- Services & Solutions
- Clients & Partners
Eureka Malware Analysis Internet Service
Cyber attackers have become increasingly stealthy in attempting to harm computer systems for financial gain or other reasons. Security administrators and analysts are often challenged to spot the cyber-footprints of an attack attempt.
Exhaustive countermeasures can demand an intense investment in skilled surveillance. With that in mind, researchers at SRI, Georgia Tech, and the University of Texas at Austin have devised Eureka, a free online service to evaluate whether further detailed analysis is warranted. This method rapidly images process steps undertaken by suspected malware.
The Eureka service automatically annotates and transforms packages of suspected malicious code. This allows the rough outlines of program logic flow and actions to be traced, which in turn allows for the piercing of multilayered concealment.
When malicious software is downloaded onto a computer, its process flow is often to
- Unpack the code
- Decrypt functions
- Execute the logic through interfacing with the computer’s operating system, a database, or similar application
Eureka detects such steps and maps out a structure of the intended software operation. By painting a comprehensive picture of program logic, the service assists post-processing and evaluation by security analysts.
The Eureka framework relies on statistical methods to determine which aspects of software operation to image. Tests against the known malware worm Storm, for example, show Eureka is successful against the majority of software packaging layers used by malware, and has a competitive runtime performance.
Eureka’s development was funded by the U.S. Army Office of Research and the National Science Foundation.