Reactively Adaptive Malware What is it? How do we detect it? Dr. Bhavani Thuraisingham Cyber Security Research and Education Institute https://csi.utdallas.edu The University of Texas at Dallas April 19, 2013. FEARLESS engineering. Outline. Analogies Malware: What is it? Our Solutions
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Reactively Adaptive MalwareWhat is it?How do we detect it?Dr. Bhavani ThuraisinghamCyber Security Research and Education Institutehttps://csi.utdallas.eduThe University of Texas at DallasApril 19, 2013
What does it look like?
Example: Melissa Virus
March 26, 1999
Everything changed with Code Red attack in 2001
Data Mining Solutions
Professor Latifur Khan
Reactively Adaptive Malware
Professor Kevin Hamlen
Android Malware and
Professor Zhiqiang Lin
Professor Yiorgos Makris
Adversarial Mining Solutions
Professor Murat Kantarcioglu
Smart Grid Malware
Professor Alvaro Cardenas
Data Pattern Processing
The process of discovering meaningful new correlations, patterns, trends and nuggets by sifting through large amounts of attack data, often previously unknown, using pattern recognition technologies and machine learning statistical and mathematical techniques.
Thuraisingham, Data Mining: Technologies, Techniques, Tools and Trends, CRC Press 1998
DGSOT: Dynamically Growing Self-Organizing Tree
Our novel solution
Signature Approximation Model
Signature Inference Engine
Antivirus Signature Database
Signature Query Interface
Note: Di may contain data points from different classes
Addresses infinite length
3500 counterfeit Cisco networking components recovered
The Hunt for the Kill Switch
Adee, IEEE Spectrum, 2008
We cannot forget about HardwareDo you Trust Your Chips?
Research Supported by:
The Hacker in Your Hardware,
Villasenor, Scientific American 2010
2012 Phobos-Grunt Mission Fails Due to Counterfeit Non Space-Rated Chips
demonstrates attack to
power grid in Feb. 2012
DHS and INL study impact of cyber-attacks on generator
Together with ECS, SOM, EPPS and BBS, we are proposing an Interdisciplinary approach.