Getting the jump on malware

14 July 2010

Researchers at Deakin University have developed a system that could help to significantly reduce the time it currently takes to identify computer viruses and other malicious Internet threats.

In collaboration with security software company CA Inc, the researchers have developed an automated process for classifying malicious software.

Director of the Information Security Group at Deakin, Professor Lynn Batten, said malicious software – or malware – was costing global networks hundreds of billions of dollars a year.

“Malware is any software that tries to attack your computer,” Professor Batten explained.

“For instance, it may delete files or change information or get into your computer to track what you are doing.

“One of the big problem areas is attackers using information to steal identities and money. Fake bank emails requesting password details are a good example of this.”

Professor Batten said malware was traditionally identified through a manual process.

“Until just a few years ago, software security companies took a forensic approach to identifying malware. People worked on isolated computers manually analysing the new threats – looking at whether the code had been seen before,” she said.

“This takes a lot of time and expertise, and keeping up with the ever increasing number of new malware threats is a major challenge.

“New malware remains a threat until software security companies identify it and develop a response, so the quicker this can be done the better.”

Professor Batten explained that the system being developed at Deakin aimed to classify new malware automatically.

“Malware generally belongs to different families – for example it might belong to a virus family or a Trojan family. Most new malware samples that come along are a variant, perhaps a combination, of one of these pre-existing families.

“Our system uses what we know about existing malware to classify new threats automatically. Preliminary results show that we can do this with up to 98 per cent accuracy.

“Automating the classification process has the potential to help new malware to be identified and responded to significantly faster than is currently possible.”

This research will enhance the ability to tackle malware pre-emptively, Professor Batten believes.

“With further research and development, taking this dynamic approach could make it possible to have a program on your computer that identifies new malware as it arrives at your computer more quickly and effectively than is possible today,” she said.

News facts
  • Automated process for classifying malicious software
  • Potential to significantly reduce the time it takes to identify malware
  • Could enhance pre-emptive malware responses

Media contact

Vanessa Barber
Deakin Media Relations
03 5227 1301; 0488 292 644

Deakin University acknowledges the traditional land owners of present campus sites.

14th July 2010