Papers by Chandramohan Mahinthan
Binary code search has received much attention recently due to its impactful applications, e.g., ... more Binary code search has received much attention recently due to its impactful applications, e.g., plagiarism detection, malware detection and software vulnerability auditing. However, developing an effective binary code search tool is challenging due to the gigantic syntax and structural differences in binaries resulted from different compilers, architectures and OSs. In this paper, we propose BINGO— a scalable and robust binary search engine supporting various ar-chitectures and OSs. The key contribution is a selective inlining technique to capture the complete function semantics by inlining relevant library and user-defined functions. In addition, architecture and OS neutral function filtering is proposed to dramatically reduce the irrelevant target functions. Besides, we introduce length variant partial traces to model binary functions in a program structure agnostic fashion. The experimental results show that BINGO can find semantic similar functions across architecture and OS boundaries, even with the presence of program structure distortion, in a scalable manner. Using BINGO, we also discovered a zero-day vulnerability in Adobe PDF Reader, a COTS binary.
Binary code search has received much attention recently due to its impactful applications, e.g., ... more Binary code search has received much attention recently due to its impactful applications, e.g., plagiarism detection, malware detection and software vulnerability auditing. However, developing an effective binary code search tool is challenging due to the gigantic syntax and structural differences in binaries resulted from different compilers, architectures and OSs. In this paper, we propose BINGO— a scalable and robust binary search engine supporting various ar-chitectures and OSs. The key contribution is a selective inlining technique to capture the complete function semantics by inlining relevant library and user-defined functions. In addition, architecture and OS neutral function filtering is proposed to dramatically reduce the irrelevant target functions. Besides, we introduce length variant partial traces to model binary functions in a program structure agnostic fashion. The experimental results show that BINGO can find semantic similar functions across architecture and OS boundaries, even with the presence of program structure distortion, in a scalable manner. Using BINGO, we also discovered a zero-day vulnerability in Adobe PDF Reader, a COTS binary.
Mystique
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16, 2016
Detection of Buffer Overflow Vulnerabilities in C/C++ with Pattern Based Limited Symbolic Evaluation
2012 IEEE 36th Annual Computer Software and Applications Conference Workshops, 2012
Abstract Buffer overflow vulnerability is one of the major security threats for applications writ... more Abstract Buffer overflow vulnerability is one of the major security threats for applications written in C/C++. Among the existing approaches for detecting buffer overflow vulnerability, though flow sensitive based approaches offer higher precision but they are limited by heavy overhead and the fact that many constraints are unsolvable. We propose a novel method to efficiently detect vulnerable buffer overflows in any given control flow graph through recognizing two patterns. The proposed approach first uses syntax analysis to filter away ...
Has this bug been reported?
2013 20th Working Conference on Reverse Engineering (WCRE), 2013
Abstract Bug reporting is an uncoordinated process that is often the cause of redundant workload ... more Abstract Bug reporting is an uncoordinated process that is often the cause of redundant workload in triaging and fixing bugs due to many duplicated bug reports. Furthermore, quite often, same bugs are repeatedly reported as users or testers are unaware of whether they have been reported from the search query results. In order to reduce both the users and developers' efforts, the quality of search in a bug tracking system is crucial. However, all existing search functions in a bug tracking system produce results with undesired ...
In recent years, malware (malicious software) has greatly evolved and has become very sophisticat... more In recent years, malware (malicious software) has greatly evolved and has become very sophisticated. The evolution of malware makes it difficult to detect using traditional signature-based malware detectors. Thus, researchers have proposed various behavior-based malware detection techniques to mitigate this problem. However, there are still serious shortcomings, related to scalability and computational complexity, in existing malware behavior modeling techniques. This raises questions about the practical applicability of these techniques.
Abstract Automated Red Teaming (ART) is an automated process for Manual Red Teaming which is a te... more Abstract Automated Red Teaming (ART) is an automated process for Manual Red Teaming which is a technique frequently used by the Military Operational Analysis community to uncover vulnerabilities in operational tactics. The ART makes use of multi-objective evolutionary algorithms such as SPEAII and NSGAII to effectively find a set of non-dominated solutions from a large search space. This paper investigates the use of a multi-objective bee colony optimization (MOBCO) algorithm with Automated Red Teaming.
International Symposium on the Foundations of Software Engineering (ACM SIGSOFT/FSE-20)
Anti-malware vendors receive several thousand new malware (malicious software) variants per day. ... more Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants that exhibit similar behavior helps to generate malware signatures more efficiently. Unfortunately, exponential growth of new malware variants and huge-dimensional feature space, as used in existing approaches, make the clustering task very challenging and difficult to scale. Furthermore, malware behavior modeling techniques proposed in the literature do not scale well, where malware feature space grows in proportion with the number of samples under examination.
OPTMAS'11
We present a novel evolutionary computation approach to optimize agent based models using a varia... more We present a novel evolutionary computation approach to optimize agent based models using a variable-length genome representation. This evolutionary optimization technique is applied to Computational Red Teaming (CRT). CRT is a vulnerability assessment tool which was originally proposed by the military operations research community to automatically uncover critical weaknesses of operational plans. Using this agent-based simulation approach, defence analysts may subsequently examine and resolve the identied loopholes. In CRT experiments, agent-based models of simplied military scenarios are repeatedly and automatically generated, varied and executed. To date, CRT studies have used xed-length genome representation where only a xed set of agent behavioural parameters was evolved. This may prevent the generation of potentially more optimized/interesting solutions. To address this issue, we introduce the hybrid variable-length crossover to evolve the structure of agent-based models. A maritime anchorage protection scenario is examined in which the number of waypoints composing the vessel's route is subjected to evolution. The experimental results demonstrate the eectiveness of our proposed method and suggest promising research avenues in complex agent-based model optimization.
Smartphones have become an essential part of human life and its usage has grown exponentially in ... more Smartphones have become an essential part of human life and its usage has grown exponentially in the past few years. The growth of smartphone usage can be directly linked to its ability to support third-party applications that are offered through online application markets. Due to its worldwide adoption and widespread popularity, the mobile malware attacks also growing at an alarming rate (http://bit.ly/sbtujI). Malware authors make use of third-party applications to inject malicious content into smartphones and thus compromise phone‟s security. In response, mobile security research has become critical and focused on protecting smartphones from malware attacks and other security threats. In this paper, we present a survey of techniques that are used to detect mobile malware in the wild and discuss the limitations of current techniques and provide some tips to protect smartphones from potential security threats.
Evolvable Simulations Applied to Automated Red Teaming: A Preliminary Study
We present CASE (complex adaptive systems evolver), a framework devised to conduct the design of ... more We present CASE (complex adaptive systems evolver), a framework devised to conduct the design of agent-based simulation experiments using evolutionary computation techniques. This framework enables one to optimize complex agent-based systems, to exhibit pre-specified behavior of interest, through the use of multi-objective evolutionary algorithms and cloud computing facilities.
Uploads
Papers by Chandramohan Mahinthan