Detecting Malicious Software

Current malware detection methods based on system API calls do not fully use all the information available and are not as effective at differentiating between malicious and benign software as they could be.

The Connection Lab is working on a method to detect malware by modeling program behavior based on dynamic system API calls. A model that properly incorporates this additional API information when characterizing program behavior will be more effective not only against existing malware, but also new or unknown malware variants.