TY - GEN
T1 - Locating executable fragments with concordia, a scalable, semantics-based architecture
AU - Carter, Jason M.
PY - 2013
Y1 - 2013
N2 - The amount of digital evidence that must be processed by forensic tools and analysts is growing rapidly. This makes automated analysis a critical activity; an activity where con- tinuous improvement is crucial. Concordia is a platform for investigating code semantics. One of Concordia's functions is identification of unknown code fragments; attempting to elucidate the possible objectives and origination of this type of evidence is our ultimate goal. Here we provide a synopsis of a method that identifies and locates code fragments using n-gram and semantics-based features and a k nearest neigh- bors classifier. Our objective is to identify a set of candidate files that may contain the unknown and supply additional details to isolate it within this set. To accomplish this task, Concordia uses the MapReduce model to process a large set of invariants to provide forensic experts a more efficient and automated way to produce solid intelligence about a growing body of evidence.
AB - The amount of digital evidence that must be processed by forensic tools and analysts is growing rapidly. This makes automated analysis a critical activity; an activity where con- tinuous improvement is crucial. Concordia is a platform for investigating code semantics. One of Concordia's functions is identification of unknown code fragments; attempting to elucidate the possible objectives and origination of this type of evidence is our ultimate goal. Here we provide a synopsis of a method that identifies and locates code fragments using n-gram and semantics-based features and a k nearest neigh- bors classifier. Our objective is to identify a set of candidate files that may contain the unknown and supply additional details to isolate it within this set. To accomplish this task, Concordia uses the MapReduce model to process a large set of invariants to provide forensic experts a more efficient and automated way to produce solid intelligence about a growing body of evidence.
UR - http://www.scopus.com/inward/record.url?scp=84875977647&partnerID=8YFLogxK
U2 - 10.1145/2459976.2460004
DO - 10.1145/2459976.2460004
M3 - Conference contribution
AN - SCOPUS:84875977647
SN - 9781450316873
T3 - ACM International Conference Proceeding Series
BT - 8th Annual Cyber Security and Information Intelligence Research Workshop
T2 - 8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013
Y2 - 8 January 2013 through 10 January 2013
ER -