The University of Arizona

Events & News


DateWednesday, May 5, 2010
Time2:00 pm
LocationGS 942
Saumya Debray
Christian Collberg
Ian Fasel
SpeakerNithya Krishnamoorthy
TitleMS Thesis Defense
AffiliationComputer Science Department-University of Arizona

Static Detection of Disassembly Errors

Abstract: The first step in understanding the semantics of a binary executable is to extract the assembly instructions that could get executed if it is allowed to run. This sequence of assembly instructions, typically obtained by static disassembly, is assumed to be correct by many analysis techniques that build on it. However, static disassembly can be incorrect; there can be accidental errors during disassembly or a disassembler can be deliberately misled by binary obfuscation techniques, rendering this assumption invalid. This thesis proposes a machine learning approach to statically identify disassembly errors in a static disassembly, so that such potential errors can be examined more closely, using, for example, dynamic analysis. We show that a decision tree classifier that is built using this approach identifies most known disassembly errors in the malware that we used for evaluation.