PAAM - Privacy Aware Anti Malware (n. P20225J5YS)
Type
PRIN 2022 PNRR, D.D. n. 1409 del 14 settembre 2022
CUP
C53D23007920001
Principal Investigator
Corrado Aaron Visaggio - Università degli Studi del Sannio di Benevento
Other research units
UO1 - Corrado Aaron VISAGGIO - Università degli Studi del SANNIO di BENEVENTO
UO 2 - Mauro CONTI - Università degli Studi di PADOVA
UO 3 - Giorgio GIACINTO - Università degli Studi di CAGLIARI
Duration
30/11/2023 - 28/02/2026
Description
Antimalware technology is inherently intrusive: as it is currently conceived the approach to malware detection, antimalware must acquire a large quantity of data and information, violating the most elementary principles of user’s privacy. The problem arises because the current technology considers an a-priori scanning of the machine’s assets to protect: all files, programs, connections, directories, and concerned resources are analyzed before to establish whether it is harmful or not. We are so used to adopting the a-priori approach that it appears as obvious. The underlying hypothesis of the proposal is that an alternative exists and consists of an a-posteriori approach, i.e. to analyze an asset only when it is considered suspicious (or harmful without any doubt). For realizing a similar reversal of perspective it is necessary to reduce the grain of the indicators of compromise to examine. This will avoid having access to a resource for establishing whether it is malicious or not. On the contrary, the suspicious resource is examined only after an indicator of compromise has been found. This kind of indicators are mainly behavioral features or changes to the machine’s status that can be observed during or after the execution of the malicious program. Of course, the harmful activity can be interrupted or forbidden when intercepted until the antimalware doesn’t establish the nature of the program that is trying to do that activity. The project will aim to realize a Privacy Aware Anti Malware (PAAM) framework, consisting of three main outcomes. The first one is a Manifesto of requirements that an antimalware (but also a security control in general) must be compliant with for being privacy aware. This will also include a study of all the ways current malware detection technology violates user’s privacy. The second result is a framework of malware detection methods that can implement the a-posteriori analysis, guaranteeing the respect of user’s privacy. The third result is an analysis of all techniques that can be used for evading the PAAM Framework. It is important to remark that this project can determine two main impacts, among the others. The first is to propose a complete change in the way we think about software architectures, introducing the concept of privacy aware software design. The Manifesto could be applied to (or can be inspirational for) other kinds of software products, since currently software design is not usually approached from a perspective of user privacy protection. The second important impact is to stimulate in software users and producers the awareness toward user privacy and a greater attention to transparency and fairness in computer programs.
Activities
Postdoc: Ying Yuan, Matteo Brosolo
Related publications
Through the static: Demystifying malware visualization via explainability (https://www.sciencedirect.com/science/article/pii/S2214212625001000); It Doesn't Look Like Anything to Me: Using Diffusion Model to Subvert Visual Phishing Detectors (https://dl.acm.org/doi/10.5555/3698900.3699070); Beyond the West: Revealing and bridging the gap between Western and Chinese phishing website detection (https://www.sciencedirect.com/science/article/pii/S0167404824004206)
