TWC: TTP Option: Medium: Collaborative: MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

TWC：TTP 选项：中：协作：马尔代夫：全面了解恶意软件传播机制

• 批准号: 1514472
• 负责人: Venkat Venkatakrishnan
• 金额: $ 55万
• 依托单位: University of Illinois at Chicago
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-10-01 至 2020-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1514472&HistoricalAwards=false
• 关键词: TWC; TTP; Option; Medium; Collaborative

The cybercriminal community is inarguably more organized, better resourced and more motivated than ever to perpetrate massive-scale computer infections across the Internet. The malware distribution systems that they control and operate are characterized by their use of highly specialized suppliers and commoditized malware services. As a consequence of this development, criminals with little technical expertise can deploy and administer sophisticated exploit kits, and instantiate malicious-content advertising (malvertising) campaigns that surreptitiously infect hundreds of thousands of innocent victims. The MALDIVES project is developing a new generation of technologies to provide deeper insights into how these malware distribution systems are deployed, operated, and interlinked with open web sources.The MALDIVES project is organized as a sequence of five attack observation lablets (ATOLLs) which are collectively designed to acquire an in-depth understanding of the key stages in contemporary malware dissemination infrastructures. The Platform Acquisition Observatory (PLATO) is focused on studying the deployment phase of the server-side infection infrastructures. This observatory extends web-application-vulnerability mimicry systems with a dynamic exploit-kit interrogation system, and adds automated intelligence tools to understand subsequent victim infection strategies. The Victim Enticement Scheme Evaluation Lablet (VESSEL) is focused on studying the targeting phase of the malware infection lifecycle. It develops tools and conducts measurements on various enticement schemes, such as Search Engine Optimization (SEO) poisoning and malvertising. The Traffic Redirection Observation Lablet (TROLL) is focused on the delivery phase and builds active and passive techniques to measure malware-related traffic redirection chains. The Exploit Kit Interrogation Environment (EXPLORE) builds automated probes to facilitate the detection and measurement of professionally designed automated infection services. The Defensive Strategies Investigation Lablet (DISTILL) investigates novel malware-defense capabilities based on the insights acquired from prior lablets.

网络犯罪分子社区比以往任何时候都更加有条理，资源更高，积极性更高，以使整个互联网上的大规模计算机感染进行。他们控制和操作的恶意软件分销系统的特征是它们使用高度专业化的供应商和商品化的恶意软件服务。由于这一发展，具有技术专业知识的罪犯几乎可以部署和管理复杂的剥削工具包，并实例化恶意广告广告（恶意广告）运动，这些活动秘密地感染了成千上万的无辜受害者。马尔代夫项目正在开发新一代的技术，以提供更深入的见解，以了解如何部署，操作和与开放的网络来源相互联系。马尔代夫项目是一组五个攻击观察站（原子能）的序列，这些攻击观察板（原子能）集体设计地旨在获得对当代散布式销售的键盘，以实现当代的非洲式企业。 平台采集天文台（PLATO）致力于研究服务器端感染基础架构的部署阶段。 该天文台通过动态的漏洞审讯系统扩展了Web-申请 - 视觉模拟系统，并添加了自动化的情报工具以了解后续的受害者感染策略。 受害者的诱因计划评估板（船只）着重于研究恶意软件感染生命周期的靶向阶段。 它开发了有关各种诱因方案的工具并进行测量，例如搜索引擎优化（SEO）中毒和恶化。 交通重定向观测板（巨魔）集中在交付阶段，并建立了主动和被动的技术，以测量与恶意软件相关的交通重定向链。 利用套件询问环境（Explore）构建了自动探针，以促进对专业设计的自动感染服务的检测和测量。 防御性策略调查板条（Distill）（Distill）根据从先前的Lablets获得的见解来研究新颖的恶意软件防御能力。