18 June 2014 Proactive malware detection
Author Affiliations +
Abstract
Small-to-medium sized businesses lack resources to deploy and manage high-end advanced solutions to deter sophisticated threats from well-funded adversaries, but evidence shows that these types of businesses are becoming key targets. As malicious code and network attacks become more sophisticated, classic signature-based virus and malware detection methods are less effective. To augment the current malware methods of detection, we developed a proactive approach to detect emerging malware threats using open source tools and intelligence to discover patterns and behaviors of malicious attacks and adversaries. Technical and analytical skills are combined to track adversarial behavior, methods and techniques.

We established a controlled (separated domain) network to identify, monitor, and track malware behavior to increase understanding of the methods and techniques used by cyber adversaries. We created a suite of tools that observe the network and system performance looking for anomalies that may be caused by malware. The toolset collects information from open-source tools and provides meaningful indicators that the system was under or has been attacked. When malware is discovered, we analyzed and reverse engineered it to determine how it could be detected and prevented. Results have shown that with minimum resources, cost effective capabilities can be developed to detect abnormal behavior that may indicate malicious software.
© (2014) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Jonathan Gloster, Jonathan Gloster, Michael Diep, Michael Diep, David Dredden, David Dredden, Matthew Mix, Matthew Mix, Mark Olsen, Mark Olsen, Brian Price, Brian Price, Betty Steil, Betty Steil, } "Proactive malware detection", Proc. SPIE 9097, Cyber Sensing 2014, 909704 (18 June 2014); doi: 10.1117/12.2050215; https://doi.org/10.1117/12.2050215
PROCEEDINGS
13 PAGES


SHARE
RELATED CONTENT

Defense and security of a wireless tactical network
Proceedings of SPIE (August 28 2001)
Type enforcement: the new security model
Proceedings of SPIE (January 19 1996)
A case of reliable remote functionality
Proceedings of SPIE (July 15 2008)
Bot armies as threats to network security
Proceedings of SPIE (April 09 2007)
NSL: a network-security-oriented language
Proceedings of SPIE (February 08 2005)

Back to Top