Visible to the public TWC: Small: Intelligent Malware Detection Utilizing Novel File Relation-Based Features and Resilient Techniques for Adversarial AttacksConflict Detection Enabled

Project Details

Lead PI

Performance Period

Aug 15, 2016 - Jul 31, 2019


West Virginia University Research Corporation

Award Number

Malware (e.g., viruses, worms, and Trojans) is software that deliberately fulfills the harmful intent of an attacker. It has been used as a major weapon by the cyber-criminals to launch a wide range of attacks that cause serious damages and significant financial losses to many Internet users. To protect legitimate users from these attacks, the most significant line of defense against malware is anti-malware software products, which predominately use signature-based methods to recognize threats. However, driven by considerable economic benefits, malware attackers are using automated malware development toolkits to quickly write and modify malicious codes that can evade detection by anti-malware products. In order to remain effective, the anti-malware industry calls for much more powerful methods that are capable of protecting the users against new threats and are more difficult to evade. The broader impacts of this work include benefits to the society at large by making cyberspace more secure and resilient to cyber-attacks. The project integrates research with education through curriculum development activities and engages graduate and undergraduate students in research. It is also expected to increase the involvement of underrepresented groups, including minority and women.

The goal of this project is to design and develop intelligent and resilient solutions against malware attacks. The project is focused on the following research aims: (1) design novel relation-based features (e.g., file co-occurrence, file co-location, and bundled installations) that are more robust and harder to evade in malware detection; (2) design and develop an effective semi-supervised learning framework utilizing both content-based and relation-based features for malware detection; and (3) design and develop resilient techniques against adversarial attacks on machine learning/data mining based models. The techniques developed by this project will create a resilient platform, at both feature and model levels, against adversarial malware attacks. Furthermore, the proposed techniques are designed to be arm race capable, and can be used in other cyber security domains, such as anti-spam, fraud detection, and counter-terrorism. Through this project, a joint computer security lab will be established which aims at creating innovations for intelligent and resilient defenses against malware attacks as well as other cybersecurity threats.