Professor Charles Nicholas has received research funding from the National Science Foundation to develop better ways to detect malicious software (malware) and defend computers against it. The award will provide up to $75,000 over the next year to support the research of Dr. Nicholas and his students.
The process of creating malware has become more automated in recent years, as a result of so-called exploit kits, such as the Blackhole exploit kit. The UMBC project will investigate ways of characterizing these exploit kits, as well as the malware they produce. Developing models of how current kits work will help to predict what exploit kits will look like in the future as well as suggest better techniques for detecting the malware they are used to produce.
On challenging problem the research will address is dealing with polymorphic malware, malware that makes new versions of itself as it moves from machine to machine, in the hope of avoiding detection by conventional, signature-based anti-virus software. The research will characterize malware families that exist as products of a specific exploit kit as well as those that develop through polymorphism.
Dr. Nicholas is the faculty advisor of UMBC’s Cyber Defense Team, a student group that studies information security, intrusion detection, cybersecurity, and network security and participates in competitions such as the Maryland Cyber Challenge. He is also teaching a special topics class this semester on Malware Analysis for both undergraduate and graduate students.