Malice through the looking glass: behaviour analysis for the next decade
Jeff Debrosse ESET
David Harley ESET
Most VB conference attendees have a major interest in malicious code. Often they focus on the highly technical issues
around the intricacies of malware technology and counter-technology, the programmatic detail of attack and counter-attack.
Sometimes they focus instead on the higher level application of defensive technology to corporate or infrastructural
environments, even the entire Internet. More rarely, they look at the human side of malware management, mostly from the
point of view of involving the potential victim (individual or organization under attack) in the defensive process
(education and training, policy enforcement and so on).
However, malware is only part of a complex process of malicious exploitation. Behaviour analysis is a crucial topic in
21st century anti-malware, but rather than focusing purely on programmatic behaviour, should we not be looking at the
psychosocial behaviours that underpin the exploitation mechanism? (By this we mean not only the behaviour of the criminal,
but that of the victim.) This paper considers steps towards a holistic approach to behaviour analysis that would enable
us to treat the disease rather than the symptom, drawing on both social and computer science.
