laboratoire exploration et recherche en d tection
play

Laboratoire Exploration et recherche en Dtection LED Agence - PowerPoint PPT Presentation

Jul 18, 2023 •339 likes •882 views

Laboratoire Exploration et recherche en Dtection LED Agence Nationale de la Scurit des Systmes dInformation 2019 VMProtect Compression Imports protection Code mutation ... VIRTUALIZATION ANSSI Laboratoire

  1. Laboratoire Exploration et recherche en Détection LED Agence Nationale de la Sécurité des Systèmes d’Information 2019

  2. VMProtect ◮ Compression ◮ Imports protection ◮ Code mutation ◮ ... ◮ VIRTUALIZATION ANSSI Laboratoire Exploration et recherche en Détection 2/47

  3. File geometry .text .rdata .data ANSSI Laboratoire Exploration et recherche en Détection 3/47

  4. File geometry f1 .text f2 .rdata .data ANSSI Laboratoire Exploration et recherche en Détection 3/47

  5. File geometry f1 .text f2 .rdata .data .vmp0 ANSSI Laboratoire Exploration et recherche en Détection 3/47

  6. File geometry itrp / bytecode .text itrp / bytecode .rdata .data itrp .vmp0 bytecode ANSSI Laboratoire Exploration et recherche en Détection 3/47

  7. Interpreter code is obfuscated . vmp0 :004047D3 and ah , d l ( junk ) . vmp0 :004047D5 mov eax , [ ebp +0] . vmp0 :004047D8 s a l dl , 3 ( junk ) . vmp0 :004047DB c l c ( junk ) . vmp0 :004047DC mov dh , 0E3h ( junk ) . vmp0 :004047DF t e s t esp , eax ( junk ) . vmp0 :004047E1 mov edx , [ ebp +4] . vmp0 :004047E4 t e s t eax , 0A4B7FFF0h ( junk ) . vmp0 :004047E9 t e s t bh , bh ( junk ) . vmp0 :004047EB pushf ( junk ) . vmp0 :004047EC not eax . vmp0 :004047EE t e s t cl , 5Ch ( junk ) . vmp0 :004047F1 c l c ( junk ) . vmp0 :004047F2 s t c ( junk ) . vmp0 :004047F3 not edx . vmp0 :004047F5 pushf ( junk ) . vmp0 :004047F6 jmp l o c 4053BF ANSSI Laboratoire Exploration et recherche en Détection 4/47

  8. V2 Interpreter dispatcher push nor jmp add ANSSI Laboratoire Exploration et recherche en Détection 5/47

  9. V3 Interpreter push nor jmp add ANSSI Laboratoire Exploration et recherche en Détection 6/47

  10. Native registers roles x86 x64 vip esi rsi vsp ebp rbp virtual registers edi (x 16) rdi (x 24) decryption mask ebx rbx opcode (@handler entry) eax rax ANSSI Laboratoire Exploration et recherche en Détection 7/47

  11. VM instruction set Most important invariant across samples ◮ Based on the same template ◮ Opcodes permutated ◮ Bytecode encryption varies Who does what ? ANSSI Laboratoire Exploration et recherche en Détection 8/47

  12. Bytecode extraction ◮ Locate dispatcher / handlers ◮ Symbolic execution ◮ Extract decryption formulas ◮ Recognize opcodes by their effect on the virtual stack ANSSI Laboratoire Exploration et recherche en Détection 9/47

  13. Front-end protected binary VM instruction set x86 discovery code VM encrypted decrypted semantics bytecode bytecode ANSSI Laboratoire Exploration et recherche en Détection 10/47

  14. Bytecode instruction set Stack-oriented machine ◮ push X, pop Y, load, store ANSSI Laboratoire Exploration et recherche en Détection 11/47

  15. Bytecode instruction set Stack-oriented machine ◮ push X, pop Y, load, store ◮ ALU : add, nor, shifts, mul, div ANSSI Laboratoire Exploration et recherche en Détection 11/47

  16. Bytecode instruction set Stack-oriented machine ◮ push X, pop Y, load, store ◮ ALU : add, nor, shifts, mul, div ◮ Control flow : jmp ANSSI Laboratoire Exploration et recherche en Détection 11/47

