Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Saturday October 22 2016, @09:31PM   Printer-friendly
from the sick-computers dept.

Arthur T Knackerbracket has found the following story:

Anti-malware machine and head of the Shellphish DARPA Grand Challenge bronze-medallist team has won US$100,000 from Google for security research efforts.

University of California Santa Barbara doctor Giovanni Vigna landed Google's Security, Privacy and Anti-Abuse award for his long line of research into malware detection.

Google did not specify the specific work for which he was awarded but Dr. Vigna has co-published dozens of papers in the field among some 200 works spanning Android, networking, and web-based attacks.

This year he and a team of colleagues from his university and Northeastern University detailed in the TriggerScope: Towards Detecting Logic Bombs in Android Applications [PDF] how to detect malware logic bombs on Android platforms.

Logic bombs are a complex and highly obscure mechanism to compromise devices and are favoured by well-resourced advanced attackers, including nation-state actors.

The team produced a prototype platform, named Gerscope, that can identify all tested hitherto hidden logic bombs in a first of its kind work that outpaced all current existing static and dynamic analysis tooling.

Paper authors Dr. Vigna and co-authors Dr. Christopher Kruegel, and Dr. Engin Kirda run security research house International Security Lab where a laundry list of academic security work has been published, and have founded anti-malware firm LastLine.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by stormwyrm on Sunday October 23 2016, @02:16AM

    by stormwyrm (717) on Sunday October 23 2016, @02:16AM (#417715) Journal
    Maybe they'd be easy enough for a person to suss out, but when you have to detect such things in an app store with many thousands of apps, that will very rapidly become unworkable. I skimmed through their paper and their approach uses rather interesting heuristics to detect such suspicious code. In general, determining whether or not a particular piece of code does malicious things or not reduces to solving the halting problem, but the class of behaviour that they want to detect is amenable to various heuristics. I suppose that malware authors will try to become more sophisticated in their attempts to hide such mechanisms in their code, but in that game they are the defender rather than the attacker, defending their code from proper scrutiny.
    --
    Numquam ponenda est pluralitas sine necessitate.
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by RamiK on Sunday October 23 2016, @09:40AM

    by RamiK (1813) on Sunday October 23 2016, @09:40AM (#417795)

    But, none of this makes them complex or obscure...

    --
    compiling...
    • (Score: 0) by Anonymous Coward on Sunday October 23 2016, @10:27AM

      by Anonymous Coward on Sunday October 23 2016, @10:27AM (#417805)
      Malware authors will try to make their code more complex in an attempt to obscure what they are really trying to accomplish. Have a look at the Underhanded C Contest [underhanded-c.org] for a feel for the kind of treachery that malware authors try to do in order to make malicious code seem innocuous.