Detection of Malicious Code

Abstract

Problem: DoD uses much software produced by various supply chains. These supply chains can be compromised by an adversary: Network intrusion; Insider threat. Failing to detect malicious code can be very costly. Detection is currently impractical. Specifically, we aim to detect two types of malicious code: Exfiltration of potentially sensitive information (e.g., keyloggers); Timebombs / logic bombs, Remote-Access Trojans, etc: Calling a potentially sensitive system API call (e.g., writing to a file, starting a new process, etc.) in response to a potentially questionable trigger (e.g., on a specific date, in response to incoming network packets, etc.).

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 2023
Accession Number
AD1201268

Entities

People

  • William Klieber

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Weapons Technologies

DTIC Thesaurus Topics

  • Abstracts
  • Application Software
  • Code Injection
  • Computer Programming
  • Computer Programs
  • Department Of Defense
  • Detection
  • Engineering
  • False Alarms
  • Guarantees
  • Insider Threats
  • Instructions
  • Materials
  • Sequences
  • Software Development
  • Supply Chain
  • Universities
  • User Interface

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Cybersecurity.
  • Systems Analysis and Design