Malicious software (a.k.a. malware) is at the basis of most cyber-criminal operations, causing significant financial loss and posing great risks to national security.
This research creates novel network-centric behavior-based malware detection systems that automatically learn how to identify malware-compromised machines within a network, and that can self-tune to achieve the best possible trade-off between malware detection rate and false alarms for a given network. This self-tuning property is achieved by combining models of malware-generated network traffic with models of legitimate user-generated network activities to build hybrid detection models that can adapt to a specific network environment and accurately detect malware-generated network traffic crossing the network perimeter.
This new approach to malware detection takes into account events that occur within an entire network, rather than focusing on events that occur at each single host, and focuses on adaptive detection of all types of malware, rather than being limited to a specific malware type (e.g., botnets). Therefore, the detection systems resulting from this research will provide new effective detection capabilities that can complement current anti-malware technologies and significantly contribute to a better defense-in-depth strategy against malware.
