Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Cory Cohen
October 2018 - Poster Automatically Understanding Executables

Authors: Cory Cohen

This poster describes research aimed at reducing the cost of manual executable analysis for vulnerability discovery and malware analysis.

October 2018 - Article Using Logic Programming to Recover C++ Classes and Methods from Compiled Executables

Topics: Malware Analysis

This article describes OOAnalyzer, a system that statically recovers detailed C++ abstractions from executables in a scalable manner.

October 2015 - Presentation Design Pattern Recovery from Malware Binaries

Authors: Cory Cohen

This 2015 Research Review presentation explores the challenges posed by automated binary analysis.

October 2014 - Article Discovery of C++ Data Structures from Binaries

Topics: Network Situational Awareness

In this article, the authors present the techniques to identify C++ data structures in binary executables.

October 2014 - Article Supervised Learning for Provenance-Similarity of Binaries

Topics: Malware Analysis

In this article, the authors present a notion of similarity based on provenance; two binaries are similar if they are compiled from the same source code with the same compilers.

October 2014 - Article A Scalable Search Index for Binary Files

Topics: Malware Analysis

In this article, the authors present a scalable architecture for searching and indexing terabyte-size collections of binary files.

October 2014 - Article Binary Function Clustering using Semantic Hashes

Topics: Malware Analysis

In this article, the authors present an alternative to pair wise comparisons based on "hashing” that captures the semantics of functions as semantic hashes.

October 2014 - Article Recovering C++ Objects From Binaries Using Inter-Procedural Data-Flow Analysis

Topics: Malware Analysis

In this article, the authors present a static approach that uses symbolic execution and inter-procedural data flow analysis to discover object instances, data members, and methods of a common class.

August 2012 - Technical Report Results of SEI Line-Funded Exploratory New Starts Projects

This report describes the line-funded exploratory new starts (LENS) projects that were undertaken during fiscal year 2011. For each project, the report presents a brief description and a recounting of the research that was done, as well as a synopsis of the results of the project.

February 1999 - Security Improvement Module Responding to Intrusions

This 1999 report is one of a series of SEI publications that are intended to provide practical guidance to help organizations improve the security of their networked computer systems. This report is intended for system and network administrators, managers of information systems, and security personnel responsible for networked information resources.

June 1998 - Security Improvement Module Preparing to Detect Signs of Intrusion

The practices contained in this 1998 report identify advance preparations you must make to enable you to obtain evidence of an intrusion or an intrusion attempt.