09. – 14. Juli 2017, Dagstuhl-Seminar 17281

Malware Analysis: From Large-Scale Data Triage to Targeted Attack Recognition


Saumya K. Debray (University of Arizona – Tucson, US)
Thomas Dullien (Google Switzerland – Zürich, CH)
Arun Lakhotia (University of Louisiana – Lafayette, US)
Sarah Zennou (Airbus Group – Suresnes, FR)

Auskunft zu diesem Dagstuhl-Seminar erteilt

Dagstuhl Service Team


Dagstuhl Report, Volume 7, Issue 7 Dagstuhl Report
Dagstuhl's Impact: Dokumente verfügbar


As a follow-up on the previous Dagstuhl Seminar 14241 on the analysis of binaries, the interest in attending this new seminar was very high. The attendance was very diverse, almost half academics and half practitioners.

Talks were arranged by topics and each day ended with an open discussion on one of the three topics: machine learning, obfuscation and practitioners' needs.

Considering the given talks, it appears that the challenges in the realm of general binary analysis have not changed considerably since the last gathering. However, the balance between the topics shows that the academic interest is now more focused on machine learning than on obfuscation. On the contrary practitioners exhibited examples showing that the sophistication level of obfuscations has tremendously increased during this last years.

The open discussions were the most fruitful part of the seminar. The discussions enabled the academics to ask practitioners about the hypotheses that are relevant to build models for their analyses and the problems they face in their daily work. The practitioners gained awareness of the automated tools and techniques that they can expect to see emerge from research labs.

These informal exchanges will be gathered into a separate document and spread to the academic community.

Finally please note that not all people who presented have submitted their abstracts due to the sensitive nature of the content and/or the organization that the participants work for.

Summary text license
  Creative Commons BY 3.0 Unported license
  Sarah Zennou, Saumya K. Debray, Thomas Dullien, and Arun Lakhotia

Dagstuhl-Seminar Series


  • Security / Cryptology
  • Semantics / Formal Methods
  • Verification / Logic


  • Malware
  • Reverse engineering
  • Executable analysis
  • Obfuscation
  • Machine learning
  • Big data


In der Reihe Dagstuhl Reports werden alle Dagstuhl-Seminare und Dagstuhl-Perspektiven-Workshops dokumentiert. Die Organisatoren stellen zusammen mit dem Collector des Seminars einen Bericht zusammen, der die Beiträge der Autoren zusammenfasst und um eine Zusammenfassung ergänzt.


Download Übersichtsflyer (PDF).

Dagstuhl's Impact

Bitte informieren Sie uns, wenn eine Veröffentlichung ausgehend von Ihrem Seminar entsteht. Derartige Veröffentlichungen werden von uns in der Rubrik Dagstuhl's Impact separat aufgelistet  und im Erdgeschoss der Bibliothek präsentiert.


Es besteht weiterhin die Möglichkeit, eine umfassende Kollektion begutachteter Arbeiten in der Reihe Dagstuhl Follow-Ups zu publizieren.