|
|
Clemens Kolbitsch
General Information
Recently, I have finished my PhD studies at the International Secure Systems Lab.
My main research interests are malware analysis and detection as well as
virtualization. In previous projects, I was working on memory protection,
race condition detection, and wireless communication and its security.
In beginning of February 2010, I have become the lead developer of
Anubis, our public system for analyzing
potentially malicious binary programs. In this project, I am currently focusing
on improving stability, supporting a wider spectrum of malware, and making the
sandbox more resistant to being detected by a sample under analysis.
In spring 2011, I was a research intern at Microsoft
working with Ben Livshits and Ben Zorn. In this project, we were working on
the detection of malicious websites on the Internet to filter Bing search
results and thus protect its users.
Besides research work, I co-lecture two courses (Internet
Security and Advanced Internet Security). The classes' main focus lies
on teaching students to understand, detect, and fix vulnerabilities in network
protocols, web applications, as well as binary programs.
Projects
-
Rozzle: De-Cloaking Internet Malware
Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
Technical report.
-
The Power of Procrastination: Detection and Mitigation of Execution-Stalling Malicious Code
Clemens Kolbitsch, Engin Kirda, and Christopher Kruegel
18th ACM Conference on Computer and Communications Security (CCS)
Chicago, USA, October 2011.
Article.
Bibtex
(to appear).
-
Detecting Environment-Sensitive Malware
Martina Lindorfer, Clemens Kolbitsch, and Paolo Milani Comparetti
International Symposium on Recent Advances in Intrusion Detection (RAID 2011)
Menlo Park, USA, September 2011.
Article.
Bibtex
-
Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, and Engin Kirda
IEEE Symposium on Security and Privacy
Oakland, USA, May 2010.
Article.
Bibtex
-
Identifying Dormant Functionality in Malware Programs
Paolo Milani Comparetti, Guido Salvaneschi, Engin Kirda, Clemens Kolbitsch, Christopher Kruegel, and Stefano Zanero
IEEE Symposium on Security and Privacy
Oakland, USA, May 2010.
Article.
Bibtex
-
Effective and Efficient Malware Detection at the End Host
Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiaoyong Zhou, and Xiaofeng Wang
Usenix Security Symposium
Montreal, Canada, August 2009.
Article.
Bibtex
-
Removing Web Spam Links from Search Engine Results
Manuel Egele, Clemens Kolbitsch, and Christian Platzer
Journal of Computer Virology, Springer Verlag, DOI 10.1007/s11416-009-0132-6
August 2009.
Article.
-
Master Thesis
My thesis dealt with a the idea of protecting certain memory regions not
only on a per-page but also on a per-word basis. This involved changing
the Linux kernel to realize this new idea, enhance a compiler (the tiny
c compiler) and implement the necessary processor-instructions in the
system emulator Qemu.
Using this system, we designed new approaches to protect agains stack-
and heap-based buffer overflows. Further, we implemented a dynamic race
condition detector. Evaluation on various large scale code projects (e.g.
Apache) demonstrate the usability of the race condition detection system.
Extending Mondrian Memory Protection
Clemens Kolbitsch, Christopher Kruegel, and Engin Kirda
NATO RTO IST-091 Symposium
Antalya, Turkey, April 2010.
Article.
Bibtex
-
Virtual 802.11 Fuzzing
Together with Sylvester Keil, I was working
on a stateful fuzzer for the 802.11 protocol. For more information
refer to the project website.
Stateful Fuzzing of Wireless Device Drivers in an Emulated Environment
Sylvester Keil and Clemens Kolbitsch
Black Hat Japan
Tokyo, Japan, October 2007.
White paper.
Bibtex
Teaching
Contact
I can be reached under ck (at) iseclab.org
You can find my public key here.
You can find my official TU-contact information here.
Last Modified: Wed Sep 21 20:54:54 CEST 2011
|
|
|
