Millions of computers worldwide are estimated to be infected by malware (malicious software) and have become ? unknown to their owners ? part of an army of dangerous ?bots?, which are software applications that run automated tasks over the Internet controlled by cyber criminals. These infected computers are coordinated and used by attackers to launch illegal and destructive network activities including identity theft, sending spam (estimated 100 billion spam messages every day), launching distributed denial of service attacks, and committing click fraud. They are also capable of launching information warfare to destroy critical network infrastructure of a nation. Existing malware-detection approaches are limited in their ability to identify and discern malicious bots from legitimate and benign ones. This proliferation and sophistication requires constant vigilance and upgrading. The proposed project introduces a new and paradigm-shifting approach for malware detection, referred to as human-behavior driven malware detection. With this approach, the project will be able to accurately differentiate network behaviors of a legitimate user and malware by identifying and enforcing unique properties of human computer usage on a host.
The focus on human-user characteristics, versus those of malware, allows computer security to be realized without the need for continually monitoring ever-changing malware patterns. This approach will complement conventional malware-detecting techniques based on code analysis, data mining, or network trace filtering. The design of a unique and tamper-resistant traffic-enforcement framework will cryptographically verify the provenance information of both system and application-level data utilizing on-chip cryptographic hardware support. This project will implement novel and fine-grained input-traffic correlation analysis that has not been previously applied across a host?s network stack, kernel modules, and input devices. The proposed work will create new knowledge on design principles of reliable operating systems and applications, as well as gain insights to provide seamless integration of network-security techniques into a kernel. These studies will significantly advance the understanding of human-behavior based security and improve the system integrity of all networked computers. The research will build a base of important fundamental knowledge about user-centric security and will provide a compelling and more permanent solution to the increasing need of malware detection. The proposed work will focus on identifying characteristic human-user behaviors (namely application-level user inputs via keyboard and mouse), developing protocols for fine-grained traffic-input analysis, and preventing forgeries and attacks by malware. The PI will design and apply a combination of cryptographic techniques, correlation analysis, and Trusted Platform Module based integrity measures to carry out these tasks.
As an integrated component of the project, the PI will conduct outreach and educational activities that aim to increase the general awareness of cyber-security issues in the K-14 community and broaden the interdisciplinary participation of undergraduate and underrepresented groups in computer security research. In addition, the PI will develop a novel interactive software system Sec Ed for teaching computer security and advancing efforts in curriculum development, mentoring, diversity building, and workshop organization.
