Communications of the ACM
Stopping Malware
Credit: iStockPhoto.com
Attempted cyberattacks appear innocuous. Emails that seem to be from a friend or popular retailer could actually be criminals hoping to steal an email address, credit card number, social security number, or intellectual property. When they happen to a company, the attacks can cost millions of dollars.
Through malware (malicious software), criminals have been responsible for data breaches across the United States, leaving companies scrambling to shore up their cybersecurity defenses and prevent future attacks. The U.S. Department of Homeland Security Science and Technology Directorate Cyber Security Division has made it a top priority to develop tools to prevent these malware attacks before they can do harm.
"Our aim is to work with our private sector partners to protect the nation's critical infrastructure systems and commercial marketplace," says Douglas Maughan, director of the Science and Technology Directorate (S&T) Cyber Security Division (CSD). "Showcasing and, most importantly, transitioning these technologies into the commercial market will be impactful to all organizations engaged in securing cyberspace and protecting various organizations such as government, public utilities, and healthcare."
One of these technologies is the Federated Malware Analysis System (FMAS), CSD-funded tools aimed at countering the strengths of a malware attacker. Many malware analysis solutions "cluster" malware behaviors into "families." The FMAS tools are used to detect malware based on how they respond in an environment.
Additionally, CSD is working with several malware detection technologies through its Transition to Practice (TTP) program, which identifies government-funded technologies being developed in the lab that have the potential to improve the U.S.'s cybersecurity posture. In 2015, S&T introduced two technologies — which joined three of TTP's existing technologies in addressing malware. CSD will introduce one of the solutions at the TTP Technology Demonstration Day for Investors, Integrators, and IT Companies – West in Santa Clara, Calif.
"We are looking forward to taking these technologies on the road because we know these solutions can impact the cyber landscape that the Department is working to protect," says Michael Pozmantier, transition to practice program manager for S&T CSD. "These events allow us to develop partnerships with the cyber-operations and business community — ultimately helping to accelerate transition."
The two newer technologies, AMICO and ZeroPoint — both featured in the 2015 TTP Technology guide — aim to send malware alerts in real time, classify malware for future attacks, and inspect data to identify what the malware aims to do, then stop it before it does harm.
CodeDNA approaches malware detection using bioinformatics in order to learn the unique attributes of malicious code and find other instances where the code is used. Hyperion, recently licensed for commercialization to R&K Cyber Solutions LLC, mathematically calculates the behavior of software allowing companies to thoroughly test and validate their software. MLSTONES also uses bioformatics and quickly categorizes data and compares attributes of the data to determine if it poses a threat.
No entries found