Matthias Neugschwandtner

The main focus of my research lies on system security. Results of my work on aspects of dynamic malware analysis contribute to the Anubis project:

• ForeCast: identifying “valuable” malware samples by means of clustering and machine learning. The value of a malware sample depends on the amount and novelty of the information that can be gained through analysis compared to already known information. Information on the value of a sample is of great use when it comes to pre-selecting a collection of several thousand samples for dynamic analysis in a sandbox with limited capacity. Researchers can then prioritize samples that suit their interests best, e.g. samples that are likely to reveal more C&C-related endpoints for botnet research.
• Squeeze: detection and exploration of the various C&C failover strategies employed by malware through targeted blocking of network connections.
• dAnubis: monitoring suspicious (rootkit-related) kernel-mode activity.

Apart from that I am interested in symbolic execution and its applicability to various fields of systems security.

You can reach me under mneug (at) seclab (dot) tuwien (dot) ac (dot) at

My PGP key

Publications

Matthias Neugschwandtner, Paolo Milani Comparetti, Gregoire Jacob, Christopher Kruegel, ForeCast - Skimming off the Malware Cream, 27th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, December 2011 [paper] [techreport] [slides]

Matthias Neugschwandtner, Paolo Milani Comparetti, Christian Platzer, Detecting Malware's Failover C&C Strategies with SQUEEZE, 27th Annual Computer Security Applications Conference (ACSAC), Orlando, Florida, December 2011 [paper] [slides]

Matthias Neugschwandtner, Christian Platzer, Paolo Milani Comparetti, Ulrich Bayer, dAnubis - Dynamic Device Driver Analysis Based on Virtual Machine Introspection, Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Bonn, Germany, July 2010 [paper] [slides]

---

Last Modified: Wed Jan 13 14:01:16 CET 2010