Page Not Found
Page not found. Your pixels are in another canvas.
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
Page not found. Your pixels are in another canvas.
About me
This is a page not in th emain menu
Published:
Hey, my personal site is alive! Better late than never!
A Branch Monitor-based Monitoring Solution
Malware sandbox and threat intelligence platform
NSF Award to research HPC-based malware detection
Published in ACM Transactions on Privacy and Security (TOPS), 2018
My paper proposing a framework based on CPUs branch monitors.
Recommended citation: Botacin et al, Marcus. (2018). "Enhancing Branch Monitoring for Security Purposes: From Control Flow Integrity to Malware Analysis and Debugging." ACM TOPS. 1(1). http://doi.acm.org/10.1145/3152162
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2018
My paper about a Windows kernel-based sandbox.
Recommended citation: Botacin et al, Marcus. (2018). "The other guys: automated analysis of marginalized malware." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-017-0292-8
Published in ACM Computing Surveys (CSUR), 2018
My paper about the state-of-the-art on hardware support for security applications.
Recommended citation: Botacin et al, Marcus. (2018). "Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms." ACM CSUR. 1(1). http://doi.acm.org/10.1145/3199673
Published in International Conference on Availability, Reliability and Security (ARES), 2019
My paper about the nature of Mobile Banking Apps in Brazil.
Recommended citation: Botacin et al, Marcus. (2019). "The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms Based on a Brazilian Case Study." ACM ARES. 1(1). https://dl.acm.org/doi/10.1145/3339252.3340103
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2019
My paper about how to decompile malware from debugging sessions
Recommended citation: Botacin et al, Marcus. (2019). "RevEngE is a Dish Served Cold: Debug-Oriented Malware Decompilation and Reassembly." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3375894.3375895
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2019
Our second paper about how we won a malware evasion challenge using adversarial malware samples.
Recommended citation: Ceschin et al, Fabricio. (2019). "Shallow Security: On the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3375894.3375898
Published in International Symposium on Reconfigurable Communication-centric Systems-on-Chip (Recosoc), 2019
My paper about detecting malware via a ML classifier in an FPGA.
Recommended citation: Botacin et al, Marcus. (2019). "The AV says: Your hardware definitions were updated!." IEEE Recosoc. 1(1). https://ieeexplore.ieee.org/document/9034972
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2019
My paper about evading AVs via distributed malware payloads.
Recommended citation: Botacin et al, Marcus. (2019). "VANILLA malware: vanishing antiviruses by interleaving layers and layers of attacks." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-019-00333-y
Published in Information Security Conference (ISC), 2019
Our paper about detecting malware via image textures.
Recommended citation: Beppler et al, Tamy. (2019). "L(a)ying in (Test)Bed: How Biased Datasets Produce Impractical Results for Actual Malware Families’ Classification." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-030-30215-3_19
Published in Elsevier Computers & Security, 2020
My paper about challenges to evaluate AV solutions.
Recommended citation: Botacin et al, Marcus. (2020). "We Need to Talk About AntiViruses: Challenges & Pitfalls of AV Evaluations." Elsevier Comp&Sec. 1(1). http://www.sciencedirect.com/science/article/pii/S0167404820301310
Published in ACM Reversing and Offensive-Oriented Trends Symposium (ROOTS), 2020
Our second paper about how we won a malware evasion challenge using adversarial malware samples.
Recommended citation: Ceschin et al, Fabricio. (2020). "No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-Based Adversarial Samples." ACM ROOTS. 1(1). https://dl.acm.org/doi/10.1145/3433667.3433669
Published in The International Symposium on Memory Systems (MEMSYS), 2020
My paper about detecting fileless malware via memory controller instrumentation.
Recommended citation: Botacin et al, Marcus. (2020). "Near-Memory & In-Memory Detection of Fileless Malware." ACM MEMSYS. 1(1). https://dl.acm.org/doi/10.1145/3422575.3422775
Published in Springer (DIMVA), 2020
My paper about the security of application installers and software repositorires.
Recommended citation: Botacin et al, Marcus. (2020). "On the Security of Application Installers and Online Software Repositories Conference ." Springer DIMVA. 1(1). https://link.springer.com/chapter/10.1007/978-3-030-52683-2_10
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2020
My paper about tracing the kernel from within using CPUs branch monitors
Recommended citation: Botacin et al, Marcus. (2020). "Leveraging branch traces to understand kernel internals from within." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-019-00343-w
Published in Springer Journal of Computer Virology and Hacking Techniques (JCVHT), 2020
My paper about detecting SMC execution via CPU side-effects
Recommended citation: Botacin et al, Marcus. (2020). "The self modifying code (SMC)-aware processor (SAP): a security look on architectural impact and support." Springer JCVHT. 1(1). https://link.springer.com/article/10.1007%2Fs11416-020-00348-w
Published in IEEE Transactions on Dependable and Secure Computing (TDSC), 2020
Our paper about detecting malware by adding OS uncertainty
Recommended citation: Sun et al, Ruimin. (2020). "A Praise for Defensive Programming: Leveraging Uncertainty for Effective Malware Mitigation." IEEE TDSC. 1(1). https://ieeexplore.ieee.org/document/9061034
Published in Elsevier Computeers & Security, 2021
My paper about analyzing the internals of AV solutions.
