MalPloy - Toward Automated Synthesis of Malware Deception Playbook for Active Cyber Defense
Abstract
In this project, we propose a novel approach and tool implementation, called MalPloy, for accomplishing the following goals: (1) developing a deception-oriented malware symbolic execution analysis engine that is capable of extracting deception parameters that are reconfigurable or misrepresentablein the cyber environment, yet the malware depends on to achieve its goals, (2) mapping these parameters and their corresponding APIs to high level TTP abstraction to understand the tactical malware goals, (3) selecting the optimal deception parameters to achieve the deception goal, (4) analyzing the deception parameters interdependency to construct the valid deception ploys, and (5)constructing dynamically the most cost-effective and scalable Deception Playbook based on the ploys, and (6) translating and orchestrating the deception Playbook into configuration actions to construct a run-time malware deception environment.
Document Details
- Document Type
- DoD Grant Award
- Publication Date
- Apr 06, 2021
- Source ID
- N000142112171
Entities
People
- Ehab S. Al-Shaer
Organizations
- Carnegie Mellon University
- Office of Naval Research
- United States Navy