  17. Bytecode instruction set Stack-oriented machine ◮ push X, pop Y, load, store ◮ ALU : add, nor, shifts, mul, div ◮ Control flow : jmp ◮ VM exits : fixed-arity call, exitvm ANSSI Laboratoire Exploration et recherche en Détection 11/47

  18. Bytecode instruction set Stack-oriented machine ◮ push X, pop Y, load, store ◮ ALU : add, nor, shifts, mul, div ◮ Control flow : jmp ◮ VM exits : fixed-arity call, exitvm ◮ misc : cpuid, rdtsc, FPU, checksum... ANSSI Laboratoire Exploration et recherche en Détection 11/47

  19. Operators expansion operation translates into not a nor a a and a b nor (not a) (not b) or a b not (nor a b) sub a b not (add (not a) b) xor a b and (or a b) (or (not a) (not b)) flags (sub a b) add (and ~0x815 (flags (and (sub a b) (sub a b))) (and 0x815 (flags (add (not a) b))) ANSSI Laboratoire Exploration et recherche en Détection 12/47

  20. From bytecode back to CISC

  21. Source loop: dec eax test eax, eax jnz loop ANSSI Laboratoire Exploration et recherche en Détection 14/47

  22. Bytecode [+] 43bc7d : pop r4 [+] 43bc82 : pop r2 [+] 43bc87 : pop r8 [+] 43bc8c : pop r9 [+] 43bc91 : pop r6 [+] 43bc96 : pop r10 [+] 43bc9b : pop r3 [+] 43bca0 : pop r1 [+] 43bca5 : pop r14 [+] 43bcaa : pop r15 [+] 43bcaf : pop r5 [+] 43bcb4 : push 0x [+] 43bcbc : push r9 ✁ ✁ ✁ ✁ [+] 43bcc1 : add32 [+] 43bcc5 : pop r7 [+] 43bcca : pop r5 [+] 43bccf : push 0x43bc08 [+] 43bcd7 : push r5 [+] 43bcdc : push r5 [+] 43bce1 : nor32 [+] 43bce5 : pop r0 [+] 43bcea : push r5 [+] 43bcef : push r5 [+] 43bcf4 : nor32 [+] 43bcf8 : pop r9 [+] 43bcfd : nor32 [+] 43bd01 : pop r0 [+] 43bd06 : pop r7 [+] 43bd0b : push 0x44cba5 [+] 43bd13 : push vsp [+] 43bd17 : push 4:16 [+] 43bd1d : push r0 [+] 43bd22 : push 0x ✁ bf [+] 43bd2a : nor32 ✁ ✁ [+] 43bd2e : pop r9 [+] 43bd33 : shr32 [+] 43bd37 : pop r9 [+] 43bd3c : add32 [+] 43bd40 : pop r11 [+] 43bd45 : load32 [+] 43bd49 : pop r12 [+] 43bd4e : pop r11 [+] 43bd53 : pop r7 [+] 43bd58 : push r12 [+] 43bd5d : push r4 [+] 43bd62 : add32 [+] 43bd66 : pop r11 [+] 43bd6b : pop r15 [+] 43bd70 : push r5 [+] 43bd75 : push r10 [+] 43bd7a : push r0 [+] 43bd7f : push r14 [+] 43bd84 : push r10 [+] 43bd89 : push r8 [+] 43bd8e : push r5 [+] 43bd93 : push r3 [+] 43bd98 : push r1 [+] 43bd9d : push r2 [+] 43bda2 : push r4 [+] 43bda7 : push r15 [+] 43bdac : jmp ANSSI Laboratoire Exploration et recherche en Détection 15/47

