Malware Classification and Anomaly Detection

PI: Guanhua Yang

The sheer volume of data available in the cyber space has made it tremendously challenging to detect malicious activities in it, which resembles finding needles in a haystack. Prof. Guanhua Yan's current work focuses on developing scalable data-driven approaches to improving cyber security. One thrust of his research is aimed at automating the task of classifying the vast number of malware variants on the Internet, many of which are armored with advanced obfuscation techniques to hide their intention. As it is an arms race between malware authors and cyber defenders, Prof. Yan is striving to develop methods that can stay ahead of the game to gain an upper hand against the adversary.

Another thrust of Prof. Yan's research is to identify malicious activities through the lens of network traffic. The main technique applied here is anomaly detection, as anomalies are often strong indicators of ongoing cyber attacks, such as worm propagation and DDoS (Distributed Denial of Service) attacks. The catch is how to design anomaly detection techniques without causing too many false alarms. In his research, Prof. Yan has developed highly accurate anomaly detection methods for a wide spectrum of network traffic, such as email, IM (Instant Messaging) and SMS (Short Message Service) messages.


Thrust one: Malware classification

Thrust two: Anomaly detection