PAGE TITLE
Overview
PAGE SUMMARY
Malware authors are increasingly using specialized toolkits and obfuscation techniques to modify existing malware and avoid detection by traditional antivirus software. The resulting proliferation of obfuscated malware variants poses a challenge to antivirus vendors, who must create signatures to detect each new malware variant. Drexel researchers have developed a behavioral detection system that monitors behavioral features of a live computer host online. The system initially develops a model that characterizes normal behavior of the host, and then uses change-point detection algorithms to detect abrupt deviations from normal behavior characteristic of malware execution. The system can be trained to accurately identify new variants within known malware families, using observed similarities in behavioral features extracted from sensors monitoring live computers hosts. Whereas traditional malware defenses mechanisms primarily work by preventing potential malware from passing through a network or executing on a host computer, this system detects the execution of malware on a live host computer. It is designed to detect malware that evade traditional defenses, such as new and obfuscated malware variants, supplementing existing defenses and serving as an auxiliary safety net to detect if a host is infected.
APPLICATIONS
TITLE: Applications
Malware detection, classification, and mitigation
ADVANTAGES
TITLE:Advantages
Coverage: The system is designed to protect against entire families and classes of malware, even those that have not previously been discovered
Ease of Use: The on-line detector that can be deployed on live hosts without using specialized sandbox environments or computationally expensive monitoring techniques
Reaction Time: The change-point formulation is designed to detect malware as quickly as possible to mitigate its damaging effects
Data Collection: the behavioral information collected when new malware samples are detected can be used to classify newly discovered malware and conduct other post-mortem analyses.
FIGURES: Insert Figure Image Inside Figure Tags within Editor
Figure 1
IP STATUS
Intellectual Property and Development Status
United States Patent Pending- 14/686,420
http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=/netahtml/PTO/srchnum.html&r=1&f=G&l=50&s1=20150295945.PGNR.&OS=DN/20150295945&RS=DN/20150295945
Commercialization Opportunities
----------------------------------------------
Contact Information
Robert B. McGrath, Ph.D.
Senior Associate Vice Provost
Office of Technology Commercialization
Drexel University
3180 Chestnut Street, Ste. 104
The Left Bank
Philadelphia, PA 19104
Phone: 215-895-0303
E-Mail: RBM26@drexel.edu