Researchers from three universities and the U.S. Army Research Laboratory (ARL) are trying to address the problem of identifying authors of malicious code and software.
At the recent Chaos Computer Congress in Hamburg, Germany, Princeton University researcher Aylin Caliskan-Islam presented a code stylometry study, which examined samples from 1,600 coders. With 94-percent accuracy, a machine-learning algorithm could determine the author of a particular code excerpt.
The team of researchers also examined executable binary authorship using a novel set of features, such as decompiling the executable binary to source code, according to their recent paper. Along with Caliskan-Islam, the team includes Fabian Yamaguchi from the University of Gottingen and Edwin Dauber from Drexel University.
"Attribution is a real challenge [as opposed to detection], as it is done manually by experts who have to reconcile forensics following an attack," says Richard Harang, ARL network security researcher and technical lead. "We are developing a toolkit to make it a lot faster and cheaper to support analysts in identifying bad actors."
A limitation is success depends on having existing samples from potential authors and malware authors' ability to mask software.
From U.S. Army Research Laboratory
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found