Sign In

Communications of the ACM

ACM TechNews

Malicious Coders Will Lose Anonymity as Identity-Finding Research Matures

View as: Print Mobile App Share:
U.S. Army Research Laboratory network security and academic researchers are in search of a tool kit that may one day help analysts to identify malware authors more quickly.

Researchers from three universities and the U.S. Army are trying to help identify authors of malicious code and software.

Credit: U.S. Army Research Laboratory

Researchers from three universities and the U.S. Army Research Laboratory (ARL) are trying to address the problem of identifying authors of malicious code and software.

At the recent Chaos Computer Congress in Hamburg, Germany, Princeton University researcher Aylin Caliskan-Islam presented a code stylometry study, which examined samples from 1,600 coders. With 94-percent accuracy, a machine-learning algorithm could determine the author of a particular code excerpt.

The team of researchers also examined executable binary authorship using a novel set of features, such as decompiling the executable binary to source code, according to their recent paper. Along with Caliskan-Islam, the team includes Fabian Yamaguchi from the University of Gottingen and Edwin Dauber from Drexel University.

"Attribution is a real challenge [as opposed to detection], as it is done manually by experts who have to reconcile forensics following an attack," says Richard Harang, ARL network security researcher and technical lead. "We are developing a toolkit to make it a lot faster and cheaper to support analysts in identifying bad actors."

A limitation is success depends on having existing samples from potential authors and malware authors' ability to mask software.

From U.S. Army Research Laboratory
View Full Article


Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account