On the Frontier of Malware Research

As malware becomes more pervasive and sophisticated, organizations are struggling to keep up. Unfortunately, conventional methods that depend on identifying code and recognizing set patterns and behavior are increasingly ineffective.

Georgia Tech’s Research Horizon’s magazine recently ran an article, “Preventing the Click Up,” that offered some intriguing insights into the information security arms race and the emerging technologies designed to thwart malware.

Researchers at the university and elsewhere are focusing their efforts on a number of techniques and initiatives. They include:

Aesop: This malware detection algorithm analyzes relationships with peer files using locality-sensitive hashing and graph mining. The method, which determines whether a specific file is good or bad, identifies 99 percent of benign files and 79 percent of malicious files a week earlier than current state-of-the-art technology.

Apiary: The automated malware intelligence system allows members to anonymously submit suspicious files for fast analysis and receive up-to-the-minute information about attacks on other organizations. The initiative currently has more than 120 members, including Fortune 500 firms, nonprofits, academic institutions and government agencies.

BlackForest: This open-source intelligence system crawls the dark Web to collect information and identify possible attacks. Among other things, the system can link personas from multiple chat rooms. Researchers are adding machine-learning models to BlackForest in order to further improve detection.

Latentgesture: The technique uses touch ID to authenticate for mobile devices, but it takes things a step further by constantly comparing the ID with the person using the device at any given moment.

Phoneprinting: About one in 3,000 calls to a financial call center originate from professional criminals attempting to commit fraud. Researchers claim this tool catches 90 percent of these crooks. This audio fingerprinting technology, now available from commercial service Pindrop, verifies the identity of callers and the type of device being used.

Phoneypot: This technology creates a honeypot for voice-channel villains and dissects their methods of exploitation so that it can better understand and thwart attack methods.

Side-Channel Security: Eavesdroppers can capture electro-magnetic signals and use them to learn passwords and encryption codes. This technique examines signals—including acoustic emissions and power fluctuations emitted by computers and mobile phones—in order to boost protection.

Taiga: This new architecture, designed by researchers at Georgia Tech and Virginia Tech, thwarts cyber-attacks on physical targets by providing system stability regardless of other events occurring within a computational system.