Description :  The goal of this project is to develop a set of control theoretical techniques to profile, model, and control malicious executables. By treating the structural profile of malicious code as a generator of a formal language, we can present methods to develop the recognizer of this language as a controller to control the spread of a malicious executable, such as a computer virus. The goal is to make a virus ineffectual. By modeling the interactions between a malicious executable and a computer operating system as a deterministic finite state automaton (FAS), we can develop supervisors that restrict the language of the OS to correct deviations, and stop malicious actions of the software. In addition, we can create methods to estimate the state transition probabilities that correspond to transitions from one state to another state in the FSA models. The methods would incorporate experts’ opinion and historical data to arrive at transition probabilities. We demonstrate the feasibility of this supervisory control concept on process execution under various operating systems. From the perspectives of fundamental research, this work introduces the concept of discrete-event supervisory control theory to control malicious software programs, such as viruses. From the application perspectives, it provides a new approach to control malicious software. The theoretical foundation and the approach presented here are applicable to a wide class of malicious executables. The controller can be designed as a separate program or as a background process to run on individual machines to monitor other processes.

---

Principal Investigator:  Phoha, Vir  --  Computer Science

---

Collaborators:  

---

Funding Agencies:  Board of Regents

---

Amount Awarded:  $59,392

---

Start Period:  06/01/2003

End Period:  06/30/2005