Malicious software (malware) has become a major threat to computer security and will continue to be a central theme for computer security research for decades. This project takes a binary and virtualization centric approach to effectively and efficiently defeat malware using both online and offline analysis. Offline malware analysis aims to extract knowledge about the inner-workings for a newly discovered malware instance or software exploit, for the purpose of building up proper defense against similar attacks. Online malware defense aims to build efficient security mechanisms to effectively confine malicious behavior and collect enough evidence for subsequent security investigation.
For offline malware analysis, a novel virtualization-based malware analysis platform is used, on top of which new type inference techniques are applied to malware decomposition and vulnerability diagnosis. For online malware defense, new techniques for module-level sandbox and execution replay using virtualization are cooperatively used to defeat malware.
The results from this research will be disseminated through both peer-reviewed publications and software release. Based on this research, new course materials, modular hands-on projects, and professional training tutorials will be developed, to help future computer engineers and security researchers gain in-depth knowledge about malware defense.