The Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks (TARGET) is a research institution operated by the St. Pölten University of Applied Sciences. TARGET is funded by the Christian Doppler Forschungsgesellschaft (CDG) and a number of industry partners.
The mission of the center is to explore novel techniques for detecting and mitigating targeted attacks. The research objective is to develop a unified methodology for the detection and mitigation of this new class of cyber-threats.
Advanced and Targeted Attacks
In recent years, a new generation of threats has emerged. Advanced Persistent Threats (APTs) as well as Advanced Targeted Attacks (ATAs) can be characterized as highly targeted to one specific entity. These types of attacks are driven by different motivations and often cause significantly more damage than bulk attacks; often they are performed for espionage or sabotage and are orchestrated by experts. Several cases in recent history have shown that targeted attacks are sometimes able to perform their malicious activity undiscovered by their victims for many months or even years. The prime example, Stuxnet, which targeted PLCs (programmable logic controller) of sensitive industrial systems, was active for at least 3 years until discovery. It has to be concluded that today’s threat mitigation strategies are not effective against targeted attacks that are increasingly affecting less prominent targets (e.g. industrial espionage targeting smaller companies).
Our research is split into two topical modules. In Module 1, the system layer is researched in partnership with IKARUS Security Software. While today’s malware detection systems analyze files independently from each other and also separately from the underlying system, we aim at developing threat intelligence methodologies that observe the system as a whole and apply formal modeling in conjuncture with the collection, processing and analysis of system state information. The concept of end-point visibility will provide a significantly better understanding of a system’s present – and even more importantly – past state than existing approaches.
In the second module, which will be pursued together with the industry partner CyberTrap, we focus on the software layer. Purposefully placed hidden functionality and code vulnerabilities play an increasingly important role in targeted attack scenarios – especially as an attack’s entry point. However, as several cases in recent history have shown, today’s code analysis technologies are weak against this type of attacks. We aim at developing novel methods for the identification of hidden functionality in software based on concepts from current malware detection research. We further want to analyze the suitability of honeypots for zero-day exploit detection.
Research on these layers will, in combination, form a methodology for unified threat intelligence on targeted attacks. The developed methods will provide pioneering Austrian companies in the area of IT security with the foundations for innovative product development for the next decade. The JR center TARGET will thus contribute to a sustaining competitiveness of Austria’s leading companies in the information security market.