Date of Award
Spring 5-23-2021
Degree Type
Thesis
Degree Name
Master of Science (MS)
Department
Electrical Engineering and Computer Science
Advisor(s)
Micinski, Kristopher
Keywords
Binary Analysis, Reverse Engineering, Static Analysis
Subject Categories
Computer Sciences | Physical Sciences and Mathematics
Abstract
Lots of work has been done on analyzing software distributed in binary form. This is a challenging problem because of the relatively unstructured nature of binaries. To recover high-level structure, various attempts have included static and dynamic analysis. However, human inspection is often required, as high-level structure is compiled away. Recent success in this area includes work on variable-name recovery, vulnerability discovery, class recovery for object-oriented languages. We are interested in building a pipeline for user to analyze malware. In this thesis we tackle two problems central to malware analysis pipelines. The first is D3RE, an interactive querying tool that allows users to analyze binaries interactively by writing declarative rules and visualizing their results projected onto a binary. The second is Assmeblage, a tool which automatically scrapes GitHub for C and C++ repositories and builds these repositories automatically using different compilation settings to produce a variety of configurations. These two tools will enable users to get enough data to do analysis as well for them to do interactive analysis. Finally, we present future work demonstrating a possible visualization combining d3re and Ghidra along with some specific questions for future user studies.
Access
Open Access
Recommended Citation
Ching, Jeffrey, "Enhancing Usability of Malware Analysis Pipelines With Reverse Engineering" (2021). Theses - ALL. 515.
https://surface.syr.edu/thesis/515