Cybersecurity Education, Research & Outreach Center

Malware

Never-Ending Learning for Malware Analysis (NELMA) (Lead - Douglas Talbert)

Malware poses an increasing threat to sensitive data and network systems. With the advancement of technology and the omnipresence of internet connectivity and online services, this problem is growing more everyday. Malware developers are continually inventing new and more effective malware and are using different techniques to obfuscate their malcode. Therefore, it is imperative to have an efficient and self-sufficient malware detection system. Machine learning models are capable of producing highly accurate malware classifications. However, there is a growing number of unlabeled datasets that the models rely on for classification. This research uses Semi-Supervised Learning models to detect malicious Android apps. We have observed that co-training improves classifier performance. To date, our analysis has focused on Android malware and has tried to determine a set of classifiers that, alone or in combination, generate highly accurate predictions. Additionally, we have incorporated malware sub-classes into co-training and observed an improvement in classifier accuracy.

Deep Learning based Malware Detection and Classification in Cloud IaaS (Lead – Maanak Gupta, Student: Andrew McDole, Austin Brown, Jeffrey Kimmel)

The project will focus on developing different deep learning based techniques for online detection of malware in cloud IaaS. The detection is performed based on behavioral data using process level performance metrics including cpu usage, memory usage, disk usage etc. We have used the state of the art DenseNets and ResNets in effectively detecting malware in online cloud system. CNN are designed to extract features from data gathered from a live malware running on a real cloud environment. Experiments are performed on OpenStack (a cloud IaaS software) testbed designed to replicate a typical 3-tier web architecture. Comparative analysis is performed for different metrics for different CNN models used in this research.

AI assisted Malware Analysis (NSF Funded Grant 2025682 – Lead PI Maanak Gupta, Student: Daniel Simpson)

This NSF funded project aims to initially develop six self-contained and adaptive modules as shown in Figure 1, including (1) Cyber Threat Intelligence (CTI) and malware attack stages, (2) Malware knowledge representation and CTI sharing, (3) Malware data collection and feature identification, (4) AI assisted malware detection, (5) Malware classification and attribution, (6) Advanced malware research topic and case studies. Providing undergraduate and graduate students with training in the use of AI in malware analysis is an important step towards bridging the current cybersecurity talent gap.