Skip to main content
European Commission logo
English English
CORDIS - EU research results
CORDIS
CORDIS Web 30th anniversary CORDIS Web 30th anniversary
Content archived on 2024-06-18

MALCODE: Malicious Code Detection using Emulation

Article Category

Article available in the following languages:

DE EN ES FR IT PL

Defence against computer attacks

There are more computer threats than viruses alone. An EU project helped to protect against one kind, neutralising disguised attacks and compromised documents other systems could miss.

Digital Economy icon Digital Economy

Computer viruses and other malicious software are well known. Attacks that exploit memory corruption vulnerabilities are less famous, but arguably even more dangerous as they can give unrestricted system access. Looking to offer protection was the EU-funded 'Malicious code detection using emulation' (MALCODE) project. Organised under the Marie Curie programme for researcher development, the single-member study ran for three years to the end of June 2013. The aim was to design, develop and evaluate new algorithms for detecting malicious code, based on code emulation. Malware can hide or disguise itself; hence, an advantage of the project's technique is that it detects malicious code by its actions at the machine-instruction level. By examining those actions, the project aimed to establish new principles for detection. The project successfully achieved its aims. Outcomes included two new methods for detection of network-level attacks and malicious PDF documents. The first method involved a shellcode detection technique, and a means of identifying machine-level operations performed by different types of shellcode. In effect, the technique enables detection that other systems could miss. The second detection technique, called MDScan, is a document scanner, similarly able to detect hidden threats embedded in PDF files. The second half of the study resulted in two techniques for attack prevention based on Return Oriented Programming. The method detects hidden threats in data sources such as network traffic or process memory, and provides protection using in-place code randomisation. As a result, defences can be applied to third-party software, but without slowing processor time. Work also contributed to other fields, including network-level traffic monitoring and analysis, and the use of graphics processors for accelerating processing of network traffic. Additionally, the research advanced online privacy issues and investigated the Android operating system environment. MALCODE achieved significant advances in detection of and protection against malicious code threats. As a result, computer and data systems will be more secure.

Keywords

Computer attack, memory corruption, system access, malicious code, code emulation, malware, shellcode

Discover other articles in the same domain of application

Results in Brief
Leveraging satellite data with the help of AI
Digital Economy icon

30 August 2024
News
Scientific advances
Electronic sensors: Smelling like a human nose?
Digital Economy icon
Health icon

25 July 2023
News
Scientific advances
Computers learn Maltese
Digital Economy icon

2 December 2022

Share this page

Download

Last update: 19 December 2014

My Booklet

Permalink: https://cordis.europa.eu/article/id/151321-defence-against-computer-attacks

European Union, 2024