The battle against computer viruses is nothing less than an arms race, according to UT Dallas computer scientist Kevin Hamlen, but he may have hit on a decisive advantage: What if you could identify the enemy not just by analyzing its appearance but by anticipating its actions?

That’s the idea behind a five-year, $500,000 project funded by a Faculty Early Career Development Award from the National Science Foundation.

Results from the research will lead to powerful new strategies, concepts and practical tools that give defenders a significant new advantage in the virus-antivirus arms race,” he said.

That doesn’t mean tossing out current virus-detection technology. Hamlen’s approach will still include analyzing a suspected virus’s appearance – the syntax of its computer code – for telltale signs of malevolence.

The second part of the equation – anticipating the future – may seem like a tall order, but his idea is to deploy algorithms that watch the suspicious code as it begins to run, and disrupt it in the microseconds between evidence of impending harm and the actual harm itself.

The scale of the malware problem demands such innovative tactics, he said.

“The escalating rate of new malware threatens to outpace our ability to maintain effective detection systems,” he said. “This is in part because today’s polymorphic malware continually evolves new syntaxes as it propagates, introducing hundreds or thousands of new syntaxes per day that implement the same malicious behavior.”

Hamlen believes his results could ultimately improve the resilience of the nation’s cyber infrastructure. Although individual viruses don’t always constitute an existential threat, they are often used to compromise numerous low-priority targets in an attempt to open up high-priority targets.

NSF Career awards are part of a highly selective program for junior faculty members who are considered likely to become leaders in their field. This is the sixth Career award received by UT Dallas engineering and computer science faculty in the past three years.

“The Career program is an excellent barometer of the potential of young faculty to become top researchers, and we are particularly pleased to have had a second recent recipient in the important area of cybersecurity,” said Dr. Mark W. Spong, dean of the University’s Erik Jonsson School of Engineering and Computer Science and holder of the Lars Magnus Ericsson Chair in Electrical Engineering.

Hamlen’s award arose from next-generation malware research that he has been conducting with fellow UT Dallas computer scientist Latifur Khan for the Air Force Office of Scientific Research. Their colleague Dr. Murat Kantarcioglu received a Career award in 2009 to develop privacy-preserving technologies that could open the door to the widespread use of e-health and e-government applications.

“The University’s Cyber Security Research Center was established in 2004, and our researchers already have received two NSF Career awards, an Air Force Young Investigator Program award, a Department of Defense Multidisciplinary University Research Initiative program grant and several other grants from NSF, the Air Force Office of Scientific Research, the Intelligence Advanced Research Projects Activity, the National Geospatial-Intelligence Agency, NASA and the Office of Naval Research,” said Dr. Bhavani Thuraisingham, director of the center. “We are becoming recognized leaders in malware technology, assured cloud-based information sharing, and data security and privacy.”