Address Space Dynamics

In Physics, we can use the laws of motion, or the Lagrange equation, to describe the trajectory of an object in a system. An object is described by a state vector–a list of orthogonal dimensions. We can think of a process as a trajectory through a state space. The dimensions are given by the bits of memory, the registers, and the internal state of hardware. Thinking about processes this way allows us to formulate methods to understand their execution externally. Obviously a program's execution is determined by its code, but if this code is not available, we can use observations of its state at discrete points in time and space to glean information about it, for example by feeding a feature vector into an recurrent neural network to predict the next state. We can also use this information to visualize a process over time (e.g. using FFTs and dimensionality reduction techniques) or generate program fingerprints for classification and computation of similarity metrics.

We are currently using these techniques for low-latency malware classification.

Avatar
Justin Goodman
Undergraduate researcher (REU)

Undergraduate researcher

Avatar
Ganesh Mahesh
M.S. Research Assistant

Software developer at YottaDB

Avatar
Brian R. Tauro
2nd Year PhD Student

2nd Year PhD Student

Avatar
Trevor Pritchett
Undergraduate Researcher

4th year undergraduate at IIT

Avatar
Kyle C. Hale
Assistant Professor of Computer Science

Hale's research lies at the intersection of operating systems, HPC, parallel computing, computer architecture.

Related