Implement Binary Loop Detection Tool: Implement a dynamic binary loop detector using Intel Pin. The detection accuracy is 100\% on all test programs. The loop detection is conducted in the execution trace.
GNN Training: Adopt a GNN that leverage features extracted from the (loop) execution trace, including opcode and K-Complexity. Our approach can achieve an accuracy over 99\% with a false positive rate at 6.8\%.
Evaluate Performance In Adversarial Setting: Implement common malware anti-analysis techniques, including metamorphic code and code obfuscations. The model can still achieve over 97\% accuracy on program samples with anti-analysis techniques.
Evaluate Performance on Real Ransomware: Our model successfully detected encryption loops from 16 samples of 9 families.
Submitting/Under Review