Recommended citation: Botacin et al, Marcus. (2021). "AntiViruses under the Microscope: A Hands-On Perspective." Elsevier Comp&Sec. 1(1). https://www.sciencedirect.com/science/article/pii/S0167404821003242
Published in ACM Transactions On Privacy and Security (TOPS), 2021
My paper about Brazilian Financial Malware describing desktop malware samples.
Recommended citation: Botacin et al, Marcus. (2021). "One Size Does Not Fit All: A Longitudinal Analysis of Brazilian Financial Malware." ACM TOPS. 1(1). https://dl.acm.org/doi/10.1145/3429741
Published in Arxiv, 2021
My preprint paper about symbolic execution for malware analysis.
Recommended citation: Botacin et al, Marcus. (2021). "Malware MultiVerse: From Automatic Logic Bomb Identification to Automatic Patching and Tracing." Arxiv. 1(1). https://arxiv.org/abs/2109.06127
Published in Elsevier Computers & Security, 2021
My paper about challenges to conduct malware research.
Recommended citation: Botacin et al, Marcus. (2021). "Challenges and Pitfalls in Malware Research." Elsevier Comp&Sec. 1(1). https://www.sciencedirect.com/science/article/pii/S0167404821001115
Published in Elsevier Digital Investigation, 2021
My paper about clustering malware using similarity hashing functions.
Recommended citation: Botacin et al, Marcus. (2021). "Understanding uses and misuses of similarity hashing functions for malware detection and family clustering in actual scenarios." Elsevier Digital Investigation. 1(1). https://www.sciencedirect.com/science/article/pii/S2666281721001281
Published in ACM Transactions on Privacy and Security (TOPS), 2022
My paper proposing hardware breakpoints for AV scanning using a CPU coprocessor.
Recommended citation: Botacin et al, Marcus. (2022). " Terminator: A Secure Coprocessor to Accelerate Real-Time AntiViruses Using Inspection Breakpoints." ACM TOPS. 1(1). https://dl.acm.org/doi/10.1145/3494535
Published in Elsevier Expert Systems With Applications (ESWA), 2022
My paper proposing using branch patterns as inspection triggers for malware detection.
Recommended citation: Botacin et al, Marcus. (2022). " HEAVEN: A Hardware-Enhanced AntiVirus ENgine to accelerate real-time, signature-based malware detection." Elsevier ESWA. 1(1). https://www.sciencedirect.com/science/article/abs/pii/S0957417422004882
Published in Elsevier Expert Systems With Applications (ESWA), 2022
Our paper discussing concept drift in Android malware detectors.
Recommended citation: Ceschin et al, Fabricio. (2022). " Fast & Furious: On the modelling of malware detection as an evolving data stream." Elsevier ESWA. 1(1). https://www.sciencedirect.com/science/article/abs/pii/S0957417422016463
Published in Springer Information Security Conference (ISC), 2022
Our paper discussing the science of security of Hardware Performance Counters.
Recommended citation: Botacin et al, Marcus. (2022). " Why we need a theory of maliciousness: Hardware Performance Counters in security." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-031-22390-7_22
Published in Springer Information Security Conference (ISC), 2022
Our paper discussing the security of application uninstallers and removers.
Recommended citation: Botacin et al, Marcus. (2022). " Dissecting Applications Uninstallers & Removers: Are they effective?." Springer ISC. 1(1). https://link.springer.com/chapter/10.1007/978-3-031-22390-7_20
Published in ACM Conference on Code Generation and Optimization (CGO), 2023
Our paper discussing the use of histograms to cluster binaries compiled using different obfuscation strategies.
Recommended citation: Damasio et al, Thais. (2023). " A Game-Based Framework to Compare Program Classifiers and Evaders." ACM CGO. 1(1). https://dl.acm.org/doi/10.1145/3579990.3580012
Published in Workshop on Offensive Technologies (WOOT), 2023
My paper discussing the use of GPT-3 to automatically generate malware.
