Analysis and Classification of Malware and Attacks
To automatically diagnose remote exploits to identify how they circumvent existing defence mechanisms. Also, to investigate whether is it possible to classify malware using visualisation.
To address the objectives we have developed PointerScope. PointerScope uses type inference on binary execution to detect pointer misuses induced by an exploit. PointerScope is efficient and effective on real-world exploit samples and can automatically classify attacks according to attack techniques, which can, in turn, help security companies prioritise diagnosis of attack samples. We have also confirmed that by using a form of dotplots it is possible to see similarities between the code and the data of different malware.