We established a controlled (separated domain) network to identify, monitor, and track malware behavior to increase understanding of the methods and techniques used by cyber adversaries. We created a suite of tools that observe the network and system performance looking for anomalies that may be caused by malware. The toolset collects information from open-source tools and provides meaningful indicators that the system was under or has been attacked. When malware is discovered, we analyzed and reverse engineered it to determine how it could be detected and prevented. Results have shown that with minimum resources, cost effective capabilities can be developed to detect abnormal behavior that may indicate malicious software.
ACCESS THE FULL ARTICLE
Jonathan Gloster, Michael Diep, David Dredden, Matthew Mix, Mark Olsen, Brian Price, Betty Steil, "Proactive malware detection," Proc. SPIE 9097, Cyber Sensing 2014, 909704 (18 June 2014);