- Study at Deakin
- Life at Deakin
- Industry and community
- About Deakin
By Sally Holt
It may be an email that promises you a greeting card, message or music. It may be a simple program upgrade offering faster and better functions. Or it may be a security alert that makes you think you’re in digital danger.
But be careful where you click. Even if you’re the tiniest bit suspicious, clicking on what might seem like an escape hatch can send you lurching deep into the murky world of malware – a place that’s inhabited by viruses, Trojan horses and worms.
Professor Lynn Batten, director of Deakin’s Information Security Group (School of Information Technology) is leading a research project that’s currently tackling the costly and damaging problem of malware.
"The term 'malware' is short for malicious software," she explains. "The various names and forms of malware – such as virus, worm, Trojan horse, spyware and crimeware – generally indicate the intent of the code once it has installed itself into the computer."
Professor Batten says that although the origins of malware may have been more mischievous than malevolent, it now supports an entire industry of criminal connections.
"It’s likely that most malware is written by large criminal organisations ... they have huge resources and their objective is to make money by stealing identity information and then selling it to criminals further down the chain," she says.
And apparently, no computer is safe. Malware is able to steal its way through the internet, email, USB, CD or an unprotected network before playing an elaborate game of hide and seek.
"Malware will try and hide in a location where it can’t easily be spotted," she says. "Some will then gather addresses and passwords; others might use your machine’s processing power to set up connections with a network of computers, or even use the machine to generate attacks on other computers. Criminal gangs now use malware to infect computers through the internet and this costs global networks hundreds of billions of dollars each year."
Deakin’s team of researchers – in collaboration with security software company CA Inc and HCL Technologies Ltd – are thwarting the march of malware by developing a fast and accurate automatic detection system.
Traditionally, malware has been identified through a manual process.
"Anti-virus experts would take a forensic approach by working on isolated computers and watching how the malware operated in a closed environment," Professor Batten explained. "They would then decide if it was similar to already-known malware – in which case it would be identified as a member of a family – or be identified as new."
But with new forms of malware emerging every day, the task of manually identifying and providing antidotes presents an enormous challenge.
"About five years ago there was a shift in the industry towards the development of automated methods," Professor Batten said. "And because new malware remains a threat until software security companies identify it and develop a response, the quicker this can be done, the better."
The system developed by the Deakin researchers automatically classifies new malware threats with 98 per cent accuracy.
"This project relies on the Deakin team’s knowledge of algorithms and what they could do in assessing malware," says Professor. Batten. "Our team extracts features of the malware which are critical to identification and assesses these features using statistical analysis."
Under a confidentiality agreement, the team also has access to the CA Inc. ‘malware zoo’ – a secure database of malicious software developed as a resource by the organisation over many years.
"This has allowed us to build our own database and draw on as many features as needed to verify that our results are the best possible given our techniques," she explains.
The researchers are now working towards an outcome that will provide a system – that is part of the computer’s anti-virus program – that immediately detects whether or not software is malicious.
However with a significant amount of non‑malicious software currently being produced that looks like ‘executables but has the feel of being malicious’, Professor Batten says it is an increasingly tough challenge for cyber‑security experts.
"It’s becoming more popular to use this type of application but it’s also becoming more difficult for anti-virus companies to determine whether or not the software that’s trying to get into your machine is malicious," she says.
Speed is the major aim in the classification process.
‘"New malware relies on the window between the time it lands on a computer and the time it is detected to do as much harm as possible," says Professor Batten. " We need a system which keeps this window to a minimum.
"We are also setting up tests to determine if we can cut down the data required to make a decision … if we can reduce the number of features needed, this will speed up the process."
Their team’s second target is accuracy.
"If the decision is made to let the software in, and it is malicious, then the whole business can crash," she says. "On the other hand, it is equally important to make sure that 'clean' software is allowed in because if a new application (that has been purchased by the business) is blocked by an anti-virus machine, it could cost the company a great deal of money."
Professor Batten says the Deakin researchers are currently working on ways to improve the system’s accuracy target to 100 per cent.
In the meantime, the cyber war continues to escalate.
"Every day new malware is being built which tries to avoid the current identification techniques … countering this is likely to also lead us into new research directions," Professor Batten sais.
Five top tips for avoiding malware: