Entries Tagged as 'Malware '

Fuzzy Hashing Against Different Types of Malware

CERT , Fuzzy Hashing , Malware No Comments »

By David French,
CERT Senior Researcher

David FrenchMalware, which is short for “malicious software,” is a growing problem for government and commercial organizations since it disrupts or denies important operations, gathers private information without consent, gains unauthorized access to system resources, and other inappropriate behaviors. A previous blog post described the use of  “fuzzy hashing” to determine whether two files suspected of being malware are similar, which helps analysts potentially save time by identifying opportunities to leverage previous analysis of malware when confronted with a new attack.  This posting continues our coverage of fuzzy hashing by discussing types of malware against which similarity measures of any kind (including fuzzy hashing) may be applied.

Read more...

Using Machine Learning to Detect Malware Similarity

Machine Learning , Malware 3 Comments »

By Sagar Chaki, Senior Member of the Technical Staff
Research, Technology, and System Solutions

Sagar Chaki Malware, which is short for “malicious software,” consists of programming aimed at disrupting or denying operation, gathering private information without consent, gaining unauthorized access to system resources, and other inappropriate behavior. Malware infestation is of increasing concern to government and commercial organizations. For example, according to the Global Threat Report from Cisco Security Intelligence Operations, there were 287,298 “unique malware encounters” in June 2011, double the number of incidents that occurred in March. To help mitigate the threat of malware, researchers at the SEI are investigating the origin of executable software binaries that often take the form of malware. This posting augments a previous posting describing our research on using classification (a form of machine learning) to detect “provenance similarities” in binaries, which means that they have been compiled from similar source code (e.g., differing by only minor revisions) and with similar compilers (e.g., different versions of Microsoft Visual C++ or different levels of optimization).

Read more...

Fuzzy Hashing Techniques in Applied Malware Analysis

CERT , Fuzzy Hashing , Malware 3 Comments »

By David French,
CERT Senior Researcher

David French Malware—generically defined as software designed to access a computer system without the owner’s informed consent—is a growing problem for government and commercial organizations.  In recent years, research into malware focused on similarity metrics to decide whether two suspected malicious files are similar to one another. Analysts use these metrics to determine whether a suspected malicious file bears any resemblance to already verified malicious files. Using these metrics allows analysts to potentially save time, by identifying opportunities to leverage previous analysis. This post will describe our efforts to develop a technique (known as fuzzy hashing) to help analysts determine whether two pieces of suspected malware are similar.

Read more...

A New Approach to Modeling Malware using Sparse Representation

Malware No Comments »

by William Casey,
CERT Senior Researcher

Will Casey Malicious software (known as “malware”) is increasingly pervasive with a constant influx of new, increasingly complex strains that wreak havoc by exploiting computers or personal and business information stored therein for malicious or criminal purposes.   Examples include code that is designed to pilfer personal and digital credentials; plunder sensitive information from government or business enterprises; or interrupt, misdirect, or render inoperable computer hardware and computer-controlled equipment.  This post describes our work to create a rapid search capability that allows analysts to quickly analyze a new piece of malware.

 

Read more...

New & Upcoming SEI Research Initiatives

Binaries , Malware No Comments »

By Douglas C. Schmidt,
Chief Technology Officer

Doug SchmidtIn response to a comment on my initial post introducing the SEI blog, I wanted to provide some additional information on new and upcoming SEI research initiatives. In this post, I describe these areas, and include a “sneak preview” of upcoming blog postings in each area.

Read more...