[TYPES/announce] Fully funded Postdoctoral position at Inria Rennes - Bretagne Atlantique on Malware Analysis
biondif at gmail.com
Sun Oct 2 16:01:51 EDT 2016
We have opened a fully-funded Postdoc position at Inria Rennes (France).
I would be very grateful if you could distribute it to potentially
interested Ph. D. students and parties. I also apologize in advance for the
The TAMIS team (https://team.inria.fr/tamis) at Inria Rennes - Bretagne
Atlantique is looking for a talented Postdoctoral researcher to work on
The candidate will develop new techniques and tools for the extraction of
representative semantic signatures from obfuscated malware binaries. The
candidate will improve and implement deobfuscation techniques to
efficiently extract semantic signatures from malware, in the context of a
new experimental approach for malware analysis and collaborating with
national and international teams from both academia and industry.
Malware analysis aims to understand the behavior of malware binaries to be
able to detect and reverse infection. Since each malware has a wide range
of variants, classification of a given binary as a variant of known malware
is an important step to neutralizing malware[1,2,3].
The objective of the project is to develop a tool that executes malware
binaries in a realistic virtualized environment able to defeat
counter-virtualization techniques while simulating a large number of
architectures. This tool should execute the malware concretely and
symbolically as necessary and fingerprint its behavior. The fingerprint
will be compared against a database of known malware fingerprints to
classify the analyzed malware binary.
However, malware compilation chains implement obfuscation mechanisms and
cryptographically-enhanced control flow flattening to hinder the analysts'
efforts to classify malware and understand their behavior . Obfuscation
interferes with any attempt to reconstruct the malware's infective behavior
and its control flow, and consequently precludes malware classification.
We have recently shown  how Reed-Muller expansion synthesis algorithms
[6,7,8] can be employed as a generalized technique to simplify and
deobfuscate functions and conditionals by considering them as black-box
oracles and reconstructing their input-output behavior by interrogating
them. Synthesis allows us to defeat various direct code obfuscation
techniques. In particular, when combined with our concrete and symbolic
execution approach it allows us to simplify complex or obfuscated parts of
the code and obtain a clear view of the malware's behavior.
The ideal candidate for this position will have a Ph. D. in computer
science or a related discipline, strong work ethic, ability to work
independently as well as an effective team member, experience in developing
efficient software tools and an interest in information security. Expertise
in reverse engineering, symbolic/concolic execution and malware analysis
will be considered positively for the selection process.
The TAMIS team is the largest security-oriented team at Inria, with
competence spanning the whole field of security, from hardware to protocols
and industry standards.
Candidates are invited to send their application to fabrizio.biondi at inria.fr
and axel.legay at inria.fr . Please include a CV, a short motivation letter
and contact information for 2 referees.
 J.O. Kephart and W.C. Arnold: "Automatic Extraction of Computer Virus
Signatures". Proc. Int'l Conf. Fourth Virus Bull., pp. 178-184, 1994.
 S. Cesare and Y. Xiang: "Classification of Malware Using Structured
Control Flow". Proc. Eighth Australasian Symp. Parallel and Distributed
Computing (AusPDC '10), 2010.
 S. Cesare and Y. Xiang, Wanlei Zhou: "Control Flow-Based Malware
Variant Detection". IEEE Trans. Dependable Sec. Comput. 11(4): 307-317
 C. Wang: "A Security Architecture for survivability Mechanisms". Phd
thesis, Department of Computer Science, University of Virginia (October
 F. Biondi, S. Josse, and A. Legay: "Comparative Evaluation of the
Effectiveness of Constraint Solvers against Opaque Conditionals". Proc.
IEEE S&P (poster session), 2015.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Types-announce