In the fight against malicious hackers, a Virginia Tech professor says she has created a new weapon to fend off malware.
Daphne Yao, assistant professor of computer science at Virginia Tech, says she has developed a framework to combat "spoofing attacks." A spoofing attack is when organized botnets -- groups of computers that are controlled by malicious software -- run by hackers, are able to penetrate someone's computer and steal their identity. These attack bots are able to do this by emulating a user's keystroke sequences.
Yao and her colleague, Deian Stefan, now a graduate student in the computer science department at Stanford University, have developed a system to combat these attacks. Caled "Telling Human and Bot Apart" (TUBA), it is able to differentiate when the bot and human are typing. It is based on a remote biometrics system. It also uses a cryptographic mechanism that prevents the bot from pretending to be human.
"What we're trying to detect are drive by downloads and the illegal creation of files. Some malware sends spam or exports propriety information. One recent attack, Hydraq, which impacted more than 30 major U.S. companies, including Google, was dangerous. It sends an email with someone pretending to know you and has a link attached. If you click on the link, you'll get drive by downloaded," Yao said.
These types of attacks have become more frequent and commercial anti-virus companies have been attempting to come out with the best problem-solving solution. Yao said her technology, which is being patented, is more efficient than current offerings.
"The typical anti-virus company is going to look for a signature, a unique string that you may find in malicious software. They don't look at the software as a whole, but rather they look for patterns. We're comparing a particular user's behavior and correlating to with the system's events," Yao said.
She also said the typical anti-virus software will not be able to detect new attacks. Her framework, it can prevent identified new abnormal patterns before they happen. "We don't rely on knowing patterns," Yao said.
While this technology is being transferred to an undisclosed company, Yao's work is not done. She said she will work on implementing host based detection in an operating system. This would strengthen a computer's infrastructure and make it even harder for hackers to penetrate.
Yao and Stefan's work won a best paper award at CollaborateCom '10, the 6th International Conference on Collaborative Computing.
By Gabriel Perna