The detection of network-based malware is often reactionary; discovery generally happens after the malware has begun attacking the target system. Detecting the attack after the fact affects the performance of the victim device and potentially the entire computer network of the victim device. Intrusion detection systems are deployed to monitor network traffic for malware attacks, but unfortunately these systems cannot preemptively detect malicious behavior on a network. Automated reverse engineering is able to detect potentially malicious network behavior of a binary offline prior to a network-based attack. Collecting information found inside a binary, such as strings and function calls, compiling this information into generated signatures, and then comparing to known network signatures allows for malicious behavior of a binary to be discovered and quarantined before attacking a device and network.
展开▼
