Detection of Self-Propagating Malicious Code
Michigan State University, East Lansing MI
Investigators
Abstract
Detection of Self-Propagating Malicious Code Hayder Radha, Michigan State University Award 0430436 Abstract Novel methods for mitigating automated malicious code intrusions (e.g., computer worms) are being investigated and developed. This includes local- and network-level intrusion detection strategies that provide effective and timely detection of malicious codes. A mathematically rigorous framework, which is based on detection theory, is being applied to the intrusion detection problem. In particular, the focus is on the general case of network-based anomaly detection (i.e., the case where deviations from normal network traffic characteristics are employed to raise an alarm). The development of Neyman-Pearson tests to track anomalous user-level/network-level traffic patterns is being investigated. An effective test necessitates development of a mathematical model for the user- and network-level traffic that can in turn be employed to define the Neyman-Pearson null hypotheses. To this end, the performance of stochastic modeling techniques that have been proven to render effective characterization of network traffic and related random processes, such as the multifractal wavelet model and the Markov chain model, are being investigated. A contribution of this effort will be development of portable software that can provide real-time and adaptive intrusion detection. The application and performance of the proposed framework in peer-to-peer and mobile ad hoc environments is also being investigated. This work will yield effective defense and detection against automated malicious codes, which have caused profound negative impacts on the global Internet and users worldwide.
View original record on NSF Award Search →