Rethinking Malware Detection: Accuracy, Efficiency, and Scalability through Human-Machine Collaboration

A nation or a terrorist organization can cause catastrophic events or steal secrets by inserting just a few lines of malicious code in mission-critical software. Detecting such malware can be like searching for a needle in haystack without knowing what the needle looks like. Detecting malware in large software is a problem too big to solve by humans alone and too complex for machines to do accurately. With examples of Android malware, we will illustrate the problem by identifying sources of complexity, and then expose the hardness spectrum for different sources.

Detecting sophisticated malware requires exploring software to identify hot spots, gathering evidence to conceive plausible malware hypotheses, and analyzing software to prove or refute each hypothesis. The challenge is to design a human-machine collaboration system to conduct these activities with accuracy, efficiency, and scalability for analyzing large software. We will present the Atlas Platform and the Android Security Toolbox. The Atlas Platform significantly reduces the effort required to create automated software engineering tools, and to build human-machine collaboration systems for solving complex software problems. The Android Security Toolbox, built on the Atlas Platform, is designed to detect simplistic malware automatically, and sophisticated malware with human-machine collaboration. The Atlas Platform’s powerful software search and visualization engines are also useful for program comprehension – a rapidly growing use among students. First released in 2013, academic licenses of Atlas have been issued to students from 174 institutions in 26 countries.