IT infrastructures and networks of even smaller companies are exposed to a variety of threats. The JR Centre is developing a methodology for the holistic detection of targeted attacks at system and software level.
Until recently, both research and industry have focused almost entirely on the detection and prevention of large-scale, mostly untargeted threats, based on the assumption that a malicious programme threatens thousands or even millions of systems. Once its malware signature has been identified, it is recognised and eliminated by anti-virus scanners on all other infected systems.
In recent years, however, threats have developed that are strongly focussed on one target and have various underlying motives. Often these potentially dangerous attacks are used for espionage or sabotage and are led by experts. Today's protective measures are not effective against targeted attacks and so they often remain completely undetected for several months and sometimes even years.
The mission of the JR Centre TARGET is to research novel techniques for threat analysis of targeted attacks. Module 1 focusses on the system level. While today's malware detection systems analyse individual files independently of each other and the underlying system, the JR Centre is developing methods that look at the system as a whole and enable a significantly better understanding of past and current system states.
The second Module looks at the software level. Intentionally added hidden functionality as well as conventional vulnerabilities are playing an increasingly important role in targeted attacks as a starting point for attacks. Today's programme code analysis techniques often provide poor protection against these attacks. Therefore, new methods for identifying hidden functionality in software are being developed. There are also plans to investigate the suitability of the concept of honeypots (servers that are specially installed upstream of the actual server to recognise attacks) for detecting attacks on previously unknown vulnerabilities (zero-day exploits).
The combination of the two modules results in a methodology for the holistic detection of targeted attacks. The research results will serve as the basis for future innovative product developments in the field of information security.
Boltzmanngasse 20/1/3 | 1090 Wien | Tel: +43 1 5042205 | Fax: +43 1 5042205-20 | office@cdg.ac.at