Objetivo
After many years of security research and engineering, code injection attacks remain one of the most common methods for malware propagation, exposing significant limitations in current state-of-the-art attack detection systems. For instance, the recent massive outbreak of the Conficker worm in the beginning of 2009 resulted to more than 10 million infected machines worldwide. Malicious web sites also launch code injection attacks against unsuspecting visitors by exploiting vulnerabilities in popular web browsers, document viewers, media players, and other client applications. The increasing professionalism of cyber criminals and the constant rise in the number of malware variants and malicious websites make the need for effective malicious code detection more critical than ever. Once sophisticated tricks of only the most skilled virus authors, advanced evasion techniques like code obfuscation and polymorphism are now the norm in most malware variants and code injection attacks. As the number of new vulnerabilities and malware variants grows at a frenetic pace, detection approaches based on threat signatures, which are employed by most virus scanners and intrusion detection systems, cannot cope with the vast number of new malicious code variants. In the proposed project, we plan to design, develop, and evaluate novel malicious code detection algorithms based on code emulation. Working at the lowest level---the actual instructions that get executed---dynamic analysis using emulation unveils the actual malicious code without being affected by evasion techniques like encryption, polymorphism, or code obfuscation. Focusing on the behavior and not the structure of the code, we aim to identify common functionality and actions that are inherent to different types of malicious code, and use them for the development of new malicious code detection heuristics.
Ámbito científico
Convocatoria de propuestas
FP7-PEOPLE-2009-IOF
Consulte otros proyectos de esta convocatoria
Régimen de financiación
MC-IOF - International Outgoing Fellowships (IOF)Coordinador
70013 Irakleio
Grecia