The Computer Security Group at UCSB works on tools and techniques for designing, building, and validating secure software systems. The group’s research focus is on intrusion detection and correlation, vulnerability analysis, malware detection and containment, and security of web-based applications.

Our research focuses on determining how malware can be analyzed, detected, and blocked. Malware is a very generic term that encompasses different types of malicious software components. Traditionally, malware was detected by using syntax-based signatures that attempt to detect a specific part of the representation of a malware instance. However, these techniques are not able to detect previously unseen malware components, and, most notably, polymorphic malware. Therefore, our research has focused on how to characterize malware using its behavior or structure, which are independent of the malware’s particular representation.

We developed a number of techniques that use emulation, simulation, and instrumentation to collect events associated with the execution of malware, and then analyze these events to identify malicious behavior.