TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

TWC：TTP 选项：中：协作：马尔代夫：全面了解恶意软件传播机制

• 批准号: 1514472
• 负责人: Venkat Venkatakrishnan
• 金额: $ 55万
• 依托单位: University of Illinois at Chicago
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-10-01 至 2020-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1514472&HistoricalAwards=false
• 关键词: TWC; TTP; Option; Medium; Collaborative

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services. As a consequence of this development, criminals with little technical expertise can deploy and administer sophisticated exploit kits, and instantiate malicious-content advertising (malvertising) campaigns that surreptitiously infect hundreds of thousands of innocent victims. The MALDIVES project is developing a new generation of technologies to provide deeper insights into how these malware distribution systems are deployed, operated, and interlinked with open web sources.The MALDIVES project is organized as a sequence of five attack observation lablets (ATOLLs) which are collectively designed to acquire an in-depth understanding of the key stages in contemporary malware dissemination infrastructures. The Platform Acquisition Observatory (PLATO) is focused on studying the deployment phase of the server-side infection infrastructures. This observatory extends web-application-vulnerability mimicry systems with a dynamic exploit-kit interrogation system, and adds automated intelligence tools to understand subsequent victim infection strategies. The Victim Enticement Scheme Evaluation Lablet (VESSEL) is focused on studying the targeting phase of the malware infection lifecycle. It develops tools and conducts measurements on various enticement schemes, such as Search Engine Optimization (SEO) poisoning and malvertising. The Traffic Redirection Observation Lablet (TROLL) is focused on the delivery phase and builds active and passive techniques to measure malware-related traffic redirection chains. The Exploit Kit Interrogation Environment (EXPLORE) builds automated probes to facilitate the detection and measurement of professionally designed automated infection services. The Defensive Strategies Investigation Lablet (DISTILL) investigates novel malware-defense capabilities based on the insights acquired from prior lablets.

毫无疑问，网络犯罪群体比以往任何时候都更有组织、更有资源、更有动力在互联网上进行大规模的计算机感染。他们控制和运营的恶意软件分发系统的特点是使用高度专业化的供应商和商品化的恶意软件服务。作为这种发展的结果，几乎没有技术专业知识的犯罪分子可以部署和管理复杂的利用工具套件，并实例化恶意内容广告(恶意广告)活动，从而秘密感染数十万无辜受害者。马尔代夫项目正在开发新一代技术，以更深入地了解这些恶意软件分发系统是如何部署、运行并与开放的Web源相互链接的。马尔代夫项目由五个攻击观察台(环礁)组成，共同设计以深入了解当代恶意软件传播基础设施的关键阶段。平台收购观察站(柏拉图)专注于研究服务器端感染基础设施的部署阶段。该观察站使用动态利用工具包询问系统扩展了Web应用程序漏洞模拟系统，并增加了自动化情报工具来了解后续的受害者感染策略。受害者引诱计划评估Lablet(VEVER)专注于研究恶意软件感染生命周期的目标阶段。它开发各种工具，并对各种引诱计划进行测量，如搜索引擎优化(SEO)中毒和恶意广告。流量重定向观察Lablet(TROLL)专注于交付阶段，并构建主动和被动技术来测量与恶意软件相关的流量重定向链。利用工具包询问环境(EXPLOVER)构建了自动探头，以便于检测和测量专业设计的自动感染服务。防御策略调查Lablet(Distilte)基于从以前的Lablet获得的见解调查新的恶意软件防御能力。