About i-code project
What we pursue
The i-code project is a new effort that aims to take a step towards the realization of an integrated real-time detection and identification toolset. It represents a clean break from the pattern-matching-based approaches of current firewalls and/or Intrusion Detection/Prevention Systems. I-code will develop a malicious code identification system based on Abstract Payload Execution (APE), a malware detection method pioneered by the members of the consortium.
In contrast with the traditional approaches, APE treats all incoming data as potentially malicious code and "executes" the incoming packets on a "virtual computer". This way, the malicious code packets which are masqueraded as data can be clearly spotted and isolated while the ordinary innocuous packets come out clean. Additionally, because this approach is device, network, system, application and protocol agnostic, the solution that will be developed by i-code will offer maximum coverage. By deploying our systems in appropriate network points, one will be able to see both incoming and outgoing attacks and identify not only external attackers, but also "internal" computers which have been compromised.
Providing better tools to identify malicious code
The end-product of the project will be an integrated forensics console for real-time malicious code identification which will be easy to use by the broader community. The developed toolset will include capabilities for detection, identification and categorization of malicious code spreading through current and next-generation networks.