My current research focuses on network security, with an emphasis on malware defense. Many of my recent publications are about detecting botnets. Botnets are networks of compromised machines (a.k.a. bots or zombie machines) that are remotely controllable by an adversary, and provide the infrastructure through which most cyber-crimes are perpetrated. In addition to botnets, today's Internet is threatened by the large-scale propagation of many other types of malicious software (a.k.a. malware). Malware developers use increasingly sophisticated techniques to propagate their infection vectors and hide them from traditional anti-virus technologies. Unfortunately, their success is demonstrated by the fact that today's Internet hosts millions of malware-compromised machines. My research aims to design new security systems that can help network and system administrators to rapidly identify malware-compromised machines in large and complex networks and to prevent future infections.

In my research, I often combine networking, systems, and security concepts with pattern recognition, data mining, and machine learning techniques to model many different aspects of malware behavior. My main goal is to automatically derive robust malware detection models that can identify malware-compromised machines within both local and global networks. Some of the detection systems resulting from my recent research have been integrated in commercial products distributed by Damballa Inc. (www.damballa.com), a spin-off of Georgia Tech that specializes in botnet detection, to protect large enterprise networks and Internet service providers.

Funding

• Chris Neasbitt, PhD
• Babak Rahbarinia, PhD
• Phani Vadrevu, MS
• Kevin Warrick, PhD (with Prof. Kang Li)
• ManChon U "Kevin", PhD (with Prof. Khaled Rasheed)

• Brett Meyer, MS (co-advised with Prof. Kang Li) (now at Intel-McAfee)