SPAM: Signal Processing to Analyze Malware

CYBER attacks have risen in recent times. The attack on Sony Pictures by hackers, allegedly from North Korea, has caught worldwide attention. The President of the United States of America issued a statement and “vowed a US response after North Korea’s alleged cyber-attack”.This dangerous malware termed “wiper” could overwrite data and stop important execution processes. An analysis by the FBI showed distinct similarities between this attack and the code used to attack South Korea in 2013, thus confirming that hackers re-use code from already existing malware to create new variants. This attack along with other recently discovered attacks such as Regin, Opcleaver give one clear message: current cyber security defense mechanisms are not sufficient enough to thwart these sophisticated attacks. Today’s defense mechanisms are based on scanning systems for suspicious or malicious activity. If such an activity is found, the files under suspect are either quarantined or the vulnerable system is patched with an update. These scanning methods are based on a variety of techniques such as static analysis, dynamic analysis and other heuristics based techniques, which are often slow to react to new attacks and threats. Static analysis is based on analyzing an executable without executing it, while dynamic analysis executes the binary and studies its behavioral characteristics. Hackers are familiar with these standard methods and come up with ways to evade the current defense mechanisms. They produce new malware variants that easily evade the detection methods. These variants are created from existing malware using inexpensive easily available “factory toolkits” in a “virtual factory” like setting, which then spread over and infect more systems. Once a system is compromised, it either quickly looses control and/or the infection spreads to other networked systems. While security techniques constantly evolve to keep up with new attacks, hackers too change their ways and continue to evade defense mechanisms. As this never-ending billion dollar “cat and mouse game” continues, it may be useful to look at avenues that can bring in novel alternative and/or orthogonal defense approaches to counter the ongoing threats. The hope is to catch these new attacks using orthogonal and complementary methods which may not be well known to hackers, thus making it more difficult and/or expensive for them to evade all detection schemes. This paper focuses on such orthogonal approaches from Signal and Image Processing that complement standard approaches.