Malware harms everyone from the totally computer illiterate phone user to the devastating attack on Target that cost the company millions. Danfeng (Daphne) Yao, associate professor of computer science at Virginia Tech College of Engineering, and colleagues have developed the first workable proactive system to detect malware in individual computers or in networks before any damage can be done. Yao presented her work at the June 4, 2014, session of the ACM Symposium on Information, Computer, and Communications Security in Kyoto, Japan.
The problem with the majority of present malware detection systems, even those supplied by internet service providers, is that the malware detection system only reacts to malware after it has become active. Dr. Yao’s system is the first malware protection program that can actively detect malware before it installs itself. The new program is also the first that can isolate an infected computer from the rest of a network.
The new system uses the history of the user and the network to produce a higher level of malware protection than is presently available. The history of use determines if there is a causal relationship between activity that has occurred in the past and a unique and anomalous activity that indicates the initiation of a malware attack. The semantics based program is the first to offer protection before malware is launched. Proactive security is expected to save business money and protect government and medical data.
This work is an extension of Dr. Yao’s previous work for the United States Department of Defense. The same system was implemented in DOD computers, mobile devices, command and control servers, and embedded systems deployed on U. S. Navy ships to prevent terrorist interference and data extraction with malware. The system is patented and is expected to be available to the public before the end of 2014.