Title: Hot-Based Online Behavior Malware Detection and Classification
Advisors: Drs. Moshe Kam and Spiros Mancoridis
Date: Monday, April 21, 2014
Time: 9:30 a.m.
Location: ECE Conference Room 302, 3rd Floor, Bossone Research Enterprise Center
Malware are becoming more prevalent and sophisticated. Meanwhile, the increasing size and complexity of computing systems contribute new vulnerabilities and complicate the detection of cyber-attacks. To detect the malware that evade traditional defenses, I propose the development of a new host-based malware detection system, one that monitors computer hosts on-line in production environments and identifies behavioral changes characteristic of malware infection. The proposed system uses sequential and change-point detection techniques to infer the execution of malware and classifies new malware according to their behavioral similarity to known malware. I propose extensive experimental evaluation to establish the effectiveness of the proposed detection and classification system in production environments. The novelty of the proposed work lies in its focus on rapid on-line detection and classification, its sequential formulation of the malware detection problem, and its emphasis on experimental evaluation.