CSC News

February 03, 2009

Jiang Receives $600K in NSF Awards to Fund Internet Security Research

Dr. Xuxian Jiang, assistant professor of computer science at NC State University, has received two awards from the National Science Foundation (NSF) totaling $602,595.

The first award of $400,000 was received for his proposal titled, “Understanding Botnet C&C Communication Protocols.”  The award runs August 28, 2008 to August 31, 2011.

Abstract - Botnets are recognized as one of the most serious threats to today’s Internet.  To combat them, one key step is to effectively understand how the botnet members communicate with each other.  Unfortunately, the trend of adopting various obfuscation schemes (e.g., encryption) in recent bots greatly impedes our understanding.  The main thrust of this research is the investigation of several interrelated key techniques to overcome the above challenges and significantly enrich the understanding of botnet command and control.

The second award of $202,595 was received for his proposal titled, “Enabling Detection of Elusive Malware by Going Out of the Box with SEmantically Reconstructed View (OBSERV.)”  The award runs August 13, 2008 to July 31, 2010.

Abstract - There is an alarming trend that elusive malware is armed with techniques that detect, evade, and subvert malware detection facilities of the victim.  On the defensive side, a fundamental limitation of traditional host-based anti-malware systems is that they run inside the very hosts they are protecting, making them vulnerable to malware’s counter-detection and subversion.  To address this limitation, solutions using virtual machine (VM) technologies advocate placing the malware detection facility outside of the protected VM.  However, a dilemma exists between these two approaches:  The “out of the box” approach gains tamper resistance at the cost of losing the native, semantic view of the host enjoyed by the “in the box” approach.  To resolve the above dilemma, a new approach called OBSERV (“Out of the Box with SEmantically Reconstructed View”) is introduced to achieve the advantages of both camps by reconstructing the semantic internal view of a VM from external, low-level observations.  OBSERV enables two exciting malware defense opportunities:  (1) malware detection by view comparison and (2) real-time detection and stoppage of kernel-level rootkits.  The broader impact of this research is two-fold:  (1) it will enhance the trustworthiness and effectiveness of widely deployed anti-malware systems.  Moreover, OBSERV is expected to be viewed favorably by the anti-virus software industry because of its support for existing off-the-shelf anti-virus software.  (2) Results from this research will lead to the development of education materials for undergraduate and graduate courses and for professional training sessions.

For more information on Dr. Jiang, click here.


Return To News Homepage