An anti-malware program developed by researchers at the University of Georgia is helping to keep campus computers safe, and it may also prove useful for other institutions that want to protect sensitive information from cybercriminals.
Roberto Perdisci, an assistant professor of computer science at UGA, and his students call their program AMICO, which means “friend” in Italian, a subtle reference to Perdisci’s Italian roots. AMICO works by automatically analyzing the origin of every executable file downloaded on the UGA computer network in real time to determine if it might be dangerous.
“AMICO is unique because it doesn’t actually look at the contents of the downloaded files,” Perdisci said. “Other malware programs scan files to see if they contain computer code that might be malicious, but our program looks at patterns associated with a file’s origin site and determines whether it is dangerous based on data we have collected about that site in the past.”
The AMICO software also automatically creates an anonymous tag for machines that download potentially harmful files, and it does not store any personal information about individual users.
“AMICO does not need to know who downloaded the file; it only knows if there is a potential threat to a computer on our network,” Perdisci said. “If a threat is detected, this information is passed to UGA’s Information Security team.”
The annual cost of cybercrime and economic espionage is more than $445 billion worldwide, according to estimates from the Center for Strategic and International Studies, a Washington-based think tank.
UGA’s Office of Information Security has used AMICO alongside other commercially available security programs for more than two years, and it has provided them with an extra layer of security for all users across campus.
“We have about 100,000 devices on our campus, and AMICO is able to catch problems that our other tools are missing,” said Christopher Workman, associate director of information security at UGA. “It’s been invaluable, and we absolutely love it.”
The AMICO project, which stands for Accurate Malware Identification by Classification of live network traffic Observations, has been funded by the National Science Foundation, and is the result of a long-standing collaboration between Perdisci and Kang Li, a professor of computer science at UGA. AMICO is completely open source, so large communities of programmers and security experts are able to comment on and improve the program through online collaborations.
Perdisci and Li also recently received funding from the U.S. Department of Homeland Security to transition the AMICO system to market and to further its adoption beyond UGA. To that effect, the UGA Research Foundation has filed a patent application on AMICO and desires to partner with companies toward the commercial exploitation of this important asset.
“Ultimately, we want to build a large community of developers and users that can improve what we’ve done so far to make our software ready to deploy to other institutions,” Perdisci said. “We’ve already seen tremendous success on UGA’s network, so I know there is value for AMICO outside of our local campus as well.”
Source: University of Georgia