NETSS: a networked environment for testing suspicious software

The increasing popularity of malicious software attacks concerns computer security professionals. While several platforms exist to evaluate malware, this project aimed to create a physical system to verify and expand on previous research. The project developed NETSS: a networked environment for testing suspicious software, a system designed to emulate the Internet. Unlike virtual alternatives, NETSS consists of four physical machines that are sandboxed, directing all outbound Internet traffic to a single internal server that responds to popular network service requests. With logging functions enabled, analysts may run a suspicious piece of software for evaluation. During testing, NETSS was used to analyze and identify a popular worm that appeared in a suspicious e-mail. The project also began development of the Ashburn-Sulcoski index, which quantifies malware threat potential. This index provides US Government agencies and other professionals a standard to quantify malware threats. Although the project produced a working index, refinement continues