  23. Bytecode [+] 43bc7d : pop r4 [+] 43bc82 : pop r2 [+] 43bc87 : pop r8 [+] 43bc8c : pop r9 [+] 43bc91 : pop r6 [+] 43bc96 : pop r10 [+] 43bc9b : pop r3 [+] 43bca0 : pop r1 [+] 43bca5 : pop r14 [+] 43bcaa : pop r15 [+] 43bcaf : pop r5 [+] 43bcb4 : push 0x ffffffff [+] 43bcbc : push r9 [+] 43bcc1 : add32 [+] 43bcc5 : pop r7 [+] 43bcca : pop r5 [+] 43bccf : push 0x43bc08 [+] 43bcd7 : push r5 [+] 43bcdc : push r5 [+] 43bce1 : nor32 [+] 43bce5 : pop r0 [+] 43bcea : push r5 [+] 43bcef : push r5 [+] 43bcf4 : nor32 [+] 43bcf8 : pop r9 [+] 43bcfd : nor32 [+] 43bd01 : pop r0 [+] 43bd06 : pop r7 [+] 43bd0b : push 0x44cba5 [+] 43bd13 : push vsp [+] 43bd17 : push 4:16 [+] 43bd1d : push r0 [+] 43bd22 : push 0x ffffff bf [+] 43bd2a : nor32 [+] 43bd2e : pop r9 [+] 43bd33 : shr32 [+] 43bd37 : pop r9 [+] 43bd3c : add32 [+] 43bd40 : pop r11 [+] 43bd45 : load32 [+] 43bd49 : pop r12 [+] 43bd4e : pop r11 [+] 43bd53 : pop r7 [+] 43bd58 : push r12 [+] 43bd5d : push r4 [+] 43bd62 : add32 [+] 43bd66 : pop r11 [+] 43bd6b : pop r15 [+] 43bd70 : push r5 [+] 43bd75 : push r10 [+] 43bd7a : push r0 [+] 43bd7f : push r14 [+] 43bd84 : push r10 [+] 43bd89 : push r8 [+] 43bd8e : push r5 [+] 43bd93 : push r3 [+] 43bd98 : push r1 [+] 43bd9d : push r2 [+] 43bda2 : push r4 [+] 43bda7 : push r15 [+] 43bdac : jmp ANSSI Laboratoire Exploration et recherche en Détection 16/47

  24. Prologue [+] 43bc7d : pop r4 [+] 43bc82 : pop r2 [+] 43bc87 : pop r8 [+] 43bc8c : pop r9 [+] 43bc91 : pop r6 [+] 43bc96 : pop r10 [+] 43bc9b : pop r3 [+] 43bca0 : pop r1 [+] 43bca5 : pop r14 [+] 43bcaa : pop r15 [+] 43bcaf : pop r5 ANSSI Laboratoire Exploration et recherche en Détection 17/47

  25. Epilogue [+] 43bd70 : push r5 [+] 43bd75 : push r10 [+] 43bd7a : push r0 [+] 43bd7f : push r14 [+] 43bd84 : push r10 [+] 43bd89 : push r8 [+] 43bd8e : push r5 [+] 43bd93 : push r3 [+] 43bd98 : push r1 [+] 43bd9d : push r2 [+] 43bda2 : push r4 [+] 43bda7 : push r15 [+] 43bdac : jmp ANSSI Laboratoire Exploration et recherche en Détection 18/47

  26. Virtual registers permutation ecx r0 r0 eax r1 r1 ecx r2 r2 eax r3 r3 ebx r4 r4 r5 ebx r5 ANSSI Laboratoire Exploration et recherche en Détection 19/47

  27. Body [+] 43bcb4 : push 0x ffffffff [+] 43bcbc : push r9 [+] 43bcc1 : add32 [+] 43bcc5 : pop r7 [+] 43bcca : pop r5 [+] 43bccf : ... [+] 43bcd7 : ... [+] 43bcdc : ... [+] 43bce1 : ... ANSSI Laboratoire Exploration et recherche en Détection 20/47

  28. How do we simplify the body ?

  29. Mutable registers ♣ � ♣ ✂✄ ♣ � ♣ ✂☎ ... ♣ � ♣ ✂✆ ✝ ✞✟ 0x ffffffff ♣ ♣ ✝ ✞✟ ✂r ❛ ✠ ✠ ✡ ☎ ♣ � ♣ ✂☛ ♣ � ♣ ✂✆ ... ANSSI Laboratoire Exploration et recherche en Détection 22/47

