From Unreliable to Trustworthy: Designing LLM-assisted Workflows for Exposing Malware’s Hidden Behaviors
Talk, University College London Information Security Seminar, London, United Kingdom
Malware increasingly hides its most damaging behaviors, exposing only a controlled surface to analysis systems. Existing approaches for revealing concealed functionality often rely on expensive path exploration or narrowly targeted heuristics, leaving analysts to manually determine how to expose hidden behavior. Although large language models (LLMs) offer new opportunities to assist malware analysis, directly applying them to reverse engineering tasks frequently produces unreliable or inconsistent results. This talk will cover the development of LUMEN, an LLM-assisted framework that identifies critical decision points that suppress malicious activity and then exposes behaviors hidden from sandbox execution, finding 4x more hidden behaviors in real-world malware than specialized tools…
