SaTC: CORE: Small: SOFIA: Finding and profiling malware source-code in public archives at scale

SaTC：核心：小型：SOFIA：大规模在公共档案中查找和分析恶意软件源代码

• 批准号: 2132642
• 负责人: Michalis Faloutsos
• 金额: $ 50万
• 依托单位: University of California-Riverside
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2132642&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; SOFIA; Finding

This project develops methods and tools for identifying and profiling malware source code from public software archives. The project is motivated by the following insight: software archives, like GitHub, host a surprisingly large number of publicly-accessible malware repositories, where a "malware repository" refers to repositories that provide the source-code for compiling a working malware binary (effectively the malware author's software project). This constitutes a huge missed opportunity: GitHub alone has more than 32 million public repositories and there are many similar software platforms. The project’s novelties are: (a) novel methods to extract and profile malware source code effectively and at scale, and (b) the largest annotated malware source code database. Ultimately, the project provides a key building block for fighting malware: security research could greatly benefit from an extensive database of malware source code, which is currently unavailable. The project's broader significance and importance are it can help build a preventive system against malware. This capability enables an early detector of malware and its creation within the hacker ecosystem, which can provide critical insights into the activities of the hackers in advance, and possibly before an infection or an attack takes place.From a technical point of view, the project develops methods to: (a) systematically mine these repositories, and (b) study and profile the malware and the related hacking ecosystem. Preliminary research has identified more than 7000 GitHub malware source code repositories and many highly-collaborative communities with hundreds of malware authors. A key novelty is that repositories are described with a comprehensive set of features along three dimensions: (a) metadata, such as title and description, (b) the source code and its structure, and (c) the social context, which captures the interactions among authors and repositories. The second key novelty is algorithmic, as the project develops new approaches and also evaluates and adapts: (a) state of the art data-mining techniques, such as word embedding, (b) code-specific profiling techniques, and (c) techniques for the describing the interactions of authors, such as a novel recursive tensor decomposition.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目开发用于从公共软件档案中识别和分析恶意软件源代码的方法和工具。该项目的动机是：软件档案，如GitHub，托管着数量惊人的大量可公开访问的恶意软件存储库，其中的“恶意软件存储库”是指提供用于编译有效的恶意软件二进制代码的存储库(实际上是恶意软件作者的软件项目)。这构成了一个巨大的错失机会：仅GitHub一家就拥有超过3200万个公共存储库，还有许多类似的软件平台。该项目的新颖性是：(A)有效和大规模地提取和分析恶意软件源代码的新方法，以及(B)最大的带注释的恶意软件源代码数据库。最终，该项目为打击恶意软件提供了一个关键的构建块：安全研究可以极大地受益于一个广泛的恶意软件源代码数据库，而这个数据库目前还无法获得。该项目的更广泛的意义和重要性是，它可以帮助建立一个防范恶意软件的系统。这一能力使恶意软件及其在黑客生态系统中的创建能够及早检测，这可以提前提供对黑客活动的关键洞察，并可能在感染或攻击发生之前提供。从技术角度来看，该项目开发方法来：(A)系统地挖掘这些存储库，以及(B)研究和描述恶意软件和相关的黑客生态系统。初步研究已经确定了超过7000个GitHub恶意软件源代码存储库和许多与数百名恶意软件作者高度协作的社区。一个重要的新奇之处是，存储库是通过三个维度的一组全面的特征来描述的：(A)元数据，如标题和描述，(B)源代码及其结构，以及(C)社会上下文，它捕获了作者和存储库之间的交互。第二个关键的新颖性是算法，因为该项目开发了新的方法，也评估和适应：(A)最先进的数据挖掘技术，如单词嵌入，(B)代码特定的剖析技术，以及(C)描述作者交互的技术，如新的递归张量分解。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Unveiling A Hidden Risk: Exposing Educational but Malicious Repositories in GitHub

揭露隐藏风险：在 GitHub 中暴露教育性但恶意的存储库

• 发表时间: 2023
• 期刊: ACM SIGKDD poster session
• 作者: Masud, Md Rayhanul;Faloutsos, Michalis
• 通讯作者: Faloutsos, Michalis

PIMan: A Comprehensive Approach for Establishing Plausible Influence among Software Repositories

• DOI: 10.1109/asonam55673.2022.10068629
• 发表时间: 2022-11
• 期刊: 2022 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)
• 作者: Md Omar Faruk Rokon;Risul Islam;Md Rayhanul Masud;M. Faloutsos

URLytics: Profiling Forum Users from their Posted URLs

URLytics：通过发布的 URL 分析论坛用户

• DOI: 10.1109/asonam55673.2022.10068682
• 发表时间: 2022
• 期刊: IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining
• 作者: Treves, Ben;Masud, Md Rayhanul;Faloutsos, Michalis
• 通讯作者: Faloutsos, Michalis

Repo2Vec: A Comprehensive Embedding Approach for Determining Repository Similarity

Repo2Vec：确定存储库相似性的综合嵌入方法

• DOI: 10.1109/icsme52107.2021.00038
• 发表时间: 2021
• 期刊: IEEE International Conference on Software Maintenance and Evolution (ICSME
• 作者: Rokon, Md Omar;Yan, Pei;Islam, Risul;Faloutsos, Michalis
• 通讯作者: Faloutsos, Michalis

HyperMan: detecting misbehavior in online forums based on hyperlink posting behavior

• DOI: 10.1007/s13278-022-00943-3
• 发表时间: 2022-08
• 期刊: Social Network Analysis and Mining
• 影响因子: 2.8
• 作者: Risul Islam;Ben Treves;Md Omar Faruk Rokon;M. Faloutsos