Despite recent advances in malware defense, computer malwares (e.g., virus, worm, botnets, rootkit, spyware) continue to pose serious threats to all computers and networks. Besides being more damaging, modern malwares (e.g., blue pill, agobot) are becoming increasingly stealthy and evasive. This has made it increasingly difficult to protect our computer systems and networks from malwares and ensure the trustworthiness of our mission critical systems. Our natural immune systems are very effective in protecting our body from intrusions by (almost endless) variations of pathogens. Our immunities depend on the ability to distinguish our own cells (i.e., "self") from all others (i.e., "non-self"). Inspired by the self-nonself discrimination in the natural immune systems, this research explores a new direction in building artificial malware immunization and malware forensics capabilities based on "another sense of self", which is essentially a unique mark to be assigned to the programs to be protected. Based on such an actively assigned "another sense of self", the "immunized" program is able to detect application level malwares effectively and efficiently. In addition, the actively assigned "another sense of self" enables new malware forensics capabilities that were not possible before. Since the artificial malware immunization technique does not require any specific knowledge of the malwares, it has the potential to be effective against new and previously unknown malwares. The new artificial malware immunization techniques and tools to be developed could automatically make many applications (e.g., Web server) immune to many malwares and thus greatly improve the trustworthiness of computer systems.
CAREER: Malware Immunization and Forensics Based on Another Sense of Self