back to article How AI can help reverse-engineer malware: Predicting function names of code

Disassembling and analyzing malware to see how it works, what it's designed to do and how to protect against it, is mostly a long, manual task that requires a strong understanding of assembly code and programming, techniques and exploits used by miscreants, and other skills that are hard to come by. What with the rise of deep …

  1. captain veg Silver badge

    huh?

    "It was shown that the model was able to label one function as 'des', 'encrypt', 'openssl', 'i386', 'libeay32', whereas an analyst involved in the experiment was only able to suggest encode()."

    So the human could suggest a name more useful than four of the five suggestions from the model, and more or less exactly the same as its fifth. This is an improvement?

    -A.

    1. OhForF'

      Re: huh?

      I do not see why naming a code block encode() is more useful than identifying as the des encrypt function as implemented in openssl 32 bit in the libey32 library.

      Can you explain why simply naming it "encode" is of more use for reverse engineering?

      1. captain veg Silver badge

        Re: huh?

        In the programming languages with which I am familiar functions have just one single name. (References may, of course, have any name at all.) So "encode" is at least as good as any of the five discrete names suggested by the hyped ML thing.

        -A.

  2. katrinab Silver badge
    Paris Hilton

    "Malware can detect when they are running in a virtual machine and hide its true behavior[sic]."

    Are there any business workloads that don't run in a virtual machine these days?

    1. PriorKnowledge
      Joke

      Windows 11 runs in a VM by default

      In fact, Windows 11 runs in two VMs by default, one for the main OS, one for the Secure System kernel. Some might even say that the SS offers a final solution to the problem, by protecting that which is responsible for deciding what is executed.

      1. TimMaher Silver badge
        Pint

        Re: Final solution

        Only runs on the new Intel Wannsee Lake processor.

    2. captain veg Silver badge

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022