Detection of Malicious Code Insertion in Trusted Environments

摘要

Methods and computer program products which facilitate detection of malicious code insertion by an insider during the software development lifecycle are disclosed Aspects focus on behavioral characteristics associated with the introduction of malcode during the software development process. Injection of malcode by an insider threat, and the malcode itself, may leave behind behavioral signatures in the source code repository and source code that can be detected by a multi-dimensional combination of sensors. By detecting the behavioral signatures of malcode within artifacts generated by the software development process, instances of malcode can be isolated and prevented before release.

主权项

1. A computer-implemented method of identifying malicious code insertion in trusted environments, the method comprising the steps of:
(a) connecting an analysis server to a computing device utilized by a software developer to develop at least a portion of a software program; (b) collecting, via a plurality of sensor modules coupled to the analysis server, behavioral tracking data from the computing device, the behavioral tracking data indicating a software developer behavior during software development and including metadata indicating a development action, the development action caused by the software developer behavior; (c) storing, in a database communicatively coupled to the analysis server, the behavioral tracking data; (d) analyzing, via the analysis server, the software program for the presence of malicious code, the analysis including a comparison of the stored behavioral tracking data to a baseline behavior parameter stored in the database; (e) flagging, via the analysis server, the development action where the analysis indicates malicious code insertion; and (f) presenting, via a user interface communicatively coupled to the analysis server, an analysis report, the analysis report comprising an analyzing step result and a flagging step result.