Seminars & Colloquia

David Evans

Department of Computer Science, University of Virginia

"Disk-Level Behavioral Virus Detection"

Monday March 05, 2007 11:00 AM
Location: 3211, EB II NCSU Centennial Campus
(Visitor parking instructions)


Abstract: Current techniques for virus detection are doomed to forever play catch-up against increasingly sophisticated malware: they detect viruses as the level of the host OS, so can be circumvented by lower-level attacks; they rely on lists of known static signatures so no new viruses can be caught; and they attempt to detect viruses based on analyzing their code, which can easily be changed, rather than observing their behavior. Our work explores the possibility of taking advantage of the processing power now available on disk drives to overcome these problems. We use the disk processor to monitor disk requests and identify viruses based on properties of sequences of requests the viruses make. Disk-level behavioral virus detection offers several advantages over traditional approaches since the disk processor can perform computation without burdening the host processor, can observe all disk traffic with little overhead, and can manipulate and control disk accesses directly before they reach the physical medium. In this talk, I will present two instances of our approach: one uses a simple, generic infection signature to reliably detect parasitic file-infecting viruses with a low false positive rate; the other illustrates how our approach can be used to develop virus-specific signatures that recognize and thwart known viruses.

This talk describes joint work with Nate Paul, Adrienne Felt, and Sudhanva Gurumurthi.

Short Bio: David Evans is an Associate Professor at the University of Virginia and Director of the Arts & Sciences Major in Computer Science. He has SB, SM and PhD degrees in Computer Science from MIT. His other research interests include program analysis, exploiting properties of the physical world for security, and applications of cryptography.
For more information, see

Host: Peng Ning, Computer Science, NCSU

Media Files:
No media files available at this time

Video Presentation: Host is responsible for requesting video recording by filling out this Web form. For other technical issues, contact us at
No streaming video available at this time

Back to Seminar Listings
Back to Colloquia Home Page