Detection of Malicious Code

Klieber, Will

Detection of Malicious Code

Active / Technical Report | Accesssion Number: AD1201268 |

Open PDF

Abstract:

Problem: DoD uses much software produced by various supply chains. These supply chains can be compromised by an adversary: Network intrusion; Insider threat. Failing to detect malicious code can be very costly. Detection is currently impractical. Specifically, we aim to detect two types of malicious code: Exfiltration of potentially sensitive information (e.g., keyloggers); Timebombs / logic bombs, Remote-Access Trojans, etc: Calling a potentially sensitive system API call (e.g., writing to a file, starting a new process, etc.) in response to a potentially questionable trigger (e.g., on a specific date, in response to incoming network packets, etc.).

Author(s):

Klieber, Will

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA

Funding Organization(s):

AIR FORCE LIFE CYCLE MANAGEMENT CENTER HANSCOM AFB MA, HANSCOM AFB , MA

Document Type:

Technical Report/Briefing Charts

Publication Date:

2023 Apr 01

Pagination:

33

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:

A - Approved For Public Release

Distribution Statement: Public Release

RECORD

Collection: TRECMS

Identifying Numbers

Contract Number(s):

FA8702-15-D-0002

Subject Terms

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

computer programs, software development, supply chain, engineering, materials, abstracts, detection, insider threats, universities, code injection, computer programming, false alarms, application software, guarantees, sequences

Keyword(s):

Malicious Code detection, information Flow Analysis, ifds (Interprocedural Finite Distributive Subset), ifds algorithm, flow paths, api (APPLICATION PROGRAMMING INTERFACE), Implicit flows

Subject Categories:

Mathematical and Computer Sciences

Creation Date:

2023 May 15

Update Date:

2023 Aug 23