NATIONAL SCIENCE FOUNDATION Award 1638219 to Faloutsos, Michail: TWC: Medium: Collaborative: Know Thy Enemy: Data Mining Meets Networks for Understanding Web-Based Malware Dissemination

Michail Faloutsos
Professor
Computer Science & Engineering
michalisf@ucr.edu
(951) 827-5639

UCR Grants Archive

TWC: Medium: Collaborative: Know Thy Enemy: Data Mining Meets Networks for Understanding Web-Based Malware Dissemination

AWARD NUMBER

008249-002

FUND NUMBER

33257

STATUS

Closed

AWARD TYPE

3-Grant

AWARD EXECUTION DATE

6/14/2016

BEGIN DATE

1/28/2016

END DATE

8/31/2017

AWARD AMOUNT

$52,266

Sponsor Information

SPONSOR AWARD NUMBER

1638219

SPONSOR

NATIONAL SCIENCE FOUNDATION

SPONSOR TYPE

Federal

FUNCTION

Organized Research

PROGRAM NAME

Proposal Information

PROPOSAL NUMBER

16050621

PROPOSAL TYPE

New

ACTIVITY TYPE

Basic Research

PI Information

Faloutsos, Michail

PI TITLE

Other

PI DEPTARTMENT

Computer Science & Engineering

PI COLLEGE/SCHOOL

Bourns College of Engineering

CO PIs

Project Information

ABSTRACT

How does web-based malware spread? We use the term web-based malware to describe malware that is distributed through websites, and malicious posts in social networks. We are in an arms race against web-based malware distributors; and as in any war, knowledge is power. The more we know about them, the better we can defend ourselves. Our goal is to understand the dissemination of web-based malware by creating "MalScope", a suite of methods and tools that uses cutting-edge approaches to build spatiotemporal models, generators and sampling techniques for malware dissemination. From a scientific point of view, this project brings together two disciplines: Data Mining and Network Security. The outcome is a suite of novel, sophisticated, and scalable techniques and models that will enhance our understanding of malware dissemination at a large scale. We use two types of web-based malware dissemination data: (1) user machines accessing dangerous sites and downloading web-based malware; and (2) Facebook users being exposed to malicious posts. We already have and will continue to obtain more data from our industry partners (e.g. Symantec's WINE project), open-access projects, or collect on our own (e.g MyPageKeeper).

The broader impact of our work is that it will enable the development of security solutions for end-users and industry. A 15-minute network outage costs a 200-employee company about $40K, while identity theft costs about $1,500 per person on average. By knowing the enemy better, security researchers and industry can more effectively stop the interconnected manifestations of Internet threats: identity theft, the creation of botnets, and DoS attacks. The PIs have a track record of technology transfer, with collaborators at industrial labs (Yahoo, MSR, Symantec, AT&T, IBM), national labs (LLNL, Sandia), open-source software ("Pegasus"), and spin-off startups (StopTheHacker). Educational impacts include developing a new course, providing publicly available educational material, and open-source software.

(Abstract from NSF)