SpySpot

Discovery of next-generation targeted computer viruses using visualization and machine learning.

Most network intrusion detection systems are designed to discover malicious activity by looking at high level message properties such as message length and destination. But how do can we detect computer viruses that are specifically designed to for instance destroy a nuclear reactor, disable New York Times, or take down the German parliament? These highly complex viruses (also known as Advanced Persistent Threats), circumvent current anti-virus software by hiding their malicious activity in the content of the network messages. In SpySpot, we investigate how we can detect these viruses by taking this content into account by combining machine learning and visualization into one system. A demo of the system can also be found on YouTube.

Papers