  30. SSA form .1 ☞ ✌ ☞ ✍✎ .1 ☞ ✌ ☞ ✍✏ ... .1 ☞ ✌ ☞ ✍✑ ✒ ✓✔ 0x ffffffff ☞ .1 ☞ ✒ ✓✔ ✍✕ ✖ ✗ ✗ ✘ ✏ .1 ☞ ✌ ☞ ✍✙ ☞ ✌ ☞ ✍✑ ✳ ✏ ... ANSSI Laboratoire Exploration et recherche en Détection 23/47

  31. Explicit operands IR ✣ ✤ ✣ ✥ ✣ ✤ ✣ ✦ ❘ ✧ ★ ❂ ✚ ✛ ✛ ✦ ✧ ✥ ✚ ✛ ✛ ✜ ✢ ✫ R ✣ ✩✪ ✣ ✩✪ ✫ ★ ANSSI Laboratoire Exploration et recherche en Détection 24/47

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BEYOND MEAN-FIELD APPROXIMATION AURLIEN DECELLE LABORATOIRE DE RECHERCHE EN INFORMATIQUE

BEYOND MEAN-FIELD APPROXIMATION AURLIEN DECELLE LABORATOIRE DE RECHERCHE EN INFORMATIQUE

BEYOND MEAN-FIELD APPROXIMATION AURLIEN DECELLE LABORATOIRE DE RECHERCHE EN INFORMATIQUE UNIVERSIT PARIS SUD MOTIVATIONS Why inverse problems ? In Machine Learning online recognition tasks In Physics understanding a

754 views • 40 slides
Ceftazidime / avibactam Michel Arthur Laboratoire de Recherche Molculaire We're gonna geed a

Ceftazidime / avibactam Michel Arthur Laboratoire de Recherche Molculaire We're gonna geed a

Ceftazidime / avibactam Michel Arthur Laboratoire de Recherche Molculaire We're gonna geed a bigger boat Spellberg B, Bonomo RA sur les Antibiotiques Centre de Recherches des Cordeliers INSERM UMR S 1138 Equipe 12 A new generation of

396 views • 35 slides
Numerical Computations and Formal Methods Guillaume Melquiond Proval, Laboratoire de Recherche en

Numerical Computations and Formal Methods Guillaume Melquiond Proval, Laboratoire de Recherche en

Program verification Formal arithmetic Decision procedures Numerical Computations and Formal Methods Guillaume Melquiond Proval, Laboratoire de Recherche en Informatique INRIA SaclayIdF, Universit e Paris Sud, CNRS October 28, 2009

1.07k views • 77 slides
Model Checking of Parameterized Systems on Weak Memory David Declerck Laboratoire de Recherche

Model Checking of Parameterized Systems on Weak Memory David Declerck Laboratoire de Recherche

Model Checking of Parameterized Systems on Weak Memory David Declerck Laboratoire de Recherche en Informatique Universit e Paris-Sud October 3rd, 2017 Work supported by French ANR project PARDI (DS0703) David Declerck A Backward

327 views • 10 slides
Pattern covering by set approximations Nicolas Oury Laboratoire de Recherche en Informatique

Pattern covering by set approximations Nicolas Oury Laboratoire de Recherche en Informatique

Outline Pattern covering by set approximations Nicolas Oury Laboratoire de Recherche en Informatique Universit e ParisSud, France TYPES, 2006 Nicolas Oury Pattern covering by set approximations Outline Outline Introduction 1 The

670 views • 63 slides
Pointing and Navigation Beating Fitts law Michel Beaudouin-Lafon Laboratoire de Recherche en

Pointing and Navigation Beating Fitts law Michel Beaudouin-Lafon Laboratoire de Recherche en

Master Informatique - Universit Paris-Sud Outline Pointing Fitts law Pointing and Navigation Beating Fitts law Michel Beaudouin-Lafon Laboratoire de Recherche en Informatique Multiscale pointing Universit Paris-Sud / CNRS

468 views • 7 slides
Com ommunity de ty detecti tection i in n netw twor orks w with th unobser erved ed edg

Com ommunity de ty detecti tection i in n netw twor orks w with th unobser erved ed edg

Com ommunity de ty detecti tection i in n netw twor orks w with th unobser erved ed edg edges es Leto Peel Universit catholique de Louvain @PiratePeel Community detection Aim: partition the network according similarity of link

