TY - GEN
T1 - An architecture for Concordia
AU - Carter, Jason
PY - 2011
Y1 - 2011
N2 - Cyber criminals work hard to obfuscate and eliminate the presence and intent of their invasive and destructive tools. A computer's memory and file system may contain the critical residual clues necessary to discover the details behind a malicious intrusion. Automated forensic identification of malware is primarily achieved using primitive string matching and heuristics; human analysis of digital evidence is usually labor-intensive. Concordia dissects executable artifacts into variable-sized, overlapping byte sequences. Then, un-supervised and supervised learning techniques are applied using a distributed architecture to extract useful features, identify isomorphic sequences, and add context to the clues that remain. Ultimately, the system will be an analysis force multiplier improving our detection and predication capabilities.
AB - Cyber criminals work hard to obfuscate and eliminate the presence and intent of their invasive and destructive tools. A computer's memory and file system may contain the critical residual clues necessary to discover the details behind a malicious intrusion. Automated forensic identification of malware is primarily achieved using primitive string matching and heuristics; human analysis of digital evidence is usually labor-intensive. Concordia dissects executable artifacts into variable-sized, overlapping byte sequences. Then, un-supervised and supervised learning techniques are applied using a distributed architecture to extract useful features, identify isomorphic sequences, and add context to the clues that remain. Ultimately, the system will be an analysis force multiplier improving our detection and predication capabilities.
KW - D.2.6 [Security and Protection]: Invasive Software-forensics
KW - H.3.4 [Systems and Software]: Distributed Systems
KW - I.2.6 [Learning]: Knowledge Acquisition
UR - http://www.scopus.com/inward/record.url?scp=84862847969&partnerID=8YFLogxK
U2 - 10.1145/2179298.2179353
DO - 10.1145/2179298.2179353
M3 - Conference contribution
AN - SCOPUS:84862847969
SN - 9781450309455
T3 - ACM International Conference Proceeding Series
BT - 7th Annual Cyber Security and Information Intelligence Research Workshop
T2 - 7th Annual Cyber Security and Information Intelligence Research Workshop: Energy Infrastructure Cyber Protection, CSIIRW11
Y2 - 12 October 2011 through 14 October 2011
ER -