Show simple item record

dc.contributor.advisorSaltaformaggio, Brendan
dc.contributor.authorKilger, Fabian
dc.date.accessioned2020-09-08T12:49:04Z
dc.date.available2020-09-08T12:49:04Z
dc.date.created2020-08
dc.date.issued2020-07-28
dc.date.submittedAugust 2020
dc.identifier.urihttp://hdl.handle.net/1853/63696
dc.description.abstractWhile there has been significant progress in automated malware analysis, the focus of prior work has been mostly on programs written in C/C++. Advanced malware such as the Triton malware, however, also employ Python which imposes additional challenges to the automated malware analysis. Motivated by this example, we design and implement a concolic execution framework that is capable of extracting models of the targeted industrial control systems (ICS) based on the Python malware's communication with the system. Our approach first transforms the Python malware to C and then utilizes a symbolic execution engine to analyze the resulting C code. We prove the functionality of our framework on a set of test programs and evaluate it on two ICS-related samples including the Triton malware. Finally, we discuss how the results of our analysis can be used to identify potentially targeted ICS of a Python malware.
dc.format.mimetypeapplication/pdf
dc.language.isoen_US
dc.publisherGeorgia Institute of Technology
dc.subjectMalware
dc.subjectSymbolic execution
dc.subjectConcolic execution
dc.subjectDynamic binary insrumentation
dc.subjectIndustrial control system
dc.subjectTriton
dc.subjectTrisis
dc.subjectSearch strategy
dc.titleExtracting ICS models from malware via concolic analysis
dc.typeThesis
dc.description.degreeM.S.
dc.contributor.departmentComputer Science
thesis.degree.levelMasters
dc.contributor.committeeMemberBeyah, Raheem
dc.contributor.committeeMemberPearce, Paul
dc.date.updated2020-09-08T12:49:04Z


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record