Collaborative Research: CT-T: Logic and Data Flow Extraction for Live and Informed Malware Execution

协作研究：CT-T：实时且知情的恶意软件执行的逻辑和数据流提取

• 批准号: 0716612
• 负责人: Phillip Porras
• 金额: $ 44万
• 依托单位: SRI International
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-09-01 至 2011-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0716612&HistoricalAwards=false
• 关键词: Collaborative; Research; CT; Logic; Data

Malicious activity on the Internet is a significant threat to both individuals and institutions. Over the past few years, network honeypots have emerged as an important tool for measuring and understanding the details of cyber attacks. The objective of the proposed research is to stimulate the development of next generation Internet security systems and forensic tools based on automated, indepth analysis of malicious activity and malicious software (malware) observed in network honeypots. The research program to achieve these capabilities will address four critical challenges: (1) efficient malware collection, (2) identification of evasion and obfuscation techniques embedded in the malware, (3) full understanding of malware intent and logic, and (4) the full exercise of malware functionality during runtime execution. The technical approach to address these challenges, which is referred to as Informed Malware Execution (IME), is comprehensive in its use of techniques drawn from a variety of disciplines including network security, forensic analysis, static and dynamic program analysis, and binary instrumentation. The broader impacts of this project are that it will enable a deep understanding of malware logic and execution, and lead to more effective, generalized (non-instance-specific) network security. The expected results of this work include research papers describing new malware analysis methods, prototype software for malware collection and analysis, and datasets collected from network honeypots. The project also includes education and outreach activities that will develop course materials on practical aspects of network security, and provide training for graduate students involved in all aspects of the research.

互联网上的恶意活动对个人和机构都是一个重大威胁。在过去的几年里，网络蜜罐已经成为衡量和了解网络攻击细节的重要工具。拟议研究的目标是促进下一代互联网安全系统和取证工具的发展，这些系统和取证工具基于对网络蜜罐中观察到的恶意活动和恶意软件(恶意软件)的自动、深入分析。实现这些能力的研究计划将解决四个关键挑战：(1)有效的恶意软件收集，(2)识别恶意软件中嵌入的规避和混淆技术，(3)充分了解恶意软件的意图和逻辑，以及(4)在运行时执行期间充分行使恶意软件功能。解决这些挑战的技术方法被称为知情恶意软件执行(IME)，它在使用各种学科的技术方面是全面的，包括网络安全、取证分析、静态和动态程序分析以及二进制工具。此项目的更广泛影响是，它将使您能够深入了解恶意软件的逻辑和执行，并导致更有效、更通用(非实例特定)的网络安全。这项工作的预期结果包括描述新的恶意软件分析方法的研究论文，用于恶意软件收集和分析的原型软件，以及从网络蜜罐收集的数据集。该项目还包括教育和外联活动，这些活动将编写关于网络安全实际方面的课程材料，并为参与研究各个方面的研究生提供培训。