An architecture for Concordia

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Cyber criminals work hard to obfuscate and eliminate the presence and intent of their invasive and destructive tools. A computer's memory and file system may contain the critical residual clues necessary to discover the details behind a malicious intrusion. Automated forensic identification of malware is primarily achieved using primitive string matching and heuristics; human analysis of digital evidence is usually labor-intensive. Concordia dissects executable artifacts into variable-sized, overlapping byte sequences. Then, un-supervised and supervised learning techniques are applied using a distributed architecture to extract useful features, identify isomorphic sequences, and add context to the clues that remain. Ultimately, the system will be an analysis force multiplier improving our detection and predication capabilities.

Original languageEnglish
Title of host publication7th Annual Cyber Security and Information Intelligence Research Workshop
Subtitle of host publicationEnergy Infrastructure Cyber Protection, CSIIRW11
DOIs
StatePublished - 2011
Event7th Annual Cyber Security and Information Intelligence Research Workshop: Energy Infrastructure Cyber Protection, CSIIRW11 - Oak Ridge, TN, United States
Duration: Oct 12 2011Oct 14 2011

Publication series

NameACM International Conference Proceeding Series

Conference

Conference7th Annual Cyber Security and Information Intelligence Research Workshop: Energy Infrastructure Cyber Protection, CSIIRW11
Country/TerritoryUnited States
CityOak Ridge, TN
Period10/12/1110/14/11

Keywords

  • D.2.6 [Security and Protection]: Invasive Software-forensics
  • H.3.4 [Systems and Software]: Distributed Systems
  • I.2.6 [Learning]: Knowledge Acquisition

Fingerprint

Dive into the research topics of 'An architecture for Concordia'. Together they form a unique fingerprint.

Cite this