Malware detection and analysis via layered annotative execution

Malicious software (i.e., malware) has become a severe threat to interconnected computer systems for decades and has caused billions of dollars damages each year. A large volume of new malware samples are discovered daily. Even worse, malware is rapidly evolving to be more sophisticated and evasive to strike against current malware analysis and defense systems. This dissertation takes a root-cause oriented approach to the problem of automatic malware detection and analysis. In this approach, we aim to capture the intrinsic natures of malicious behaviors, rather than the external symptoms of existing attacks. We propose a new architecture for binary code analysis, which is called whole-system out-of-the-box fine-grained dynamic binary analysis, to address the common challenges in malware detection and analysis. to realize this architecture, we build a unified and extensible analysis platform, codenamed TEMU. We propose a core technique for fine-grained dynamic binary analysis, called layered annotative execution, and implement this technique in TEMU. Then on the basis of TEMU, we have proposed and built a series of novel techniques for automatic malware detection and analysis. For postmortem malware analysis, we have developed Renovo, Panorama, HookFinder, and MineSweeper, for detecting and analyzing various aspects of malware. For proactive malware detection, we have built HookScout as a proactive hook detection system. These techniques capture intrinsic characteristics of malware and thus are well suited for dealing with new malware samples and attack mechanisms

On Higher Derivative Couplings in Theories with Sixteen Supersymmetries

We give simple arguments for new non-renormalization theorems on higher derivative couplings of gauge theories to supergravity, with sixteen supersymmetries, by considerations of brane-bulk superamplitudes. This leads to some exact results on the effective coupling of D3-branes in type IIB string theory. We also derive exact results on higher dimensional operators in the torus compactification of the six dimensional (0, 2) superconformal theory.Comment: 31 pages, 10 figures, section 2 reconstructured, new result in section 3.2, additional clarifications adde

Supersymmetry Constraints and String Theory on K3

We study supervertices in six dimensional (2,0) supergravity theories, and derive supersymmetry non-renormalization conditions on the 4- and 6-derivative four-point couplings of tensor multiplets. As an application, we obtain exact non-perturbative results of such effective couplings in type IIB string theory compactified on K3 surface, extending previous work on type II/heterotic duality. The weak coupling limit thereof, in particular, gives certain integrated four-point functions of half-BPS operators in the nonlinear sigma model on K3 surface, that depend nontrivially on the moduli, and capture worldsheet instanton contributions.Comment: 47 pages, 4 figure

(2,2) Superconformal Bootstrap in Two Dimensions

We find a simple relation between two-dimensional BPS N=2 superconformal blocks and bosonic Virasoro conformal blocks, which allows us to analyze the crossing equations for BPS 4-point functions in unitary (2,2) superconformal theories numerically with semidefinite programming. We constrain gaps in the non-BPS spectrum through the operator product expansion of BPS operators, in ways that depend on the moduli of exactly marginal deformations through chiral ring coefficients. In some cases, our bounds on the spectral gaps are observed to be saturated by free theories, by N=2 Liouville theory, and by certain Landau-Ginzburg models.Comment: 56 pages, 14 figure

Cost and product advantages: evidence from Chinese manufacturing firms

We use data on 70,000 Chinese manufacturing firms that sell domestically and export to robustly estimate the joint distribution of unobserved productivity (cost advantages) and unobserved demand heterogeneity (product advantages) from 1998 to 2008. Product advantages show a trade off with cost advantages and are positively related to observed costs. Using the advantages we characterize Chinese manufacturing, that grew competing more on costs than in product advantages (which account for a significant but small 24% of growth). Our estimation highlights important biases affecting the estimates of the coefficients of the production function, demand elasticities and markups, when heterogeneity of demand or its correlation with productivity are ignored. With the separation of cost and product advantages, we revisit and reinterpret recent studies to find new results which change their policy consequences.First author draf

Comparing productivity when products and inputs differ in quality: China manufacturing growth 1998-2013

We measure and compare productivity when products and inputs are heterogeneous in quality, analyzing productivity growth in China manufacturing 1998-2013. Growth was mostly based on the introduction and development of new products, in particular by entrants. Not controlling for quality, measured productivity understimates productivity by the amount of the quality dimension of production, and overstimates it by the effect of the higher quality of the inputs. To control for input quality we specify the inputs of the production function in the form of standardized quantities. To identify the direct effect of quality on production and productivity we use the demand for the product (set of products) of the firm, assuming that the firm sets optimally the unobserved level of quality. Not all demand heterogeneity, however, can be assumed to be due to quality.First author draf