There are more computer threats than viruses alone. An EU project helped to protect against one kind, neutralising disguised attacks and compromised documents other systems could miss.

Digital Economy

Computer viruses and other malicious software are well known. Attacks that exploit memory corruption vulnerabilities are less famous, but arguably even more dangerous as they can give unrestricted system access. Looking to offer protection was the EU-funded 'Malicious code detection using emulation' (MALCODE) project. Organised under the Marie Curie programme for researcher development, the single-member study ran for three years to the end of June 2013. The aim was to design, develop and evaluate new algorithms for detecting malicious code, based on code emulation. Malware can hide or disguise itself; hence, an advantage of the project's technique is that it detects malicious code by its actions at the machine-instruction level. By examining those actions, the project aimed to establish new principles for detection. The project successfully achieved its aims. Outcomes included two new methods for detection of network-level attacks and malicious PDF documents. The first method involved a shellcode detection technique, and a means of identifying machine-level operations performed by different types of shellcode. In effect, the technique enables detection that other systems could miss. The second detection technique, called MDScan, is a document scanner, similarly able to detect hidden threats embedded in PDF files. The second half of the study resulted in two techniques for attack prevention based on Return Oriented Programming. The method detects hidden threats in data sources such as network traffic or process memory, and provides protection using in-place code randomisation. As a result, defences can be applied to third-party software, but without slowing processor time. Work also contributed to other fields, including network-level traffic monitoring and analysis, and the use of graphics processors for accelerating processing of network traffic. Additionally, the research advanced online privacy issues and investigated the Android operating system environment. MALCODE achieved significant advances in detection of and protection against malicious code threats. As a result, computer and data systems will be more secure.

Keywords

Computer attack, memory corruption, system access, malicious code, code emulation, malware, shellcode