CSC News
Reeves Research to Target Automated Malware Detection
Dr. Douglas Reeves, professor of computer science, has been awarded $268,510 by the National Science Foundation (NSF) to support his research proposal titled “CT-ISG: The Origin of the Code: Automated Identification of Common Characteristics in Malware.”
The award will run from September 1, 2008 to August 31, 2011.
Abstract - There are many ways that computers attached to the Internet can be infected by malicious software. Virus and computer worm writers go to great pains to make their software difficult to detect. We have developed a method for identifying infectious software, before it succeeds, that is fast and very general. This method has been tested on a wide variety of software and shown to be effective. We propose now to automate this method to a greater degree. Essentially every method of detection relies upon human intelligence to guide the search for uniquely identifying properties of infectious software. We propose to instead use techniques of data mining that will automatically search for and evaluate such properties. A key characteristic that is exploited is that there are few true innovations in the design of infectious software, but many imitations or variations. Our method looks for the unvarying, common properties of such software. The benefit will be automated defenses that adapt rapidly to changing threats, including previously-unknown, or "zero-day", threats.
For more information about Dr. Reeves, click here.
The award will run from September 1, 2008 to August 31, 2011.
Abstract - There are many ways that computers attached to the Internet can be infected by malicious software. Virus and computer worm writers go to great pains to make their software difficult to detect. We have developed a method for identifying infectious software, before it succeeds, that is fast and very general. This method has been tested on a wide variety of software and shown to be effective. We propose now to automate this method to a greater degree. Essentially every method of detection relies upon human intelligence to guide the search for uniquely identifying properties of infectious software. We propose to instead use techniques of data mining that will automatically search for and evaluate such properties. A key characteristic that is exploited is that there are few true innovations in the design of infectious software, but many imitations or variations. Our method looks for the unvarying, common properties of such software. The benefit will be automated defenses that adapt rapidly to changing threats, including previously-unknown, or "zero-day", threats.
For more information about Dr. Reeves, click here.
Return To News Homepage