BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Polymorphic attacks against sequence-based software birthmarks - W
 ei Ming Khoo (University of Cambridge)
DTSTART:20120608T150000Z
DTEND:20120608T152000Z
UID:TALK38528@talks.cam.ac.uk
CONTACT:Wei Ming Khoo
DESCRIPTION:Sequence alignment algorithms have recently found a use in det
 ecting code clones\, software plagiarism\, code theft\, and polymorphic ma
 lware. This approach involves extracting birthmarks\, in this case sequenc
 es\, from programs and comparing them using sequence alignment\, a procedu
 re which has been intensively studied in the field of bioinformatics. This
  idea seems promising. However\, we show that an attacker can evade detect
 ion by considering the positions of inserted dummy code and/or the frequen
 cy of function calls. Moreover\, we found that randomly inserting and dele
 ting symbols in the sequence was ineffective. By using birthmark sequences
  extracted from actual malicious and benign programs\, we found that the m
 ost effective strategy was to use a hybrid approach incorporating “non-c
 onsecutive insertion” and “highest frequency deletion”. We also disc
 uss the implementation costs of such attacks and propose using non-determi
 nism through concurrent programming as an alternative evasion strategy. Th
 is is joint work with Hyoungshick Kim and Pietro Lio'.\n\nThis is a practi
 ce talk for SSP'12.
LOCATION:Computer Laboratory\, William Gates Building\, Room FW26
END:VEVENT
END:VCALENDAR