Identification and characterization of malware behaviors

Identification and characterization of malware behaviors
Data analytics
Past Projects


Scalable real-time identification and characterization of malware behaviors using darknet data

Data cyberattacks present one of the most critical threats to the security of the nation’s critical infrastructures and the safety of our citizens. Adversaries frequently target intellectual properties and financial assets of U.S. corporations through cyberattacks. The rapidly increasing adoption of mobile and Internet-of-Things (IoT) devices and their global usage further expands the “attack surface” for nefarious actors. The quick identification of the origins and intents of cyberattacks is required to defend critical services and infrastructure.


Finding efficient methods for characterizing malware behaviors will increase the success of existing cybersecurity efforts employed by DHS such as advanced situational awareness and monitoring, related to fortifying and protecting critical infrastructures. This research will develop a scalable machine learning framework for categorizing malicious behaviors, such as network scanning and randomly-spoofed denial-of-service attacks, observed in a large network telescope (darknet).

The key objectives of the project include:

  • Develop and evaluate a framework for clustering network telescope data
  • Assess the usability and the functionality of the developed framework in characterizing malware behaviors with experienced cyber-infrastructure professionals testing and evaluating the effectiveness of the deployed techniques


This research seeks to distill meaningful information from unstructured, large-scale darknet data to discover macroscopic (i.e., internet-wide) malicious activities. The long term goal of the project is to support the cybersecurity mission of DHS through an improved characterization of malware families to enable security analysts to track new threats in a real-time manner.

Research Leadership Team

Principal Investigator: John Yen, Penn State University
Co-Principal Investigator: Michalis Kallitsis, Merit Network