A distinguishing trait of advanced malware is their ability to evade detection by commercial security software, allowing them to target and infect users’ computer systems. Detecting such advanced malware requires a different and innovative approach.

Over a period of six months, DSTA developed a detection technique and a prototype to detect rootkit malware – a type of malware that targets operating systems. The team studied many known advanced malware techniques and observed their behaviour and interactions with the operating system. The prototype was tested successfully against advanced malware such as Stuxnet and TDSS.

The knowledge gained from advanced malware operations and detection contributes to the enhancement of cyber defence capabilities in DSTA, MINDEF and the SAF.