Know your Enemy: Malware Authorship Attribution

Presented by Natalia Stakhanova at the Atlantic Security Conference 2018

Since the first computer virus hit the DARPA network in the early 1970s, the security community interest revolved around ways to expose identities of malware writers. Knowledge of the adversary’s identity promised additional leverage to security experts in their ongoing battle against perpetrators. At the dawn of computing era, when malware writers and malicious software were characterized by the lack of experience and relative simplicity, the task of uncovering the identities of virus writers was more or less straightforward. Manual analysis of source code often revealed personal, identifiable information embedded by authors themselves. But these times have long gone. Modern days’ malware writers extensively use numerous malware code generators to mass produce new malware variants and employ advanced obfuscation techniques to hide their identities. As a result the work of security experts trying to uncover the identities of malware writers became significantly more challenging and time consuming. With introduction of more and more advanced obfuscation techniques and malware writing kits, we face the challenging questions: Is it even feasible to reveal adversary’s identity? In this talk, we will explore this question in the context of authorship attribution research. Well-established in social science, authorship attribution offers a broad spectrum of techniques that allow author’s characterization based on the analysis of the textual features of documents and an author’s writing style. Drawing analogy between literature and software domain, in this talk we investigate our ability to attribute malware code.

Natalia Stakhanova is an Assistant Professor and the New Brunswick Innovation Research Chair in Cyber Security at the University of New Brunswick, Canada. Her work revolves around building secure systems and includes mobile security, IoT security, software obfuscation & reverse engineering, and malicious software. Working closely with industry on a variety of R&D projects, she developed a number of technologies that resulted in 3 patents in the field of computer security. Natalia Stakhanova is the recipient of the UNB Merit Award, the McCain Young Scholar Award and the Anita Borg Institute Faculty Award. She is a strong advocate of Women in IT and co-founder of CyberLaunch Academy, an initiative that aims to promote science and technology among children.

 

Running time: Less than 40 minutes