Posts Tagged ‘detection’

Temporal Search: Detecting Hidden Malware Timebombs with Virtual Machines

Friday, March 14th, 2008

Imagine that a new worm is released at 10pm and that after half an hour has infected a few thousands of computers (10.30pm). Suppose that the goal of this worm is to coordinate a DDoS attack against a critical information system, such as root DNS servers, at 11.30pm. Suppose also that we can avert this attack if we knew about it half an hour before. Are 30 minutes enough for humans to analyze the worm and find out its malicious goal? I believe not.

So we need a way to automatically analyze the above worm, find the time that this attack will take place and the details of the attack (DDoS against root DNS servers). Crandall et al. propose a framework to automate the process of finding the time that the attack will take place. Although manual analysis is required for finding out the details of the attack, this is a step to the right direction.

To be more specific, the authors propose a novel virtual-machine based analysis technique for automating the process of discovering the timetable of a piece of malware. The obvious advantage of automating this process is that it requires less time than careful human analysis. Given that malware is expected to spread faster and faster in the years to come, such information provide invaluable assistance defending against malware.

The main contributions of this paper is that it proposes a framework for a problem space nobody has looked at the past and that it identifies many of the challenges in this new problem space.

Source: Temporal Search: Detecting Hidden Malware Timebombs with Virtual Machines, Jedidiah R. Crandall, Gary Wassermann, Daniela A. S. de Oliveira, Zhendong Su, S. Felix Wu, and Frederic T. Chong.