Catalogo dei prodotti della ricerca

The analysis of a malicious piece of software that involves a remote counterpart that instructs it can be troublesome for security professionals, as they may have to unravel the communication protocol in use to figure out what actions can be carried out on the victim’s machine. The possibility to recur to dynamic analysis hinges on the availability of an active remote counterpart, a requirement that may be difficult to meet in several scenarios. In this paper we explore how symbolic execution techniques can be used to synthesize a command-and-control server for a remote access trojan, enabling in-vivo analysis by malware analysts. We evaluate our ideas against two real-world malware instances.

Reconstructing C2 Servers for Remote Access Trojans with Symbolic Execution / Borzacchiello, Luca; Coppa, Emilio; D'Elia, Daniele Cono; Demetrescu, Camil. - 11527:(2019), pp. 121-140. (Intervento presentato al convegno 3rd International Symposium on Cyber Security Cryptography and Machine Learning tenutosi a Beer-Sheva; Israel) [10.1007/978-3-030-20951-3_12].

Reconstructing C2 Servers for Remote Access Trojans with Symbolic Execution

Borzacchiello, Luca;Coppa, Emilio
;D'Elia, Daniele Cono;Demetrescu, Camil
2019

Abstract

The analysis of a malicious piece of software that involves a remote counterpart that instructs it can be troublesome for security professionals, as they may have to unravel the communication protocol in use to figure out what actions can be carried out on the victim’s machine. The possibility to recur to dynamic analysis hinges on the availability of an active remote counterpart, a requirement that may be difficult to meet in several scenarios. In this paper we explore how symbolic execution techniques can be used to synthesize a command-and-control server for a remote access trojan, enabling in-vivo analysis by malware analysts. We evaluate our ideas against two real-world malware instances.
2019
3rd International Symposium on Cyber Security Cryptography and Machine Learning
Malware analysis; Symbolic execution; Protocol reversing
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Reconstructing C2 Servers for Remote Access Trojans with Symbolic Execution / Borzacchiello, Luca; Coppa, Emilio; D'Elia, Daniele Cono; Demetrescu, Camil. - 11527:(2019), pp. 121-140. (Intervento presentato al convegno 3rd International Symposium on Cyber Security Cryptography and Machine Learning tenutosi a Beer-Sheva; Israel) [10.1007/978-3-030-20951-3_12].
04b Atto di convegno in volume
File allegati a questo prodotto
File Dimensione Formato  
Borzacchiello_Postprint_Reconstructing-C2_2019.pdf

accesso aperto

Note: https://link.springer.com/chapter/10.1007/978-3-030-20951-3_12
Tipologia: Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 592.15 kB
Formato Adobe PDF
592.15 kB Adobe PDF
Borzacchiello_Reconstructing-C2_2019.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.34 MB
Formato Adobe PDF
  Contatta l'autore
1.34 MB Adobe PDF   Contatta l'autore
Borzacchiello_Frontespizio-indice_Reconstructing-C2_2019.pdf

solo gestori archivio

Tipologia: Altro materiale allegato
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.11 MB
Formato Unknown
  Contatta l'autore
1.11 MB Unknown   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1291915
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 10
  • ???jsp.display-item.citation.isi??? 7
social impact