Dataflow analysis of malicious binary codes. Toward a study of the cartography of functionalities and their correlations.
The team Carbone at Loria has developed thanks to the high security lab (LHS), an innovative method called morphological analysis. This method can detect code similarities. It can also detect functionalities embedded in a binary code and detect malware. The objective is to rebuild the dataflow graph in order to cartography the set of functionalities used inside a malicious code.