Our research is split into two topical modules. In Module 1, the system layer is researched in partnership with IKARUS Security Software. While today’s malware detection systems analyze files independently from each other and also separately from the underlying system, we aim at developing threat intelligence methodologies that observe the system as a whole and apply formal modeling in conjuncture with the collection, processing and analysis of system state information. The concept of end-point visibility will provide a significantly better understanding of a system’s present – and even more importantly – past state than existing approaches.
In the second module, which will be pursued together with the industry partner SEC Consult, we focus on the software layer. Purposefully placed hidden functionality and code vulnerabilities play an increasingly important role in targeted attack scenarios – especially as an attack’s entry point. However, as several cases in recent history have shown, today’s code analysis technologies are weak against this type of attacks. We aim at developing novel methods for the identification of hidden functionality in software based on concepts from current malware detection research. We further want to analyze the suitability of honeypots for zero-day exploit detection.
Research on these layers will, in combination, form a methodology for unified threat intelligence on targeted attacks. The developed methods will provide pioneering Austrian companies in the area of IT security with the foundations for innovative product development for the next decade. The JR center TARGET will thus contribute to a sustaining competitiveness of Austria's leading companies in the information security market.