MALCODE

MALCODE: Malicious Code Detection using Emulation

 Coordinatore FOUNDATION FOR RESEARCH AND TECHNOLOGY HELLAS 

 Organization address address: N PLASTIRA STR 100
city: HERAKLION
postcode: 70013

contact info
Titolo: Prof.
Nome: Evangelos
Cognome: Markatos
Email: send email
Telefono: +30 2810391655
Fax: +30 2810 391493

 Nazionalità Coordinatore Greece [EL]
 Totale costo 230˙952 €
 EC contributo 230˙952 €
 Programma FP7-PEOPLE
Specific programme "People" implementing the Seventh Framework Programme of the European Community for research, technological development and demonstration activities (2007 to 2013)
 Code Call FP7-PEOPLE-2009-IOF
 Funding Scheme MC-IOF
 Anno di inizio 2010
 Periodo (anno-mese-giorno) 2010-07-01   -   2013-06-30

 Partecipanti

# participant  country  role  EC contrib. [€] 
1    FOUNDATION FOR RESEARCH AND TECHNOLOGY HELLAS

 Organization address address: N PLASTIRA STR 100
city: HERAKLION
postcode: 70013

contact info
Titolo: Prof.
Nome: Evangelos
Cognome: Markatos
Email: send email
Telefono: +30 2810391655
Fax: +30 2810 391493

EL (HERAKLION) coordinator 230˙952.10

Mappa


 Word cloud

Esplora la "nuvola delle parole (Word Cloud) per avere un'idea di massima del progetto.

polymorphism    attack    network    malicious    obfuscation    protection    data    significant    pdf    traffic    variants    computer    injection    emulation    algorithms    types    vulnerabilities    malcode    actual    software    shellcode    viruses    code    memory    technique    miss    detection    detects    document    threats    hidden    years    malware    ed    actions    documents    techniques    virus    evasion    machine    web    attacks   

 Obiettivo del progetto (Objective)

'After many years of security research and engineering, code injection attacks remain one of the most common methods for malware propagation, exposing significant limitations in current state-of-the-art attack detection systems. For instance, the recent massive outbreak of the Conficker worm in the beginning of 2009 resulted to more than 10 million infected machines worldwide. Malicious web sites also launch code injection attacks against unsuspecting visitors by exploiting vulnerabilities in popular web browsers, document viewers, media players, and other client applications. The increasing professionalism of cyber criminals and the constant rise in the number of malware variants and malicious websites make the need for effective malicious code detection more critical than ever. Once sophisticated tricks of only the most skilled virus authors, advanced evasion techniques like code obfuscation and polymorphism are now the norm in most malware variants and code injection attacks. As the number of new vulnerabilities and malware variants grows at a frenetic pace, detection approaches based on threat signatures, which are employed by most virus scanners and intrusion detection systems, cannot cope with the vast number of new malicious code variants. In the proposed project, we plan to design, develop, and evaluate novel malicious code detection algorithms based on code emulation. Working at the lowest level---the actual instructions that get executed---dynamic analysis using emulation unveils the actual malicious code without being affected by evasion techniques like encryption, polymorphism, or code obfuscation. Focusing on the behavior and not the structure of the code, we aim to identify common functionality and actions that are inherent to different types of malicious code, and use them for the development of new malicious code detection heuristics.'

Introduzione (Teaser)

There are more computer threats than viruses alone. An EU project helped to protect against one kind, neutralising disguised attacks and compromised documents other systems could miss.

Descrizione progetto (Article)

Computer viruses and other malicious software are well known. Attacks that exploit memory corruption vulnerabilities are less famous, but arguably even more dangerous as they can give unrestricted system access.

Looking to offer protection was the EU-funded 'Malicious code detection using emulation' (MALCODE) project. Organised under the Marie Curie programme for researcher development, the single-member study ran for three years to the end of June 2013. The aim was to design, develop and evaluate new algorithms for detecting malicious code, based on code emulation.

Malware can hide or disguise itself; hence, an advantage of the project's technique is that it detects malicious code by its actions at the machine-instruction level. By examining those actions, the project aimed to establish new principles for detection.

The project successfully achieved its aims. Outcomes included two new methods for detection of network-level attacks and malicious PDF documents. The first method involved a shellcode detection technique, and a means of identifying machine-level operations performed by different types of shellcode. In effect, the technique enables detection that other systems could miss. The second detection technique, called MDScan, is a document scanner, similarly able to detect hidden threats embedded in PDF files.

The second half of the study resulted in two techniques for attack prevention based on Return Oriented Programming. The method detects hidden threats in data sources such as network traffic or process memory, and provides protection using in-place code randomisation. As a result, defences can be applied to third-party software, but without slowing processor time.

Work also contributed to other fields, including network-level traffic monitoring and analysis, and the use of graphics processors for accelerating processing of network traffic. Additionally, the research advanced online privacy issues and investigated the Android operating system environment.

MALCODE achieved significant advances in detection of and protection against malicious code threats. As a result, computer and data systems will be more secure.

Altri progetti dello stesso programma (FP7-PEOPLE)

3D MULTICELL GROWTH (2013)

How mechanical forces regulate tissue growth in defined 3D geometries

Read More  

OPEN (2012)

Corporate Open Disclosure: A Defensive Perspective

Read More  

28 JUNE 1914 (2011)

28 June 1914: A Day in European History and Memory

Read More