Forgot your password?
typodupeerror
AI Security IT

Georgia Tech Launches "Titan" Malware Analysis System 37

Posted by timothy
from the sir-it's-the-computer dept.
wiredmikey writes "A new malware intelligence system developed at Georgia Tech Research Institute is helping organizations share threat intelligence and work together to understand malware and cyber attacks. Dubbed "Titan", the system lets members submit threat data and collaborate on malware analysis and classification. Unlike some other systems, members contribute data anonymously so no one would know which specific organizations had been affected by a specific attack. Titan users also get reports on malware samples they have submitted, such as the potential harm, the likely source, the best remedy, and the risks posed by the sample. The analysis is based on what GTRI researchers learn by reverse-engineering the malware. The project currently analyzes and classifies an average of 100,000 pieces of malicious code each day and growing. While other information sharing initiatives have been launched, many are by vendors, which sometimes sparks concern that the vendor may have some bias, and may be pushing a certain product. Not the case with Titan."
This discussion has been archived. No new comments can be posted.

Georgia Tech Launches "Titan" Malware Analysis System

Comments Filter:
  • by Anonymous Coward

    so it can be used in ReactOS when everyone on XP switches to it in 2014.

  • by Anonymous Coward on Sunday August 12, 2012 @07:43AM (#40963413)

    The UK Government tried doing this - the IT Security section of CCTA acted as an independent malware clearing house - in the 1990s. They received reports from all the AV companies, merged and anonymised them and then made the cleaned data available to the industry. Then 9/11 happened, the IT Security section of CCTA was closed down and responsibility given to GCHQ, and all interaction with industry was halted....

  • by Anonymous Coward on Sunday August 12, 2012 @08:12AM (#40963489)

    One of the problems is that any company that does malware analysis or is involved in malware considers a malware binary or a malicious URL to be their intellectual property. It is difficult or impossible to have one-directional information sharing with a company like the one that I work for. Even two directional sharing is close to impossible. Examine all of these crowd-sourced projects really closely and you'll find that the information does not flow freely out of these projects as easily as it flows in. Usually the organization behind the project (funding the project) is a company like mine and they are benefiting from the free info that people are volunteering. These projects are thought up as ways to get people to give them malware binaries and more data without giving something back. The way to test is to find out how easy or difficult it is to get this project to give you a feed of their collected data. If they give it to you without much of a fuss (ala Phishtank), they're probably a real collaborative organization. On the other hand, if they make it difficult to impossible to get a data feed (virustotal, anubis), they're a front for one or more security companies. The ones that are especially insidious are the ones associated with universities (anubis). The association with the university adds legitimacy and the look of openness, but really the data still flows in one direction to a corporate entity.

  • Could this be .. (Score:4, Insightful)

    by kestasjk (933987) * on Sunday August 12, 2012 @08:21AM (#40963511) Homepage
    .. the worst /. discussion ever?
  • Slashdot even covered [slashdot.org] something like this over a month ago...CrowdRE is the collaborative model put together by a group called CrowdStrike. The Georgia Tech version sounds like a "me too" thing, if you ask me...and I don't know that I'd trust a university to ensure the functional privacy of something like this either.

    • by kye4u (2686257)
      "The Georgia Tech version sounds like a 'me too' thing" Georgia Tech released its beta version in May. See the FTA or http://www.gatech.edu/newsroom/release.html?nid=132601 [gatech.edu] "I don't know that I'd trust a university to ensure the functional privacy of something" Titan is run by GTRI, which is a non-profit entity. I think that a non-profit entity at a University is more likely to be considerate of privacy issues than a for profit startup, CrowdRE, who has to report to investors that have invested 26 millio
      • by Shoten (260439)

        My concern isn't about motive, but about how effective they'll be at protecting privacy. Whenever I've been involved in projects that are run by an academic body, I find that the security of it suffers. There isn't a lot of money for technical controls, and there isn't usually a lot of operational experience that is needed for solid procedural controls either. Ask any IT security professional who's had to implement security at a college, and you'll also learn that there's vehement opposition to technical

  • Do they provide a breakdown as to the number of malware samples per platform?

If a subordinate asks you a pertinent question, look at him as if he had lost his senses. When he looks down, paraphrase the question back at him.

Working...