Thesis Details
Generic Reverse Compilation to Recognize Specific Behavior
Thesis is aimed on recognition of specific behavior by generic reverse compilation. The generic reverse compilation is a process that transforms executables from different architectures and object file formats to same high level language. This process is covered by a tool Lissom Decompiler. For purpose of behavior recognition the thesis introduces Language for Decompilation -- LfD. LfD represents a simple imperative language, which is suitable for a comparison. The specific behavior is given by the known executable (e.g. malware) and the recognition is performed as finding the ratio of similarity with other unknown executable. This ratio of similarity is calculated by a tool LfDComparator, which processes two sources in LfD to decide their similarity.
reverse compilation, decompilation, obfuscation, malware, program behavior, similarity
@phdthesis{FITPT572, author = "Luk\'{a}\v{s} \v{D}urfina", type = "Ph.D. thesis", title = "Generic Reverse Compilation to Recognize Specific Behavior", school = "Brno University of Technology, Faculty of Information Technology", year = 2014, location = "Brno, CZ", language = "english", url = "https://www.fit.vut.cz/study/phd-thesis/572/" }