385 views • 23 slides
PL PLAN ANT T PR PROTE TECTION CTION MIN INIS ISTR TRY Y OF OF N NATIO TIONAL L FOO

PL PLAN ANT T PR PROTE TECTION CTION MIN INIS ISTR TRY Y OF OF N NATIO TIONAL L FOO

DE DEPAR ARTME TMENT NT OF OF PL PLAN ANT T PR PROTE TECTION CTION MIN INIS ISTR TRY Y OF OF N NATIO TIONAL L FOO OOD SE SECU CURIT ITY Y & RES ESEA EARCH GOVT. . OF OF P PAKIS ISTAN AN PE PESTIC TICIDES

632 views • 23 slides
CAP APACIT CITY Y BUILDING ILDING FO FOR TH THE E PHYSIC YSICAL AL PROTE TECTION CTION

CAP APACIT CITY Y BUILDING ILDING FO FOR TH THE E PHYSIC YSICAL AL PROTE TECTION CTION

CAP APACIT CITY Y BUILDING ILDING FO FOR TH THE E PHYSIC YSICAL AL PROTE TECTION CTION SYS YSTEMS TEMS STR TREN ENGTHENING THENING OF BATANS NUCLEAR FACILITIES ILITIES International Conference on Physical Y. Hasan, I. H.

693 views • 31 slides
Spac ace e and Da Data ta Protec tection tion GLI LIS, S, 7 June ne 2016 2016

Spac ace e and Da Data ta Protec tection tion GLI LIS, S, 7 June ne 2016 2016

Spac ace e and Da Data ta Protec tection tion GLI LIS, S, 7 June ne 2016 2016 Introduction Space Policies all around the globe put emphases on space services supporting growth, jobs, innovation and competitiveness. Technology

219 views • 10 slides
SURGE GE PROTECT TECTION ION FI FIRE ALARM RM 1-800-753-2345 Technical Support:

SURGE GE PROTECT TECTION ION FI FIRE ALARM RM 1-800-753-2345 Technical Support:

SURGE GE PROTECT TECTION ION FI FIRE ALARM RM 1-800-753-2345 Technical Support: 1-888-472-6100 DITEKCORP.com Course Outline About DITEK Corporation What are Surges and Spikes? Causes Effects How Surge Protection Works Surge

929 views • 53 slides
Some analytical aspects of the Kontsevich matrix model Mattia Cafasso Laboratoire Angevin de

Some analytical aspects of the Kontsevich matrix model Mattia Cafasso Laboratoire Angevin de

The Wittens conjecture and the PI hierarchy Isomonodromic tau functions Convergence Universalit Some analytical aspects of the Kontsevich matrix model Mattia Cafasso Laboratoire Angevin de REcherche en MAthmatiques (LAREMA), Angers.

529 views • 22 slides
Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

isor visor Superv Super Data protection in the EU Area of Data protection in the EU Area of ection tection freedom, security and justice under the Lisbon Treaty d th Li b T t ta Prot ta Pro ean Da an Da Bndicte Havelange

739 views • 10 slides
T RANSITION -P ATH S AMPLING AND F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire

T RANSITION -P ATH S AMPLING AND F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire

T RANSITION -P ATH S AMPLING AND F REE -E NERGY C ALCULATIONS T RANSITION -P ATH S AMPLING AND F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire International Associ CNRS-UIUC, Unit Mixte de Recherche n 7565, Universit de Lorraine

559 views • 35 slides
T RANSITION -P ATH S AMPLING AND F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire

T RANSITION -P ATH S AMPLING AND F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire

T RANSITION -P ATH S AMPLING AND F REE -E NERGY C ALCULATIONS T RANSITION -P ATH S AMPLING AND F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire International Associ CNRS-UIUC, Unit Mixte de Recherche n 7565, Universit de Lorraine

367 views • 33 slides
I NTRODUCTION TO F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire International Associ

I NTRODUCTION TO F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire International Associ

I NTRODUCTION TO F REE -E NERGY C ALCULATIONS I NTRODUCTION TO F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire International Associ CNRS-UIUC, Unit Mixte de Recherche n 7565, Universit de Lorraine Beckman Institute for Advanced

