TWC: Medium: Collaborative Proposal: Safety in Numbers: Crowdsourcing for Global Software Integrity

TWC：媒介：协作提案：数字安全：全球软件完整性的众包

• 批准号: 1228995
• 负责人: Brian Demsky
• 金额: $ 80万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-10-01 至 2016-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1228995&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Proposal; Safety

The recent explosion in malware poses financial, privacy, and safety risks. This project explores a fundamentally new approach to malware detection that promises to be faster, more effective, and cheaper than current tools.The evolution of malicious software, or malware, has seen increases in both malware's capabilities and sheer volume. Recent malware makes use of a number of sophisticated technologies including polymorphism, public key encryption, and peer-to-peer architectures. These advances are driven by significant resources put into malware development by both criminal enterprises and countries. Traditional malware detection tools rely on slow manual processes and the recent advances in malware have outrun the ability of existing tools to cope.This project uses a new approach to the malware crisis that centers around constructive use of crowd-sourcing. The key insight is that the collection of machines on the Internet contains information that can be used to automatically classify software as either legitimate or malicious. This information includes not only the behavior of malware on individual machines but also the behavior of the aggregate population. For example, the aggregate statistics of how software propagates across the network can provide insight into whether the software is malicious.A key component of the proposed work is binary translation-based dynamic signatures. Traditional malware detection tools have used static signatures, but polymorphic techniques have made this approach significantly more difficult. The project employs binary translation to efficiently collect dynamic traces for both code execution and behavioral events such as network communication and then generate signatures for these traces.The project significantly reduces the threats of malware to society, especially since software developed through the project is freely available. The project is mentoring members of underrepresented minorities, and is infusing its ideas into the curriculum.

最近恶意软件的爆炸式增长带来了金融、隐私和安全风险。该项目探索了一种全新的恶意软件检测方法，有望比目前的工具更快、更有效、更便宜。恶意软件或恶意软件的发展见证了恶意软件的能力和绝对数量的增加。最近的恶意软件利用了许多复杂的技术，包括多态、公钥加密和对等体系结构。这些进展是由犯罪企业和国家在恶意软件开发方面投入的大量资源推动的。传统的恶意软件检测工具依赖于缓慢的手动过程，而最近恶意软件的进步已经超过了现有工具的应对能力。该项目使用了一种以建设性地使用众包为中心的新方法来应对恶意软件危机。关键的见解是，互联网上的机器集合包含可用于自动将软件分类为合法或恶意的信息。这些信息不仅包括恶意软件在单个计算机上的行为，还包括总体人口的行为。例如，软件如何在网络上传播的汇总统计数据可以提供对软件是否恶意的洞察。拟议工作的一个关键组件是基于二进制转换的动态签名。传统的恶意软件检测工具使用静态签名，但多态技术使这种方法变得更加困难。该项目使用二进制翻译来高效地收集代码执行和网络通信等行为事件的动态跟踪，然后为这些跟踪生成签名。该项目显著降低了恶意软件对社会的威胁，特别是因为通过该项目开发的软件是免费提供的。该项目正在指导代表人数不足的少数族裔成员，并将其理念注入课程。