July 9 – 14 , 2017, Dagstuhl Seminar 17281

Malware Analysis: From Large-Scale Data Triage to Targeted Attack Recognition


Saumya K. Debray (University of Arizona – Tucson, US)
Thomas Dullien (Google Switzerland – Zürich, CH)
Arun Lakhotia (University of Louisiana – Lafayette, US)
Sarah Zennou (Airbus Group – Suresnes, FR)

For support, please contact

Dagstuhl Service Team


Dagstuhl Report, Volume 7, Issue 7 Dagstuhl Report
Aims & Scope
List of Participants
Shared Documents


As a follow-up on the previous Dagstuhl Seminar 14241 on the analysis of binaries, the interest in attending this new seminar was very high. The attendance was very diverse, almost half academics and half practitioners.

Talks were arranged by topics and each day ended with an open discussion on one of the three topics: machine learning, obfuscation and practitioners' needs.

Considering the given talks, it appears that the challenges in the realm of general binary analysis have not changed considerably since the last gathering. However, the balance between the topics shows that the academic interest is now more focused on machine learning than on obfuscation. On the contrary practitioners exhibited examples showing that the sophistication level of obfuscations has tremendously increased during this last years.

The open discussions were the most fruitful part of the seminar. The discussions enabled the academics to ask practitioners about the hypotheses that are relevant to build models for their analyses and the problems they face in their daily work. The practitioners gained awareness of the automated tools and techniques that they can expect to see emerge from research labs.

These informal exchanges will be gathered into a separate document and spread to the academic community.

Finally please note that not all people who presented have submitted their abstracts due to the sensitive nature of the content and/or the organization that the participants work for.

  Creative Commons BY 3.0 Unported license
  Sarah Zennou, Saumya K. Debray, Thomas Dullien, and Arun Lakhotia

Dagstuhl Seminar Series


  • Security / Cryptology
  • Semantics / Formal Methods
  • Verification / Logic


  • Malware
  • Reverse engineering
  • Executable analysis
  • Obfuscation
  • Machine learning
  • Big data

Book exhibition

Books from the participants of the current Seminar 

Book exhibition in the library, ground floor, during the seminar week.


In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.


Download overview leaflet (PDF).


Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.

NSF young researcher support