Contemporary Internet malware is constantly evolving and making antivirus and intrusion detection systems increasingly obsolete. It is no longer acceptable to simply rely on binary signatures for malware identification. Both current and future generations of malware will require entirely new detection strategies that can tolerate the rapid perturbations in binary structure and payload delivery mechanisms. A promising direction to this end is the use of multi-perspective, behavioral-oriented paradigms for malware identification. In this project, we propose a new approach to 1) automatically extract infection knowledge, based on a multi-perspective, behavior-oriented view, and 2) rapidly apply this gained knowledge to diagnose the presence of malware in host computer systems. For each malware family, a probabilistic profile will be automatically extracted, which captures the invariant behavioral features of its members. This envisioned knowledge-extraction process should provide sufficient abstraction in its invariant behavior characterization such that future malware variants can be recognized. We also propose a Bayesian framework for diagnosing live malware infections on fielded computer systems. If successful, this research will introduce a new complementary strategy for diagnosing malware infections in ways that cannot be defeated through the current suite of antivirus countermeasures.