549 views • 44 slides
PEBB Open Enrollment Its Mandatory! October 1- 31, 2018 Process for completing Open

PEBB Open Enrollment Its Mandatory! October 1- 31, 2018 Process for completing Open

PEBB Open Enrollment Its Mandatory! October 1- 31, 2018 Process for completing Open Enrollment* 1. Enroll in plans and elect Health Engagement Model (HEM) participation for 2019 To continue in or make changes to your current plans and

436 views • 19 slides
PROCESSOR DEVELOPMENT THE FREE AND OPEN RISC INSTRUCTION SET ARCHITECTURE Codasip is the

PROCESSOR DEVELOPMENT THE FREE AND OPEN RISC INSTRUCTION SET ARCHITECTURE Codasip is the

ENHANCED TOOLS FOR RISC-V PROCESSOR DEVELOPMENT THE FREE AND OPEN RISC INSTRUCTION SET ARCHITECTURE Codasip is the leading provider of RISC-V processor IP Codasip Bk : A portfolio of RISC-V processors Uniquely providing design automation tools

318 views • 9 slides
Velocity calibration and wavefield Overview decomposition for walkover VSP data Theory CRS

Velocity calibration and wavefield Overview decomposition for walkover VSP data Theory CRS

Velocity calibration and wavefield decomposition M. von Steht & J. Mann Velocity calibration and wavefield Overview decomposition for walkover VSP data Theory CRS stack for VSP FO CRS-Operator Calibration method Markus von Steht and

1.34k views • 115 slides
Symmetric Tensor Decompositions Kristian Ranestad University of Oslo Linz, 26.11.13 Kristian

Symmetric Tensor Decompositions Kristian Ranestad University of Oslo Linz, 26.11.13 Kristian

Symmetric Tensor Decompositions Kristian Ranestad University of Oslo Linz, 26.11.13 Kristian Ranestad Symmetric Tensor Decompositions Given F 2 S d = C [ x 0 , . . . , x n ] d homogeneous of degree d . A presentation F = l d 1 + . . . + l d r

888 views • 57 slides
Threads & GC in Clozure CL R. Matthew Emerson rme@clozure.com Clozure Associates Threads

Threads & GC in Clozure CL R. Matthew Emerson rme@clozure.com Clozure Associates Threads

Threads & GC in Clozure CL R. Matthew Emerson rme@clozure.com Clozure Associates Threads Threads in CCL are scheduled by the operating system (so they can run concurrently on multiple processors). A thread can get preempted at any

242 views • 8 slides
French/UK Grid Grid Workshop Workshop French/UK Grid Workshop French/UK London, November

French/UK Grid Grid Workshop Workshop French/UK Grid Workshop French/UK London, November

French/UK Grid Grid Workshop Workshop French/UK Grid Workshop French/UK London, November November 3 3- -4 4 London, November 3-4 London, GeoGrid GeoGrid GeoGrid Bruno Lvy, Project ISA Bruno Lvy, Project ISA Bruno Lvy, Project

466 views • 28 slides
Descent sets for oscillating tableaux Martin Rubey 1 Bruce Sagan 2 Bruce Westbury 3 1 TU Wien 2

Descent sets for oscillating tableaux Martin Rubey 1 Bruce Sagan 2 Bruce Westbury 3 1 TU Wien 2

Descent sets for oscillating tableaux Martin Rubey 1 Bruce Sagan 2 Bruce Westbury 3 1 TU Wien 2 Michigan State University 3 University of Warwick n -symplectic oscillating tableaux 0 1 2 3 4 5 6 7 8 9 = an

590 views • 34 slides
Learning to Branch Ellen Vitercik Joint work with Nina Balcan, Travis Dick, and Tuomas Sandholm

Learning to Branch Ellen Vitercik Joint work with Nina Balcan, Travis Dick, and Tuomas Sandholm

Learning to Branch Ellen Vitercik Joint work with Nina Balcan, Travis Dick, and Tuomas Sandholm Published in ICML 2018 1 Integer Programs (IPs) a maximize subject to {0,1} 2 Facility location

927 views • 65 slides

More recommend