Big-code early threat detection by approximate similarity analysis

Starting date
March 1, 2017
Duration (months)
24
Departments
Computer Science
Managers or local contacts
Dalla Preda Mila

The project ASPIS is intended to provide early detection technologies for cyber threats coming from massive malware attacks at medium-large enterprises. The idea of ASPIS is apply big-code analytics to determine similarities among different threats. When large collection of data concerns repositories of unstructured, poorly documented and raw binary or bytecode we are dealing with big-code. Code viewed as data combines intensional and extensional features. The first deals with how the code is written and hides its origins: from where it has been taken and which transformations have been applied to it in order to obfuscate its structure. The second hides the true threat, which is its semantics/behaviour as malware. Both these aspects have to be considered in order to trace cheats, discover similarities between attacks and provide early detection technologies for security. ASPIS is intended to develop these technologies for the specific case of android malware. The main result of ASPIS is the development of a byte juicer capable of approximating the semantics of android malware. An efficient query system will be developed in order to mine large data bases of byte-juices and immediately detect similarities and trace back their phylogenesis.

Project participants

Mila Dalla Preda
Temporary Assistant Professor

Activities

Research facilities