Recommended citation: Botacin, Marcus. (2023). "GPThreats-3: Is Automatic Malware Generation a Threat?" WOOT. 1(1). https://ieeexplore.ieee.org/document/10188649
Published in ACM Digital Threats: Research and Practice (DTRAP), 2023
My co-authored paper discussing the use of Machine Learning (ML) for malware detection
Recommended citation: Ceschin et al. (2023). "Machine Learning (In) Security: A Stream of Problems" ACM DTRAP. 1(1). https://dl.acm.org/doi/10.1145/3617897
Published in Annual Computer Security Applications Conference (ACSAC), 2023
My co-authored paper discussing the concept of a hardware detector for memory injections
Recommended citation: Botacin et al. (2023). "Detecting Memory Injections Using a Hardware Monitor" ACM ACSAC. 1(1). https://www.acsac.org/
Published in Latin-American Symposium on Dependable and Secure Computing (LADC), 2023
My co-authored paper presenting preliminary results on classifying the malware samples of the MS competition dataset into families via CNNs.
Recommended citation: Palma et al. (2023). "Enhancing Malware Family Classification in the Microsoft Challenge Dataset via Transfer Learning" ACM LADC. 1(1). https://dl.acm.org/doi/10.1145/3615366.3615374
Published in WhitePaper, 2024
My whitepaper presenting math-supported insights on why we should adopt hardware detectors.
Recommended citation: Botacin et al. (2024). "A Cost-Model Argument for the Adoption of Hardware-Assisted Malware Detection" WhitePaper. 1(1). https://marcusbotacin.github.io/publications/
Published in USENIX Security, 2024
My co-authored paper on extracting ML models from mobile devices.
Recommended citation: Nayan et al. (2024). "SoK: All You Need to Know About On-Device ML Model Extraction - The Gap Between Research and Practice" USENIX Security. 1(1). https://www.usenix.org/conference/usenixsecurity24/presentation/nayan
Published in Computers & Security, 2024
My paper on label delays in malware classifiers.
Recommended citation: Botacin, Marcus and Gomes, Heitor. (2024). "Towards more realistic evaluations: The impact of label delays in malware detection pipelines" Computers & Security. 1(1). https://www.sciencedirect.com/science/article/abs/pii/S0167404824004279
Published in SECRYPT, 2024
My (co-authored) paper on classifying PUAs written in WebAssembly (WASM).
Recommended citation: Helpa et al. (2024). "The Use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries" SECRYPT. 1(1). https://www.insticc.org/node/TechnicalProgram/secrypt/2024/presentationDetails/127545
Published in RAID, 2024
My paper surveying the practice of malware analysis.
Recommended citation: Botacin. (2024). "What do malware analysts want from academia? A survey on the state-of-the-practice to guide research developments" RAID. 1(1). https://dl.acm.org/doi/10.1145/3678890.3678892
Published in RAID, 2024
My paper on distilling ML models for efficient malware detection around the world.
Recommended citation: Botacin et al. (2024). "Cross-Regional Malware Detection via Model Distilling and Federated Learning" RAID. 1(1). https://dl.acm.org/doi/10.1145/3678890.3678893
Published in DTRAP, 2024
My paper investigating multipath malware execution via fuzzing and symbolic execution.
Recommended citation: Botacin. (2024). "Fuzzing and Symbolic Execution for Multipath Malware Tracing: Bridging Theory and Practice via Survey and Experiments" ACM DTRAP. 1(1). https://dl.acm.org/doi/10.1145/3700147
Published:
This is a talk about linux malware in a conference of the Brazilian open-source community. Video Here
Published:
This is my USENIX Enigma talk summarizing my research about Brazilian malware samples. Video Here
Published:
This is a talk about our participation in the MLSec malware evasion competition. Slides
Published:
My PhD thesis defense. Video
Published:
This is my USENIX Enigma talk summarizing my findings about Challenges and Pitfalls in Security Research. Page Slides Video
Published:
This is my HITB talk summarizing my findings about AV Internals. Page Slides Video
Published:
My talk about basic ML concepts and its application to security to TAMU freshmen. Slides
Published:
My talk (In Portuguese) about basic security concepts. Slides Video
Published:
My talk about the research developed in my lab (Botacin’s Lab) towards fully-automated, end-to-end malware analysis. Slides
Published:
My talk about automated malware creation and suggested defenses. Slides Video
Workshop, UNICAMP, UFPR, SBSEG, 2018
This is a short-course to introduce reverse engineering and malware analysis concepts to new students. I presented this short course at University of Campinas (UNICAMP), Federal University of Paraná (UFPR), and at the Brazilian Symposium on Information and Systems Security (SBSEG). Course Material Here
Special Topics, TAMU, 2023
In this course, we will navigate through the applications of ML in the security field: the pros, the cons, and the future yet to come.
Regular Grad Course, TAMU, 2024
I will teach my cybersecurity course under the data science umbrella this Fall. Please, enroll into CSCE 704-602. My approach will be similar to what I did in previous semesters. Take a look here
Regular UnderGrad Course, TAMU, 2025
What to expect from this course?