MALWARE DNA PROVINANCE; TRUMP BUILD FIREWALLS, NOT BRICK WALLS.

     

It's widely known that human DNA evidence has had a major impact in the criminal justice system. Now another kind of DNA may have a similar impact in the fight to eradicate malicious software.

Malware DNA, also known as "malware provenance," is the art and science of attributing elements of one object to another object. The technique has applications outside information security -- for example, in genetics, or to test the authorship of student papers.
One way malware writers avoid detection of their programs is to craft polymorphic attacks. They dynamically change the code in their malware just enough to confound antivirus programs. Provenance counters that technique by identifying the amount of similar code in a program, or its "DNA."
Every malware variant has an immutable part derived from its predecessors all the way back to its original malware family.
The technique is not only very accurate, but also very fast. It can identify malware at machine language speeds and even detect zero day malware -- that is, previously unseen malicious programs.

Up to now, malware fighters have been struggling to stem the tide of malware crashing over their systems.
The information security for years has focused on preventing infections, but that's proving to be inadequate in today's threat landscape."That's why now you see things like threat hunting, trying to decrease the dwell time an attacker spends inside your network from the current average of 266 days to a few days or hours."
The next evolution in cyberdefense will be to disrupt an attacker's ability to do what they do and do it at scale, globally and consistently. "Unfortunately, none of the solutions that have been offered by the industry over all these years have been able to do that in any meaningful way." That can change with the use of provenance. With it, even zero day malware -- malware previously unseen by security researchers -- can be stopped in its tracks.
"In reality, all zero day malware is a variance of previously seen malware.
"They're mostly not new malware code -- they're mostly variations of previous malware," "Writing new software takes up time and money so malware authors don't write new software every day, so most malware is a variant of a previous version."
That's where genetics enters the picture. Each variant is like the child of a parent. Just as paternity can be identified with biological DNA, so can malware paternity be identified with coding DNA.
Because it's expensive to write new malware code, provenance can hurt criminals where it hurts the most -- the wallet -- because they won't be able to reuse their malicious code so freely.
PROVENANCE aims at eradicating malware by "disrupting what criminal hackers are doing through economic means without having to throw them in jail.

SOURCE: TechnewsWorld.com