securing the neighbourhood
TRANSCRIPT
Malware detection – past, present and future
Michael Shalyt
SECURING THE NEIGHBORHOOD
� http://cyberparse.co.uk/
BUZZWORD EXPLOSION
PAST
MUGSHOT DATABASE
MUGSHOT DATABASE
BINARY SIGNATURES
BINARY SIGNATURES
BINARY SIGNATURES
POLIMORPHISM
POLIMORPHISM
PRESENT
INDICATORS OF COMPROMISE
IOC DETECTION DOWNSIDES
IOC DETECTION DOWNSIDES
• Which areas do we watch?
IOC DETECTION DOWNSIDES
• Which areas do we watch?
• Some suspicious mechanisms are used by innocent software as well.
IOC DETECTION DOWNSIDES
• Which areas do we watch?
• Some suspicious mechanisms are used by innocent software as well.
• Attackers can see and sometimes circumvent alarms.
INDICATORS OF INTEREST
INDICATORS OF INTEREST
INDICATORS OF INTEREST
INDICATORS OF INTEREST
EMULATION
FUTURE
ANOMALY DETECTION
HONEYNET
MALWARE RESEARCH
MALWARE RESEARCH