Search

Your search keyword '"Fallah, Mohammad K."' showing total 6 results
Start Over Author "Fallah, Mohammad K." Search Limiters Full Text
6 results on '"Fallah, Mohammad K."'

1. The Reversing Machine: Reconstructing Memory Assumptions

Author

Karvandi, Mohammad Sina, Meghdadizanjani, Soroush, Arasteh, Sima, Monfared, Saleh Khalaj, Fallah, Mohammad K., Gorgin, Saeid, Lee, Jeong-A, and van der Kouwe, Erik

Subjects
Computer Science - Cryptography and Security
Abstract

Existing anti-malware software and reverse engineering toolkits struggle with stealthy sub-OS rootkits due to limitations of run-time kernel-level monitoring. A malicious kernel-level driver can bypass OS-level anti-virus mechanisms easily. Although static analysis of such malware is possible, obfuscation and packing techniques complicate offline analysis. Moreover, current dynamic analyzers suffer from virtualization performance overhead and create detectable traces that allow modern malware to evade them. To address these issues, we present \textit{The Reversing Machine} (TRM), a new hypervisor-based memory introspection design for reverse engineering, reconstructing memory offsets, and fingerprinting evasive and obfuscated user-level and kernel-level malware. TRM proposes two novel techniques that enable efficient and transparent analysis of evasive malware: hooking a binary using suspended process creation for hypervisor-based memory introspection, and leveraging Mode-Based Execution Control (MBEC) to detect user/kernel mode transitions and memory access patterns. Unlike existing malware detection environments, TRM can extract full memory traces in user and kernel spaces and hook the entire target memory map to reconstruct arrays, structures within the operating system, and possible rootkits. We perform TRM-assisted reverse engineering of kernel-level structures and show that it can speed up manual reverse engineering by 75\% on average. We obfuscate known malware with the latest packing tools and successfully perform similarity detection. Furthermore, we demonstrate a real-world attack by deploying a modified rootkit onto a driver that bypasses state-of-the-art security auditing tools. We show that TRM can detect each threat and that, out of 24 state-of-the-art AV solutions, only TRM can detect the most advanced threats.

Published
2024

6. A symbiosis between population based incremental learning and LP-relaxation based parallel genetic algorithm for solving integer linear programming models

Author

Fallah, Mohammad K., Fazlali, Mahmood, Daneshtalab, Masoud, Fallah, Mohammad K., Fazlali, Mahmood, and Daneshtalab, Masoud

Abstract

Solving Integer Linear Programming (ILP) models generally lies in the category of NP-hard problems and finding the optimal answer for large models is a computational challenge. Genetic algorithms are a family of metaheuristic algorithms capable of adjusting and redesigning parameters and operations according to the characteristics of ILP models. On the other hand, still the genetic algorithm performs a lot of operations to solve large models, and parallel processing is a suitable technique to tackle this problem. This paper introduces an LP-Relaxation based parallel genetic algorithm that uses a population-based incremental learning technique to presents an expandable solver for large ILP models derived from a behavioral synthesis of digital circuits. In the proposed algorithm, each chromosome provides a state subspace of possible solutions, and each generation is produced based on a probability vector as well as elitism. Our experiments verify the efficiency of the proposed algorithm on multicore platforms, as it outperformed four previous genetic algorithms for solving mixed integer programming problems. The proposed genetic algorithm solved 20 ILP models include up to 5183 int / binary decision variables in less than 20 min using four 16-core AMD Opteron 6386 SE processors. Also, the results indicate that for models with more than 4000 variables, the speedup and the efficiency of the proposed parallel genetic algorithm on 60 CPU cores is more than 18X and 30%, respectively.

Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results