CACEE: Context Aware Concolic Execution Engine for Malware Analysis

Lovejoy, Samuel

CACEE: Context Aware Concolic Execution Engine for Malware Analysis

Files

LOVEJOY-THESIS-2021.pdf (421.13 KB)

Author(s)

Lovejoy, Samuel

Advisor(s)

Saltaformaggio, Brendan D.

Associated Organization(s)

Organizational Unit

School of Electrical and Computer Engineering

Organizational Unit

College of Engineering

Abstract

An emerging pattern in malware is the use of public web services for command andcontrol (C&C) infrastructure. This new trend, combined with the short lifespan of malwarein the wild, makes extracting behaviors from malware in an automated fashion a difficultproblem. The Context-Aware Concolic Execution Engine (CACEE) is a tool designed torecreate the original execution context, forcing Windows 32-bit malware to execute theirpayloads as if they were still operational. CACEE monitors the flow of data as the payloadexecutes, and uses this information to synthesize the behaviors the malware exhibits. Threemalware case studies that abuse public web services are analyzed with CACEE, and theresults are compared against manual reverse engineering.

Date

2021-05-04

Resource Type

Text

Resource Subtype

Thesis

Full item page