• About MTC
• Data Analysis
  • Filters for the Most Prolific BotNet Command and Control Servers
  • Most Aggressive Malware Attack Source Filters
  • Most Aggressively Spreading Malware Binaries
  • Most Effective Antivirus Tools Against New Malware Binaries
  • Most Effective Malware-Related Snort Signatures
  • Most Observed Malware-Related DNS Names
• Malware Community
• Publications
• Recent News Articles
• Research Projects
  • Cyber TA
  • IME

• Cyber TA
• IME

Research Projects

Cyber-TA is an initiative to accelerate the ability of organizations to defend against Internet-scale threats by delivering technology that will enable the next-generation of privacy-preserving digital threat analysis centers. These centers must be fully automatic, scalable to alert volumes and data sources that characterize attack phenomena across millions of IP addresses, and higher fidelity in their ability to recognize attack commonalities, prioritize, and isolate the most critical threats. Cyber-TA brings together leading researchers in large-scale network intrusion defenses with leaders from the information privacy community to develop next-generation wide-area collaborative defense technologies that maximally balance the needs for contributor privacy with the need for rich-content data to drive new threat detection and mitigation systems.

Our project is intended to bring together an established team of researchers from the fields of automated malware forensic analysis, and static and dynamic program analysis and instrumentation. We intend to develop innovative approaches to dynamic honeynet environment configuration based on the extraction of binary logic and data flow extraction and a code segment classification scheme for deconstructing malware program logic into sections critical for behavioral profiling. Our classification scheme will allow us to introduce a new approach to informed malware execution in which some code segments are prioritized for execution based on malware functionality metrics and other segments are flagged for bypass as evasion or self-protection segments. We will develop new runtime binary instrumentation techniques that can control the execution of code segments based on the static analysis phase, while addressing the emerging use of tamper-resistance strategies that can significantly hinder reliable malware assessment. Finally, we will incorporate our static and dynamic instrumentation techniques into a new kind of honeynet strategy that we refer to as an informed execution honeynet.