Detecting and Modeling Polymorphic Shellcode

In this thesis, we address the problem of modeling and detecting polymorphic engines shellcode. By polymorphic engines, we mean programs having the ability to transform any piece of malware into many instances consisting of different code but having the same functionality as the original malware. Typically, polymorphic engines work by encrypting the target malware using various encryption techniques and providing a decryption module in order to execute the newly encrypted instance. Moreover, those engines have the ability to mutate their decryption routine making them unique from one instance to another and hard to detect. Our analysis focuses on polymorphic shellcode, which is shellcode that uses a polymorphic engine to mutate while keeping the original function of the code the same. We propose a new concept of signatures, shape signatures, which cope with the highly mutated nature of those engines. Those signatures try to identify the constant part as well as the mutated part of the deciphering routines. This combination is able to cope with the highly mutated nature of those engines in a much more efficient way compared to traditional signatures used in most intrusion detection systems. The second part of the thesis aims at modeling those polymorphic engines by showing that they exhibit commo

Recursion, lambda abstraction and genetic programming

Module creation and reuse are essential for Genetic Programming (GP) to be effective with larger and more complex problems. This paper presents a particular kind of program structure to serve these purposes: modules are represented as λ abstractions and their reuse is achieved through an implicit recursion. A type system is used to preserve this structure. The structure of λ abstraction and implicit recursion also provides structure abstraction in the program. Since the GP paradigm evolves program structure and contents simultaneously, structure abstraction can reduce the search effort for good program structure. Most evolutionary effort is then focused on the search for correct program contents rather than the structure. Experiments on the Even-N-Parity problem show that, with the structure of λ abstractions and implicit recursion, GP is able to find a general solution which works for any value of N very efficiently

Compositional evolution: interdisciplinary investigations in evolvability, modularity, and symbiosis

Conventionally, evolution by natural selection is almost inseparable from the notion of accumulating successive slight variations. Although it has been suggested that symbiotic mechanisms that combine together existing entities provide an alternative to gradual, or 'accretive', evolutionary change, there has been disagreement about what impact these mechanisms have on our understanding of evolutionary processes. Meanwhile, in artificial evolution methods used in computer science, it has been suggested that the composition of genetic material under sexual recombination may provide adaptation that is not available under mutational variation, but there has been considerable difficulty in demonstrating this formally. Thus far, it has been unclear what types of systems, if any, can be evolved by such 'compositional' mechanisms that cannot be evolved by accretive mechanisms. This dissertation takes an interdisciplinary approach to this question by building abstract computational simulations of accretive and compositional mechanisms. We identify a class of complex systems possessing 'modular interdependency', incorporating highly epistatic but modular substructure. This class typifies characteristics that are pathological for accretive evolution - the corresponding fitness landscape is highly rugged, has many local optima creating broad fitness saddles, and includes 'irreducibly complex' adaptations that cannot be reached by a succession of gradually changing proto-systems. Nonetheless, we provide simulations to show that this class of system is easily evolvable under sexual recombination or a mechanism of 'symbiotic encapsulation'. Our simulations and analytic results help us to understand the fundamental differences in the adaptive capacities of these mechanisms, and the conditions under which they provide an adaptive advantage. These models exemplify how certain kinds of complex systems, considered unevolvable under normal accretive change, are, in principle, easily evolvable under compositional evolution

Molecular crystal structure prediction with evolutionary algorithm

The layout of the thesis is as follow: In Chapter 1, we present the theoretical background of DFT, Projector-Augmented-Wave (PAW) and Gauge-Including Projector-Augmented-Wave (GIPAW) methods. In Chapter 2, we introduce the crystal structure prediction problem and present evolutionary algorithms as one solution to perform crystal structure search for molecular crystals. Chapter 3 and Chapter 4 are dedicated to the detailed results when using evolutionary algorithm in crystal structure search for the studies of glycine and cholesterol respectivel

Meta Concepts: A Knowledge-Based Code Generation System

People have an amazing ability to solve complex problems by performing a sequence of simpler operations (i.e: functions/procedures which take input variables and produce output variables). We are able to do so even when there exists a large number of possible choices for such operations and when the number of combinatoric ways that these operations can be chained together is astronomical. On the other hand, computers typically do not solve problems this way and have to be programmed with a precise set of instructions. What is it that allows us to perform such a feat while computers cannot? One of the major features that sets us apart from computers is our ability to draw upon our large range of knowledge and its connections to the problem at hand. Meta Concepts aims to use knowledge-based information in this way to enable the automated generation of code in order to solve problems in cases where solutions would otherwise be difficult to devise by hand. Meta Concepts is an object-oriented coding system whereby the user specifies and works with an ontology of concepts or types/classes which captures knowledge about their usage and metadata about their methods, how method calls can be chained together, and associated method parameters and constraints. By augmenting the code generation process with knowledge-based information, the system is able to significantly narrow and prioritize its search through the otherwise vast search space in order to quickly generate high-performing solutions