NSF Funds Search for New Computer Virus Defense
Strategy Seeks to Anticipate and Disrupt Attacks Before They Can Wreak Havoc

The battle against computer viruses is nothing less than an arms race, according to UT Dallas computer scientist Kevin Hamlen, but he may have hit on a decisive advantage: What if you could identify the enemy not just by analyzing its appearance but by anticipating its actions?

That’s the idea behind a five-year, $500,000 project funded by a Faculty Early Career Development Award from the National Science Foundation.

Results from the research will lead to powerful new strategies, concepts and practical tools that give defenders a significant new advantage in the virus-antivirus arms race,” he said.

That doesn’t mean tossing out current virus-detection technology. Hamlen’s approach will still include analyzing a suspected virus’s appearance – the syntax of its computer code – for telltale signs of malevolence.

The second part of the equation – anticipating the future – may seem like a tall order, but his idea is to deploy algorithms that watch the suspicious code as it begins to run, and disrupt it in the microseconds between evidence of impending harm and the actual harm itself.

The scale of the malware problem demands such innovative tactics, he said.

“The escalating rate of new malware threatens to outpace our ability to maintain effective detection systems,” he said. “This is in part because today’s polymorphic malware continually evolves new syntaxes as it propagates, introducing hundreds or thousands of new syntaxes per day that implement the same malicious behavior.”

Hamlen believes his results could ultimately improve the resilience of the nation’s cyber infrastructure. Although individual viruses don’t always constitute an existential threat, they are often used to compromise numerous low-priority targets in an attempt to open up high-priority targets.

NSF Career awards are part of a highly selective program for junior faculty members who are considered likely to become leaders in their field. This is the sixth Career award received by UT Dallas engineering and computer science faculty in the past three years.

“The Career program is an excellent barometer of the potential of young faculty to become top researchers, and we are particularly pleased to have had a second recent recipient in the important area of cybersecurity,” said Dr. Mark W. Spong, dean of the University’s Erik Jonsson School of Engineering and Computer Science and holder of the Lars Magnus Ericsson Chair in Electrical Engineering.

Hamlen’s award arose from next-generation malware research that he has been conducting with fellow UT Dallas computer scientist Latifur Khan for the Air Force Office of Scientific Research. Their colleague Dr. Murat Kantarcioglu received a Career award in 2009 to develop privacy-preserving technologies that could open the door to the widespread use of e-health and e-government applications.

“The University’s Cyber Security Research Center was established in 2004, and our researchers already have received two NSF Career awards, an Air Force Young Investigator Program award, a Department of Defense Multidisciplinary University Research Initiative program grant and several other grants from NSF, the Air Force Office of Scientific Research, the Intelligence Advanced Research Projects Activity, the National Geospatial-Intelligence Agency, NASA and the Office of Naval Research,” said Dr. Bhavani Thuraisingham, director of the center. “We are becoming recognized leaders in malware technology, assured cloud-based information sharing, and data security and privacy.”

“The escalating rate of new malware threatens to outpace our ability to maintain effective detection systems,” computer scientist Kevin Hamlen says.


Researcher Targets Malicious Web Ads in Separate Science Foundation Grant

Viruses aren’t the only cyber threat lurking online. Malicious and exploitable Web advertisements are widely recognized as a major emerging source of online attacks and privacy violations, but Dr. Kevin Hamlen is bearing down on them as well.

Thanks to a separate $527,000 award from the National Science Foundation, he and his co-investigator, Dr. Venkat Venkatakrishnan of the University of Illinois at Chicago, are developing techniques to squelch such rogue ads.

Ads aimed at privacy invasion or other malicious ends can often escape the weak defenses employed by ad networks and websites. The ad security issue is exacerbated by the complex mechanisms for producing, distributing and deploying Web ads. The project will develop a comprehensive framework that integrates and extends recent research in the area. The researchers plan to then transition their results to companies engaged in developing and disseminating online ads, which have become a $50 billion industry.

"Our goal is to develop an elegant and easily adoptable framework for protecting users from the severe online security and privacy risks currently posed by malicious ads," Hamlen said.

Media Contact: The Office of Media Relations, UT Dallas, (972) 883-2155, [email protected].

Tagged: ECS research