic program analysis techniques, leveraging advanced data structures such as E-graphs. In particular, we focus on applying transformer-based models and large language models (LLMs) to analyze and resolve virtualization-based obfuscation. Recently, we have also been working on vulnerability detection and malware deobfuscation in the Unified Extensible Firmware Interface (UEFI).
(Supported by the National Research Foundation of Korea (NRF) and AhnLab, and previously supported by the National Security Research Institute and Chungnam National University.)
Report abuse