This award is funded under the American Recovery and Reinvestment Act of 2009 (Public Law 111-5).
Malicious software is one of the most pressing security problems on the Internet. The main reason for the apparent failure of current defense approaches is that malware detection techniques are too specific. This is most obvious with virus scanners, which rely on signatures that are specific to individual malware instances. However, also behavioral detection techniques typically target only specific features of malicious code. Examples include the scanning behavior of worms and the command and control channels of bots. Unfortunately, such techniques become obsolete when malware evolves and the targeted feature disappears.
In this project, we develop a novel malware defense system that overcomes the shortcomings of current approaches. To this end, we investigate techniques that specify and model program behavior at a level of abstraction that captures general properties and features that are fundamental to the execution of programs. In addition, we develop a stealth and comprehensive analysis environment that automatically extracts the characteristics of novel malware strains when they appear, expressing these characteristics in terms of the general, behavioral properties. These characteristics are then automatically translated into efficient detection models. This allows our system to quickly react to and eliminate novel malware variants.
The research on novel techniques to eliminate malware presents rich opportunities for industrial and societal impact, and will have broad impact though education and outreach. We will introduce a new course on malware analysis at UC Santa Barbara, perform outreach activities through a newly established diversity center, and cooperate with well-known players in the anti-malware industry.
