Discovery, Research, and Experimental Analysis of Malware

The DREAM Lab is a research laboratory in UMBC’s Computer Science and Electrical Engineering department. We study machine learning and cyber security problems to combine them together, so that we can tackle the ever growing threat of malware. The amount of new malware (and often its sophistication) has been growing exponentially over time, while the supply of human analysts with the time to study and remediate these new malware is continuously limited. Therefore, we want to develop new techniques to automate or augment as much of the malware analysis process as possible via machine learning. This way we can hopefully reduce the human capital required to defend computer systems.

This intersection is particularly fun and interesting due to the wide breadth and depth of computer science skills involved. Malware is often exploiting low level details and flaws in software, often requiring knowledge in computer architecture, assembly, networking, and software design to understand. The machine learning tools we wish to apply in turn have their own breadth of mathematical foundations in linear algebra, calculus, and statistics. Finding all these skills in one person is rare, and so we enjoy an interdisciplinary lab working together on these research topics. This is especially true as many of the fundamental assumptions underlying modern deep learning and other machine learning methods are routinely violated to extreme degrees, necessitating new advancements in machine learning to create new capabilities in malware analysis. The lab is also home to UMBC’s cyber defense team, Cyber Dawgs.

PI Charles Nicholas Contact: nicholas@umbc.edu


Sep 25, 2021 Our paper “Searching for Selfie in TLS 1.3 with the Cryptographic Protocol Shapes Analyze” has been accepted to GuttmanFest2021!
Sep 20, 2021 Our abstract “Incremental Malware Detection and Classification Using Hidden Markov Models” has been selected for poster presentation at ICCWS!
Sep 17, 2021 Two papers, “Adversarial Transfer Attacks With Unknown Data and Class Overlap” and “A Framework for Cluster and Classifier Evaluation in the Absence of Reference Labels” accepted to AISec!
Jul 12, 2021 Our paper “COVID-19 Multidimensional Kaggle Literature Organization” has been accepted to DocEng-2021!
Apr 29, 2021 Our paper “Exact Acceleration of K-Means++ and K-Means║” has been accepted to IJCAI-2021!

selected publications

  1. An Alternative to NCD for Large Sequences, Lempel-Ziv Jaccard Distance
    In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - KDD ’17 2017
  2. Malware Detection by Eating a Whole EXE
    Raff, Edward, Barker, Jon, Sylvester, Jared, Brandon, Robert, Catanzaro, Bryan, and Nicholas, Charles
    In AAAI Workshop on Artificial Intelligence for Cyber Security 2018
  3. Ranking Retrieval Systems without Relevance Judgments
    Soboroff, Ian, Nicholas, Charles, and Cahan, Patrick
    In Proceedings of the 24th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval 2001