Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Researchers eye machines to analyze malware
Robert Lemos, SecurityFocus 2006-06-08

The reliance on humans for analyzing malware bothers Thomas Dullien.

Comments Mode:
Researchers eye machines to analyze malware 2006-06-09
Mel Morris
There can be no doubt that the volumes of malicious code now being developed and distributed demands a fresh and automated approach. Security Vendor's research teams are already overwhelmed with the backlog of potentially high-risk samples growing daily.

There are indeed many different technologies that fall into the automated malware research category. These include sophisticated Sandboxing, Run-time event analysis, Code mapping, Reverse Engineering, Emulation and Pattern matching.

After considerable research Prevx has developed a hybrid approach to automated malware research and classification that combines code decryption, run-time event analysis, code genetics and software relationship correlation.

Our code decryption technology provides valuable data which can be used to determine a program's underlying mission. Our Prevx1 agent can gather more than 120 run-time events that can be used to determine malicious intent, propagation techniques, persistence and removal resilience. During the last twelve months we have collected and correlated the behavior and relationships of more than 23 millions software objects. This vast array of data is proving extremely powerful in identifying new and mutating malicious code, and in ruling out the vast number of benign objects that often produce false positives using other technologies.

Our M-Ai (Malware- Artificial intelligence) engine analyses software objects at very high speed, classifies them as malicious or benign and groups them by malware family, risk, or malware type and automatically generates extensive documentation to support human analysis/verification if required.

M-Ai is currently only available to Security vendors. We plan to offer an online service for major enterprises and security professionals later this month.

We are very pleased to see more focus on this critical evolution in security research and welcome technical discussions with security vendors and analysts who, like Prevx, would like to accelerate developments in this area.

Together we can make the Internet a much safer place.

Mel Morris

CEO

Prevx

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11395/33889#33889




 

Privacy Statement
Copyright 2009, SecurityFocus