01 Mar NovaShield will use grant to advance malware tech
Madison, Wis. – NovaShield, a Madison-based developer of anti-malware technology, will use a $500,000 National Science Foundation grant to tailor its product to detect and prevent sophisticated new security threats like botnets, keyloggers, and rootkits.
The Phase II small business innovation research grant will help the company, previously known as Securitas, commercialize a product that represents a departure from existing malware detection systems, and that product could hit the market by the end of 2008.
Dr. Somesh Jha, who co-founded NovaShield with colleague Praveen Sinha, president and CEO, said the company’s technology represents a third generation of anti-malware technologies and is more effective at blocking new threats created by a more sophisticated class of computer hackers.
Jha, who serves as chief scientist at NovaShield, is an associate professor of computer science at the University of Wisconsin-Madison, where he conducts research into computer security. His partners in NovaShield include Sinha and Drs. John Mitchell and Dan Boneh, professors of computer science at Stanford University. Mitchell is co-director of Stanford’s Computer Security lab.
Jha said the Internet has become a major source of infection for PC users, and these new malware threats can result in identity theft, computer crashes, and “drive-by-downloads.” Jha and his colleagues have developed a specification-based monitoring technology that works at the interface of malware programs and commercial operating systems.
Until now, research into PC security has concentrated on signature-based detection solutions that rely on detecting known malware – known malware that must attack a computer before that particular strain or threat can be added to a database of known signatures.
With the increasing sophistication of hackers, NovaShield’s founders view current technologies as slow to adapt, making it difficult to catch new threats and what Jha called “malware variants.” In response to this shift, the NovaShield monitoring tool leverages a tiered architecture and the company founders’ knowledge of algorithms for building specification-based software that targets harmful programs by discerning what they do.
It’s a more behavior-based than pattern-based attempt to keep up with the people who are creating malware. Jha indicated that specification-based technology is especially effective in detecting malware variants developed by a new generation of hackers.
“You can imagine that hackers are very good changing these malwares,” he said. “Think of these malwares as a document where you can change words around such that these patterns that signature-based detectors are looking for don’t appear as that [original document].”
The new forms of malware must interact with operating systems like Microsoft Windows, he said. For example, a keylogger has to install itself and record all the keystrokes, and the new technology monitors that interaction.
“We essentially look at that interface between the program and the operating system, and we detect at that level,” Jha said. “That is extremely hard for a malware to hide.”
In the fall of 2007, NovaShield raised $2.5 million in capital from individual Wisconsin investors. The money is being used for lab work, quality assurance, marketing and sales, and to pay the salaries of a nine-employee staff.
The new grant, a Phase II SBIR award, will be used for research and development of a new specification-based malware detection technology that specifically deals with emerging malware threats like botnets, keyloggers, and trojans.
The eventual software product will carry the company name, NovaShield. In all, the company has licensed four patent-pending technologies through the Wisconsin Alumni Research Foundation.
The recent grant complements $150,000 in Phase I SBIR funding awarded to NovaShield in January 2007 to develop the baseline, proof-of-concept technology for specification-based monitoring.
To launch the company in 2005, Sinha and Chief Scientific Officer Roger Chylla and investor John Thompson, president of Thompson Investment Management, provided $2.1 million in start-up capital. Sinha used his industry connections to build the core team, and Chylla’s role is to convert the technology into products and services.
Increasingly concerned with a new and more profit-driven form of cyber crime, the Federal Bureau of Investigation in 2005 began “Operation Bot Roast” to investigate hackers who commit crimes through computer robot networks called “botnets.” According to the FBI, more than 2.5 million computers have been hijacked in the past two years, resulting in over $20 million in losses.
A botnet generally refers to a collection of compromised computers called “zombie computers,” which run nefarious programs alternately called worms, Trojan horses, or backdoors. The programs are run under a common command and control infrastructure by the “bot herder,” or botnet originator, who can control the programs remotely.
Given such growing skills among computer criminals, the government is trying to accelerate the development of pre-emptive countermeasures. To be one of the few businesses to receive grant funding for the purpose of making malware detection more bullet proof demonstrates to Sinha that the company is onto something.
With the threat landscape is changing, Sinha said NovaShield is attempting to address hackers who are more adept at evading detection.
“In the industry, the computer security industry, newer threats have become more prevalent,” Sinha said. “We don’t hear about virus outbreaks. Hackers have moved from writing malware to annoy people to more of a profit-driven motive.”
• William Robinson: Tapping the value of entrepreneurial advisors
• UW computer scientists fighting computer virus “Cold War”
• Symantec: Cyber fraudsters look for low-hanging fruit
• Securitas aims to counter virus behavior
• Geoff Bastow: Web-centric entrepreneurs find models that attract investment
• Commerce qualifies seven for investor tax credits