|
Mohamed R. Chouchane, JOB APPLICATION MATERIAL: |
|
|
Research
Interests I am interested in all
aspects of software engineering and the theory of computation, with
particular emphasis on their applications to computer security. My current
research explores ways to use these bodies of knowledge to better understand
the capabilities and limitations of metamorphic malware detectors. My
dissertation studies the computational aspects of recognizing metamorphic
malware and introduces new techniques for collecting statistical engine
signatures, which are forensic evidence linking metamorphic malware to its engine. EDUCATION Ph.D., Computer
Science, May 2008. * Thesis: `Approximate
Detection of Machine-morphed Variants of Malicious Programs’ * Advisor: Prof. Arun
Lakhotia (co-advised by Dr. Andrew Walenstein) M.S., Computer
Science, May 2005 M.S., Applied Computer
Science, May, 2003. * Advisor: Prof. Ronald
Linton Faculte des Sciences B.S., Mathematics,
May, 1998 RESEARCH EXPERIENCE Research Assistant Jan, 2004 - present * Unmorph: This project applies term rewriting
techniques to construct a reducer (normalizer) of a
very large sets of variants of code substituting metamorphic malware to a
smaller, ideally singleton, set of programs. The normalizer is run on a suspect program and, if the
outcome of the normalization produces a member of the small set of normal
forms, the suspect program is declared a member of the variant set of the
metamorphic malware that the normalizer is intended for. * VSA+ASG: This patent-pending
project approximates run-time variable values to assist in the detection of
the targets of obfuscated call instructions. Value set analysis (VSA) is used to approximate variable
values at a certain program point. Abstract stack graph (ASG) deobfuscates call instructions by harvesting from an
executable combinations of instructions which implement the operational
semantics of a call instruction. The combination of both approximates the
address of the kernel function that the malware is calling. * Statistical
Engine Signatures: This project, on which my dissertation is based, introduces and
evaluates a method for detecting metamorphic malware which overcomes the
limitations of state-of-the art detection models of this malware by using
knowledge about a given metamorphic engine to recognize its outputs. The
method is inspired by authorship analysis techniques in the context of
identifying the human author of a software document. Research Assistant Jan, 2002 - May, 2003 * adaptiveGA: This project
implements a platform independent genetic algorithm which searches for commutative
semigroups of a given size and number of idempotents. My Java implementation of the genetic
algorithm can be used as part of a platform-independent toolkit for
mathematicians looking to find semi groups having a specific set of
parameters such as size and number of idempotents. TEACHING EXPERIENCE Teaching Assistant * `Programming
in Java’. (CMPS 360, Spring 2008). Instructor: Frank Ducrest. This undergraduate-level course introduces
students to advanced object oriented programming using Java. My duties as a
teaching assistant included assisting students with their projects and
grading homework. Among the topics covered were the uses of GUI applications,
Jars, socket servers and clients, Servlets, JavaDB and database clients. * `Introduction
to Software Methodology’. (CMPS 453, Fall 2007). Instructor: Dirk Reiners. This UG-level course introduces students to
project planning, requirement engineering, specification development
techniques, and structured design methods. Students had hands-on experience
using UML and exposure to object oriented programming using C++. Teaching Assistant * `Introduction to
Computer Architecture’.(CPSC 5155, Spring 2003) Instructor: Edward
Bosworth. Review of combinational and sequential logic. A UG-level course
introducing students to the fundamental concepts of computer memory,
instruction set architecture and addressing modes of a simple RISC computer.
Students learned about the design of computer
control unit, the design of program-controlled and interrupted-driven
input/output, and direct memory access (DMA). * `Introduction to
Object Oriented Programming’. (CPSC 2125, Spring 2003). Instructor: Ronald Linton.
My lab duties included mentoring undergraduate students working on various
programming projects in C++ using MFC. RESEARCH PAPERS 1. ‘Metamorphic Authorship
Recognition Using Markov Models’ with A. Walenstein, and A. Lakhotia. Virus
Bulletin, May 2008 2. `Constructing
Malware Normalizers Using Term Rewriting’ with A.
Walenstein, R. Mathur, and A. Lakhotia. Journal in
Computer Virology. 2008. 3. `Statistical
Signatures for Fast Filtering of Instruction-substituting Metamorphic Malware’
with A. Walenstein, and A. Lakhotia. 5th Workshop on Recurring Malcode
(WORM 2007), 4. `The Design Space
of Metamorphic Malware’ with A.Walenstein, R.Mathur, and A. Lakhotia. 2nd International Conference
on i-Warfare and Security (ICIW 2007), 2007. 5. `Using Engine
Signature to Detect Metamorphic Malware’ with A. Lakhotia. 4th Workshop on Recurring Malcode (WORM 2006), 6. `Normalizing
Metamorphic Malware Using Term Rewriting’ with A. Walenstein, R. Mathur, and A. Lakhotia. IEEE International Workshop on
Source Code Analysis and Manipulation (SCAM 2006), 7. `Analyzing Memory
Accesses in Obfuscated x86 Executables,’ with M. Venable, Md. 8. `Comparative
Performance of C++ and Java Implementations of a Genetic Algorithm’ with R.
Linton. 41st Annual 9. `Generation-specific
Recognition of Descendants of Efficient Metamorphic Malware is NP-complete’
with A. Lakhotia. (In Preparation) PATENT PENDING A. Lakhotia, E. U.
Kumar, M. Venable, and M. Chouchane, `Abstract Stack Graph and Extended Value
Set Analysis Method,’ US PTO Application number 11/378660, filed TALKS `Statistical Signatures
for Fast Filtering of Instruction-substituting Metamorphic Malware’, at the 5th Workshop on Recurring Malcode, `Using Engine
Signature to Detect Metamorphic Malware’, at the 4th Workshop on Recurring Malcode, George Mason University, Fairfax, VA, November,
2nd 2006. `Normalizing
Metamorphic Malware Using Term Rewriting’, at the 6th IEEE International
Workshop on Source Code Analysis and Manipulation, AWARDS Award of Honor
Recipient (GPA 4.0), Phi Kappa Phi Honor
Society, since 2004 PROFESSIONAL
ACTIVITIES External Reviewer for
Journal in Computer Virology, 2007. External Reviewer for
ETRI Journal, 2007. MEMBERSHIP The Institute for
Electrical and Electronic Engineers. The Association for
Computing Machinery. PERSONAL INFORMATION Fluent command of French and Arabic. |
|
