On The Fly Detection And Containment Of Unknown Malware And Advanced Persistent Threats

Funded by:Min V&J under project nr. MinVenJ-2011-200039783
Duration:February 2012 until January 2016
Contact:Dr. D. Bolzoni (Damiano)

Advanced Persistent Threats (APTs) are targeted malware devised to get hold of confidential information (e.g., related to national security and/or industrial secrets), and that are usually ''invisible'' to regular anti-virus software and intrusion detection systems (IDSes).


In January 2010, a large attack against Google and other large US-headquartered corporations has been made public. Allegedly, industrial secrets and confidential information about users of mail services have been stolen. In 2011, the RSA corporation has been hacked through the use of a malware hidden within an Excel file sent to various employees. The malware was used to steal the secret seeds of the popular authentication tokens used worldwide.


The Avatar project aims at developing technology for detecting (previously) unknown malware, in particular targeted malware (APTs), and to automatically contain it. We aim at protecting the Windows operating system, the most widely used system nowadays.


The developed tool(s) will also report possible information leakages (in particular, loss of confidentiality) due to the presence of malware. The tool(s) will leverage a combination of anomaly detection techniques, network- and host-based monitors, in order to increase the detection rate.