Information Trust Institute (ITI) Calendar

Back to Listing

TSS Seminar: Anthony Cozzie: "Digging for Data Structures"

Event Type
Information Trust Institute
3405 Siebel Center
Dec 3, 2008   4:00 pm  
Anthony Cozzie, UIUC Department of Computer Science
Originating Calendar
Information Trust Institute (ITI) archival calendar


Because writing computer programs is hard, computer programmers are taught to use encapsulation and modularity to hide complexity and reduce the potential for errors. Their programs will have a high-level, hierarchical structure that reflects their choice of internal abstractions. We designed and forged a system, Laika, that detects this structure in memory using Bayesian unsupervised learning. Because almost all programs use data structures, their memory images consist of many copies of a relatively small number of templates. Given a memory image, Laika can find both the data structures and their instantiations.

We then used Laika to detect three common polymorphic botnets by comparing their data structures. Because it avoids their code polymorphism entirely, Laika is extremely accurate. Finally, we argue that writing a data structure polymorphic virus is likely to be considerably harder than writing a code polymorphic virus.

link for robots only