Jan 14
2013
By Sagar Chaki,
Senior Member of the Technical Staff
Research, Technology & System Solutions
A
malicious program disrupts computer operations, gains access to private
computational resources, or collects sensitive information. In February
2012, nearly 300 million malicious programs were detected, according to
a report compiled by SECURELIST.
To help organizations protect against malware, I and other researchers
at the SEI have focused our efforts on trying to determine the origin of
the malware. In particular, I’ve recently worked with my colleagues—Arie Gurfinkel, who works with me in the SEI’s Research, Technology, & System Solutions Program, and Cory Cohen, a malware analyst with the CERT Program—to
use the semantics of programming languages to determine the origin of
malware. This blog post describes our exploratory research to derive
precise and timely actionable intelligence to understand and respond to
malware.
Read more...
Sep 19
2011
By Sagar Chaki, Senior Member of the Technical Staff
Research, Technology, and System Solutions
Malware,
which is short for “malicious software,” consists of programming aimed
at disrupting or denying operation, gathering private information
without consent, gaining unauthorized access to system resources, and
other inappropriate behavior. Malware infestation is of increasing
concern to government and commercial organizations. For example,
according to the Global Threat Report from
Cisco Security Intelligence Operations, there were 287,298 “unique
malware encounters” in June 2011, double the number of incidents that
occurred in March. To help mitigate the threat of malware, researchers
at the SEI are investigating the origin of executable software binaries
that often take the form of malware. This posting augments a previous posting
describing our research on using classification (a form of machine
learning) to detect “provenance similarities” in binaries, which means
that they have been compiled from similar source code (e.g., differing
by only minor revisions) and with similar compilers (e.g., different
versions of Microsoft Visual C++ or different levels of optimization).
Read more...
Feb 14
2011
By Sagar Chaki, Senior Member of the Technical Staff
Research Technology and System Solutions (RTSS)
As software becomes an
ever-increasing part of our daily lives, organizations find themselves relying
on software that originates from unknown and untrusted sources. The vast
majority of such software is available only as executables, known as “binaries.”
Many binaries—such as malware or different versions and builds of a software
package—are simply minor variants of old programs (or in some cases exact
copies) that have been run through a different compiler. This blog post explains how the ability to detect
similarities among binaries is an important tool in malware detection and a
growing area of research.
Read more...
Recent Comments