Our research is split into two topical modules. The first module involves research into the system layer in partnership with IKARUS Security Software. Today’s malware detection systems analyse files independently from each other and also separately from the underlying system, so we aim to develop threat intelligence methodologies that focus on systems as a whole and to use modelling in combination with the collection, processing and analysis of system state information. The concept of endpoint visibility will provide a significantly better understanding of a system’s present and – even more importantly – past state than existing approaches.
In the second module, implemented in collaboration with industry partner SEC Consult, we focus on the software layer. Intentionally placed, hidden functionality and code vulnerabilities are playing an increasingly important role in targeted attack scenarios, especially as an entry point for attacks. However, as several recent cases have shown, today’s code analysis technologies are no match for such attacks. Based on concepts from current malware detection research, we aim to develop innovative methods for identifying hidden functionality in software. A further goal is to analyse the suitability of honeypots for zero-day exploit detection.
In tandem, research on these layers will form a methodology for obtaining unified threat intelligence on targeted attacks. The methods developed will lay the foundations for innovative product development by pioneering Austrian IT security companies over the next decade. In this way, TARGET will contribute to safeguarding the competitiveness of Austria's leading companies in the information security market.