DETECTION OF OBFUSCATED MALWARE

Anti-virus software prevents malware’s spread by detecting and neutralizing instances of malware.   The advancement in malware is a major problem, as previously successful detections methods such as signature detection and monitoring suspected code for known security vulnerabilities have become ineffective.  As illustrated in the Fig. 1 a weapons race exists between the malware writers and those that defend against these attacks.

At CSIT, researchers are investigation new malware detection approaches that outmanoeuvre the different attack vectors and obfuscation methods employed by the malware writers.‌

Fig. 1 Weapons Race

 

Figure 1. The antimalware-malware weapons race’s four phases. (a) Systems were infected from various sources. (b) signature scanners were countered by malware packing. (c) Static analysis was countered by polymorphic malware. (d) Dynamic analysis was countered by metamorphic malware.

+ Current Projects

+ Other Areas of Interest

  • low-level analysis of malware
  • Hardware-supported virtualization
  • Operating systems reliability and security
  • Network and host intrusion detection techniques
  • Reverse engineering

+ People

Philip O’Kane – Lecture

Sakir Sezer – Research Director

+ PhD Opportunities

+ Related Publications