Collaborative Research: CT-T: Logic and Data Flow Extraction for Live and Informed Malware Execution

协作研究：CT-T：实时且知情的恶意软件执行的逻辑和数据流提取

• 批准号: 0716570
• 负责人: Wenke Lee
• 金额: $ 22万
• 依托单位: Georgia Tech Research Corporation
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-09-01 至 2010-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0716570&HistoricalAwards=false
• 关键词: Collaborative; Research; CT; Logic; Data

Malicious activity on the Internet is a significant threat to both individuals and institutions. Over the past few years, network honeypots have emerged as an important tool for measuring and understanding the details of cyber attacks. The objective of the proposed research is to stimulate the development of next generation Internet security systems and forensic tools based on automated, indepth analysis of malicious activity and malicious software (malware) observed in network honeypots. The research program to achieve these capabilities will address four critical challenges: (1) efficient malware collection, (2) identification of evasion and obfuscation techniques embedded in the malware, (3) full understanding of malware intent and logic, and (4) the full exercise of malware functionality during runtime execution. The technical approach to address these challenges, which is referred to as Informed Malware Execution (IME), is comprehensive in its use of techniques drawn from a variety of disciplines including network security, forensic analysis, static and dynamic program analysis, and binary instrumentation. The broader impacts of this project are that it will enable a deep understanding of malware logic and execution, and lead to more effective, generalized (non-instance-specific) network security. The expected results of this work include research papers describing new malware analysis methods, prototype software for malware collection and analysis, and datasets collected from network honeypots. The project also includes education and outreach activities that will develop course materials on practical aspects of network security, and provide training for graduate students involved in all aspects of the research.

互联网上的恶意活动是对个人和机构的重大威胁。在过去的几年里，网络蜜罐已经成为衡量和了解网络攻击细节的重要工具。拟议的研究的目的是刺激下一代互联网安全系统和取证工具的发展的基础上，自动化，深入分析的恶意活动和恶意软件（恶意软件）在网络蜜罐观察。实现这些功能的研究计划将解决四个关键挑战：（1）有效的恶意软件收集，（2）识别恶意软件中嵌入的规避和混淆技术，（3）充分理解恶意软件的意图和逻辑，以及（4）在运行时执行期间充分行使恶意软件功能。解决这些挑战的技术方法被称为知情恶意软件执行（IME），它综合使用了来自各种学科的技术，包括网络安全，取证分析，静态和动态程序分析以及二进制插装。该项目的更广泛的影响是，它将使人们能够深入了解恶意软件的逻辑和执行，并导致更有效的，通用的（非特定于实例的）网络安全。这项工作的预期成果包括描述新的恶意软件分析方法的研究论文，用于恶意软件收集和分析的原型软件，以及从网络蜜罐收集的数据集。该项目还包括教育和推广活动，将编制关于网络安全实际方面的课程材料，并为参与研究所有方面的研究生提供培训。