Research

IST professor uses NSF CAREER Award to advance malware detection

Dinghao Wu, assistant professor in the Penn State College of Information Sciences and Technology, has been awarded a National Science Foundation CAREER Award to focus on binary code analysis to identify malware. Credit: Xiao Liu All Rights Reserved.

UNIVERSITY PARK, Pa. — Dinghao Wu, assistant professor in Penn State's College of Information Sciences and Technology (IST), recently was awarded a CAREER Award from the National Science Foundation (NSF). The award, which supports new research for early career faculty who have the potential to significantly impact their fields, includes funding of approximately $500,000.

Wu’s area of expertise is in software cybersecurity, a topic that has become increasingly paramount on a global scale.

“Everyone — the government, the military, the financial sector — they all have software running,” he said. “And today, some software was probably developed 30 years ago, for example.”

As a result, many of these systems are vulnerable to software attacks, said Wu.

His new research aims to take a new approach to detecting malware, programs that were created with ill intent to attack a computer system. In today’s connected world, maintaining the integrity of computer systems from malware infections has become a huge problem for all organizations, who face a daily barrage of new and unexpected attacks. “There are hundreds and thousands of new malware coming out every day,” Wu explained.

His CAREER project focuses on binary code analysis to identify malware. Comprised of the most basic building blocks of programming — sequences of zeros and ones — binary code can be thought of as the DNA of computer software. In other traditional applications, analysts often examine the source code of a program to determine its origins and execution. But with malware, a source code would rarely be provided and even then, the source code could be written in a way to hide its malicious intent.

But approaching malware detection on a binary level can provide many benefits to cybersecurity analysts, Wu explained.

“A large portion of the malware out there today is a transformed version of older malware," he said. "So if we can identify that a new piece of malware is simply a variant, it helps with detection.”

By implementing this method of malware classification, Wu said, “It’s going to make detection more efficient.” Wu plans for his research findings to be directly utilized by cybersecurity analysts and to advance the art of malware analysis.

“Simply, in cybersecurity and especially malware detection, we are actually losing ground to the dark side because making new malware is so easy,” Wu said. “So we need more research like this to defend ourselves.”

Last Updated June 27, 2017