Dumitras Presents Paper on New Method of Malware Detection

A research paper co-authored by a University of Maryland expert in software vulnerabilities is being presented on Oct. 15 at the 22nd Association for Computing Machinery Conference on Computer and Communications Security (ACM CCS) in Denver, Colorado.

Tudor Dumitras, an assistant professor of electrical and computer engineering with appointments in UMIACS and the Maryland Cybersecurity Center (MC2), collaborated with researchers from UMD, Symantec Research Labs, and IBM Research to develop a new, faster method of detecting malware.

In their paper, “The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics,” the team introduces a downloader-graph abstraction, which captures download activity and explores the growth patterns of benign and malicious graphs.

The team used known data to reconstruct and analyze 19 million downloader graphs from five million real hosts. Using this data, the researchers were able to identify several strong indicators of malware activity. They were then able to implement and evaluate a machine learning system for malware detection.

As a result, the researchers say, the system is able to detect malware—on average— approximately nine days earlier than existing anti-virus products.

To see a video overview of the cybersecurity work done by Dumitras, go here. Read more about the team's work here.

Published October 13, 2015