EXPOSING TRANSIENT SECRETS AND DETECTING MALWARE VARIANTS USING CONTROL AND DATA FLOW ANALYSIS

Malware is one of the major threats faced by distributed computing system. Malware authors use cryptographic algorithms to protect themselves from being analyze d. The use of cryptographic algorithms and transient secrets inside the malware binary provides a key obstacle to effective malware analysis and defense. CipherXRay?a novel binary analysis framework that can automatically identify and recover the cryptographic operations and transient secrets from the execution of potentially obfuscated binary exec utables. CipherXRay is based on the avalanche effect of cryptographic functions which is able to accurately pinpoint the boundary of cryptographic operation and recover tru ly transient cryptographic secrets that only exist in memory for one instant in between multiple nested cryptographic operations.