COVERT
NRRP
DEIB Role: Partner
Start date: 2023-01-01
Length: 36 months
Project abstract
An increasing percentage of cyberattacks consist of multiple interconnected components whose harmful effects manifest only under specific conditions, such as particular configurations or vulnerabilities within software components. These sophisticated attacks, known as Advanced Persistent Threats, typically execute malware that remains invisible to traditional detection systems. They often exploit vulnerabilities that remain undetected for extended periods and activate very slowly.
Identifying these advanced attacks is challenging because their execution profiles frequently resemble legitimate activities. Moreover, attackers leaverage specialized components designed explicitly to obfuscate malicious code or evade and mislead analysis and detection tools. The increasing sophistication of cyberattacks significantly complicates detection, necessitating the development of new analytical models and detection methodologies that integrate various complementary approaches.
This project will create a comprehensive threat model linking modern attack techniques and tools to the malicious objectives of attackers. Unlike traditional threats, which allow clear associations between specific code fragments or behaviors and malicious intent, advanced threats distribute malicious code and activities across space and time. Consequently, analysis and detection methods must evolve accordingly. The project aims to define an effective threat model uniquely suited to addressing these sophisticated attacks.
Moreover, the project aims to research and develop advanced methodologies for analyzing software and network traffic, specifically focusing on early vulnerability detection and timely identification of malicious components. This goal will be achieved by integrating static and dynamic analysis models and techniques, supported by artificial intelligence (AI), machine learning (ML), and information gathered through Open Source Intelligence (OSINT). Finally, the project will address the challenges of collecting and managing large datasets from network traffic, software repositories, and binary execution traces.
Identifying these advanced attacks is challenging because their execution profiles frequently resemble legitimate activities. Moreover, attackers leaverage specialized components designed explicitly to obfuscate malicious code or evade and mislead analysis and detection tools. The increasing sophistication of cyberattacks significantly complicates detection, necessitating the development of new analytical models and detection methodologies that integrate various complementary approaches.
This project will create a comprehensive threat model linking modern attack techniques and tools to the malicious objectives of attackers. Unlike traditional threats, which allow clear associations between specific code fragments or behaviors and malicious intent, advanced threats distribute malicious code and activities across space and time. Consequently, analysis and detection methods must evolve accordingly. The project aims to define an effective threat model uniquely suited to addressing these sophisticated attacks.
Moreover, the project aims to research and develop advanced methodologies for analyzing software and network traffic, specifically focusing on early vulnerability detection and timely identification of malicious components. This goal will be achieved by integrating static and dynamic analysis models and techniques, supported by artificial intelligence (AI), machine learning (ML), and information gathered through Open Source Intelligence (OSINT). Finally, the project will address the challenges of collecting and managing large datasets from network traffic, software repositories, and binary execution traces.
