Data mining approaches in malware analysis

恶意软件分析中的数据挖掘方法

• 批准号: 445231-2012
• 负责人: Fernandez, JoséManuel
• 金额: $ 5.07万
• 依托单位: École Polytechnique de Montréal
• 依托单位国家: 加拿大
• 项目类别: Collaborative Research and Development Grants
• 财政年份: 2014
• 资助国家: 加拿大
• 起止时间: 2014-01-01 至 2015-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=554150
• 关键词: Data; mining; approaches; malware; analysis

In the last few years, as we have increasingly turned to the Internet for business and pleasure, so have cybercriminals and others with malicious intent. Whether it is in large-scale phishing campaigns that indiscriminately target computers and their users worldwide, or sophisticated targeted attacks that aim to compromise confidential information or the integrity of critical systems, the consequences of these actions are profound and severe both from an economical and geopolitical point of view. Unfortunately, our understanding of these phenomena is lacking. While security experts in academia, industry and government have been detecting and analyzing some of these threats, the methods employed often leave us with many unanswered questions with respect to attribution (who is doing it), modus operandi (how they are doing it), and impact (how much are they doing it). Answering these questions is key to be able to design and deploy adequate counter-measures and strategies that will help us abate this plague of our time. This project aims to address this problem by gathering data on malware infections on a massive scale and applying data mining techniques in order to discover hidden patterns that might help us identify who is doing what to whom, how, how much and potentially why. For this we will count on the support and expertise of ESET Canada, the Canadian R&D branch of the anti-virus software company ESET, and the Surete du Quebec, the provincial police force of the Province of Quebec. It is hoped that the analysis methods developed will eventually help industry and government agencies monitor, detect, understand and potentially develop adequate responses to such malicious activities.

在过去的几年里，随着我们越来越多地转向互联网进行业务和娱乐，网络犯罪分子和其他恶意分子也越来越多。 无论是不分青红皂白地针对全球计算机及其用户的大规模网络钓鱼活动，还是旨在损害机密信息或关键系统完整性的复杂有针对性的攻击，从经济和地缘政治的角度来看，这些行动的后果都是深刻而严重的。不幸的是，我们对这些现象缺乏了解。 虽然学术界、工业界和政府的安全专家一直在检测和分析其中的一些威胁，但所采用的方法往往给我们留下许多关于归属（谁在做）、作案手法（他们如何做）和影响（他们做了多少）的未回答的问题。 解决这些问题是能够设计和部署适当的反措施和战略的关键，这些措施和战略将有助于我们减轻我们时代的这一瘟疫。 该项目旨在通过大规模收集有关恶意软件感染的数据并应用数据挖掘技术来解决这一问题，以便发现隐藏的模式，这些模式可能有助于我们识别谁对谁做了什么，如何做，做了多少以及可能为什么做。 为此，我们将依靠反病毒软件公司ESET加拿大研发分支和魁北克省警察部队魁北克的支持和专业知识。 希望开发的分析方法最终将有助于行业和政府机构监测、发现、理解并可能制定适当的对策来应对此类恶意活动。