Abstract:
An abstraction resilient to common malware obfuscation techniques is the call-graph. A call-graph is the representation of an executable file as a directed graph with labeled vertices, where the vertices correspond to functions and the edges to function calls. Unfortunately, most of the interesting graph comparison problems, including full-graph comparison and computing the largest common subgraph, belong to the NP-hard class. This makes the study and use of graphs in large scale systems difficult. Existing work has focused only on offline clustering and has not addressed the issue of clustering streams of graphs. In this talk we present Classy, a scalable distributed system that clusters streams of large call-graphs for purposes including automated malware classification and facilitating malware analysts.
Short bio:
Orestis Kostakis is a doctoral student at Aalto School of Science. His research interests include Data Mining, Design & Analysis of Algorithms, and Information Security. He received the MSc degree in Theoretical Computer Science from Aalto University and the BSc in Informatics & Telecommunications from the National & Kapodistrian University of Athens. Following the MSc graduation, Orestis spent three years at F-Secure's Labs. His work has been published in peer-reviewed journals and conferences in the fields of Data Mining and Information Security. He has acted as a reviewer for journals such as IEEE TKDE, the International Journal of Information Security and the Journal of Communications and Networks.
Last updated on 15 Sep 2014 by Antti Ukkonen - Page created on 15 Sep 2014 by Antti Ukkonen