Deakin, CA partner on statistical malware detection

By on
Deakin, CA partner on statistical malware detection

CA Labs, HCL and Deakin University have partnered to improve methods for detecting malware based on its generic signatures.

The so-called heuristic detection methods could take only milliseconds to do what was previously done in a week, researchers claim.

Lynn Batten, director of Deakin's Information Security Group, explained that antivirus software vendors were relying on manual analysis of code sequences until about two years ago.

"People worked on isolated computers manually analysing the new threats - looking at whether the code had been seen before," Batten said.

"There's been a rapid change in the last few years," she said. "Most antivirus companies have automated their methods significantly."

Four years ago, Batten's research group joined up with CA partner HCL to research faster, automated processes for classifying malware for CA's Anti-Virus product.

The resulting research has not yet reached CA's commercial product; however, an HCL spokesman said that ideas were being evaluated and may be included in future versions.

Deakin's method relied on identifying "key parameters", such as string information and the size and occurrences of certain functions.

Batten said it worked twice as quickly as current off-the-shelf software and classified new threats with greater than 97 percent accuracy.

The aim, she said, was to approach 100 percent accuracy.

CA Labs researcher Steve Versteeg, who was involved in the research with Deakin and HCL, said false positives tended to be an issue with heuristic methods that classified malware based on statistics.

In April, McAfee falsely identified the Windows file svchost.exe as malware, causing crashes in Windows XP SP3 systems across the globe.

"You cannot just use statistical methods by themselves," Versteeg said, adding that such methods had become increasingly necessary as malware became more pervasive.

"The sheer volume of malware that's coming out means that [detecting malware based on] generic signatures are the only way going forward," he said.

CA Labs has partnered with 35 universities around the globe to enhance its cloud computing and enterprise IT management products.

It is currently involved in eight research projects with five Australian universities; research topics include solar energy, role engineering, and large scale emulations.

Got a news tip for our journalists? Share it with us anonymously here.

Most Read Articles

Log In

  |  Forgot your password?