UCSB’s Computer Security Group has developed new security software that identifies and stops malware after a computer obtains a virus.
Unlike most anti-virus technology that recognizes malware through its make-up, LastLine runs programs on a “decoy” computer in order to track and analyze its behavior. If a system within the network of monitored computers connects to another system that is known to emit malware, LastLine detects and blocks the connection — rendering the malware ineffective.
UCSB computer science associate professor Christopher Kruegel, UCSB computer science professor Giovanni Vigna and French Institute Eurecom professor Engin Kirda developed the software with funding from the National Science Foundation and the Department of Defense. The researchers created LastLine Inc. in 2009 with the intention of selling protective technology that defends against malware and cyber crime.
Computer science graduate student Brett Stone-Gross assisted in the project’s original research and said he developed a system called Finding Rogue Networks.
“I developed a system called FIRE … that tracks where malicious content is hosted on the internet,” Stone-Gross said in an e-mail. “The underlying technology used by FIRE has formed the basis for some of LastLine’s products.”
Although the technology is only currently available for companies, Kruegel said an adaptation of the software for personal computers is underway and should be developed by next summer.
“The technology is developed … but there is effort involved when turning a research prototype into a commercial product,” Kruegel said. “We are quite far along in this process and we already have some test customers that have installed our product. It has not been launched on a broader scale, however.”
However, Vigna said the project is unique because research on campus is usually driven by novelty.
“The problem with university research is that we are driven by innovation,” Vigna said. “The moment it’s old, we move to the next thing. We don’t want to create ‘products’ here because it’s a waste of creative time, but if a product becomes useful, it’s great to create a company that can bring a useful tool to the outside world.”
While the software is largely based on research conducted by CSG, Vigna said the company acts independently of the university. CSG works with the Federal Bureau of Intelligence and Interpol to track underground criminal activity.
“We work for the company on our own time and are not paid by the research funding that goes to the university,” Kruegel said. “The funding we acquire at the university is … dedicated for carrying out research and is used for paying graduate students to come up with novel ideas.”
However, according to Kruegel, LastLine does pay licensing fees to UCSB to use any intellectual property developed on campus, including the research behind its software.