18 June 2014 Proactive malware detection
Author Affiliations +
Small-to-medium sized businesses lack resources to deploy and manage high-end advanced solutions to deter sophisticated threats from well-funded adversaries, but evidence shows that these types of businesses are becoming key targets. As malicious code and network attacks become more sophisticated, classic signature-based virus and malware detection methods are less effective. To augment the current malware methods of detection, we developed a proactive approach to detect emerging malware threats using open source tools and intelligence to discover patterns and behaviors of malicious attacks and adversaries. Technical and analytical skills are combined to track adversarial behavior, methods and techniques.

We established a controlled (separated domain) network to identify, monitor, and track malware behavior to increase understanding of the methods and techniques used by cyber adversaries. We created a suite of tools that observe the network and system performance looking for anomalies that may be caused by malware. The toolset collects information from open-source tools and provides meaningful indicators that the system was under or has been attacked. When malware is discovered, we analyzed and reverse engineered it to determine how it could be detected and prevented. Results have shown that with minimum resources, cost effective capabilities can be developed to detect abnormal behavior that may indicate malicious software.
© (2014) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Jonathan Gloster, Jonathan Gloster, Michael Diep, Michael Diep, David Dredden, David Dredden, Matthew Mix, Matthew Mix, Mark Olsen, Mark Olsen, Brian Price, Brian Price, Betty Steil, Betty Steil, "Proactive malware detection", Proc. SPIE 9097, Cyber Sensing 2014, 909704 (18 June 2014); doi: 10.1117/12.2050215; https://doi.org/10.1117/12.2050215

Back to Top