TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

TWC：TTP 选项：中：协作：马尔代夫：全面了解恶意软件传播机制

• 批准号: 1514142
• 负责人: Long Lu
• 金额: $ 39.96万
• 依托单位: SUNY at Stony Brook
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-10-01 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1514142&HistoricalAwards=false
• 关键词: TWC; TTP; Option; Medium; Collaborative

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services. As a consequence of this development, criminals with little technical expertise can deploy and administer sophisticated exploit kits, and instantiate malicious-content advertising (malvertising) campaigns that surreptitiously infect hundreds of thousands of innocent victims. The MALDIVES project is developing a new generation of technologies to provide deeper insights into how these malware distribution systems are deployed, operated, and interlinked with open web sources.The MALDIVES project is organized as a sequence of five attack observation lablets (ATOLLs) which are collectively designed to acquire an in-depth understanding of the key stages in contemporary malware dissemination infrastructures. The Platform Acquisition Observatory (PLATO) is focused on studying the deployment phase of the server-side infection infrastructures. This observatory extends web-application-vulnerability mimicry systems with a dynamic exploit-kit interrogation system, and adds automated intelligence tools to understand subsequent victim infection strategies. The Victim Enticement Scheme Evaluation Lablet (VESSEL) is focused on studying the targeting phase of the malware infection lifecycle. It develops tools and conducts measurements on various enticement schemes, such as Search Engine Optimization (SEO) poisoning and malvertising. The Traffic Redirection Observation Lablet (TROLL) is focused on the delivery phase and builds active and passive techniques to measure malware-related traffic redirection chains. The Exploit Kit Interrogation Environment (EXPLORE) builds automated probes to facilitate the detection and measurement of professionally designed automated infection services. The Defensive Strategies Investigation Lablet (DISTILL) investigates novel malware-defense capabilities based on the insights acquired from prior lablets.

毫无疑问，网络犯罪群体比以往任何时候都更有组织、更有资源、更有动力在互联网上实施大规模的计算机感染。他们控制和操作的恶意软件分发系统的特点是使用高度专业化的供应商和商品化的恶意软件服务。由于这种发展，几乎没有技术专长的犯罪分子可以部署和管理复杂的漏洞利用工具包，并实例化恶意内容广告（恶意广告）活动，这些活动秘密地感染了数十万无辜的受害者。MALDIVES项目正在开发新一代的技术，以提供更深入的见解，这些恶意软件分发系统是如何部署，操作，并与开放的Web源互连。MALDIVES项目是由五个攻击观察lablet（ATOLLs）组成的序列，这些lablet被共同设计，以深入了解当代恶意软件传播基础设施的关键阶段。 平台获取观察站（PLATO）专注于研究服务器端感染基础设施的部署阶段。 这个观测站扩展了网络应用程序漏洞模仿系统与动态利用工具包询问系统，并增加了自动化的情报工具，以了解随后的受害者感染策略。 受害者引诱计划评估实验室（VESSEL）专注于研究恶意软件感染生命周期的目标阶段。 它开发工具并对各种诱惑计划进行测量，例如搜索引擎优化（SEO）中毒和恶意广告。 流量重定向观察实验室（TROLL）专注于交付阶段，并构建主动和被动技术来测量恶意软件相关的流量重定向链。 Exploit Kit Interrogation Environment（EXPLORE）构建自动化探针，以促进专业设计的自动化感染服务的检测和测量。 防御策略调查实验室（DISTILL）根据从以前的实验室获得的见解，调查新的恶意软件防御能力。